admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-14T02:00:25.134907+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-14 02:00:29 +00:00
parent 5028e079df
commit a132388c9a
21 changed files with 1476 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CVE-2012/CVE-2012-20xx/CVE-2012-2098.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2012-2098",
"sourceIdentifier": "secalert@redhat.com",
"published": "2012-06-29T19:55:03.530",
"lastModified": "2021-08-12T21:30:26.803",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-14T00:15:07.623",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -121,6 +121,13 @@
"Third Party Advisory"
]
},
{
"url": "http://osvdb.org/82161",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html",
"source": "secalert@redhat.com",
@ -128,6 +135,20 @@
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/49255",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/49286",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
"source": "secalert@redhat.com",
@ -135,6 +156,10 @@
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/13/3",
"source": "secalert@redhat.com"
},
{
"url": "http://www.securityfocus.com/bid/53676",
"source": "secalert@redhat.com",

69
CVE-2023/CVE-2023-20xx/CVE-2023-2071.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2071",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2023-09-12T14:15:09.663",
"lastModified": "2023-09-12T14:47:07.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T00:45:17.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
@ -46,10 +76,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:machine:*:*:*",
"versionEndIncluding": "13.0",
"matchCriteriaId": "D10953CE-C43E-4F1E-B9E7-48CDE0D7DA05"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:panelview_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96B37F97-FE57-4437-8D5D-64561CAD1BE9"
}
]
}
]
}
],
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140724",
"source": "PSIRT@rockwellautomation.com"
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-312xx/CVE-2023-31284.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31284",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T20:15:10.717",
"lastModified": "2023-05-10T20:12:56.737",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-14T00:15:08.960",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -65,6 +65,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/13/4",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/illumos/illumos-gate/tree/16b76d3cb933ff92018a2a75594449010192eacb",
"source": "cve@mitre.org",

79
CVE-2023/CVE-2023-356xx/CVE-2023-35664.json
View File

@ -2,23 +2,92 @@
"id": "CVE-2023-35664",
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:41.727",
"lastModified": "2023-09-12T11:52:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T01:52:27.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/NeuralNetworks/+/47299fd978258e67a8eebc361cb7a4dd2936205e",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-09-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-356xx/CVE-2023-35666.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-35666",
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:41.847",
"lastModified": "2023-09-12T11:52:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T01:51:25.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b7ea57f620436c83a9766f928437ddadaa232e3a",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-09-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-356xx/CVE-2023-35667.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-35667",
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:41.903",
"lastModified": "2023-09-12T11:52:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T01:46:29.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/d8355ac47e068ad20c6a7b1602e72f0585ec0085",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-09-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-356xx/CVE-2023-35669.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-35669",
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:41.960",
"lastModified": "2023-09-12T11:52:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T01:44:54.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-09-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-356xx/CVE-2023-35670.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-35670",
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:42.020",
"lastModified": "2023-09-12T11:52:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T01:41:38.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/db3c69afcb0a45c8aa2f333fcde36217889899fe",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-09-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-356xx/CVE-2023-35671.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-35671",
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:42.080",
"lastModified": "2023-09-12T11:52:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T01:31:36.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/apps/Nfc/+/745632835f3d97513a9c2a96e56e1dc06c4e4176",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-09-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-356xx/CVE-2023-35673.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-35673",
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:42.137",
"lastModified": "2023-09-12T11:52:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T01:30:16.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8770c07c102c7fdc74626dc717acc8f6dd1c92cc",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-09-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-356xx/CVE-2023-35674.json
View File

@ -2,23 +2,100 @@
"id": "CVE-2023-35674",
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:42.193",
"lastModified": "2023-09-12T11:52:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T01:28:46.143",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-09-13",
"cisaActionDue": "2023-10-04",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Android Framework Privilege Escalation Vulnerability",
"descriptions": [
{
"lang": "en",
"value": "In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/7428962d3b064ce1122809d87af65099d1129c9e",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-09-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

96
CVE-2023/CVE-2023-368xx/CVE-2023-36805.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36805",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-09-12T17:15:16.233",
"lastModified": "2023-09-12T19:38:09.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T00:30:46.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,10 +34,100 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20162",
"matchCriteriaId": "D70917B5-47DB-4E61-A0CB-E336BD322A63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6252",
"matchCriteriaId": "AE629A99-48EA-4736-A2AF-BE8AE3C84CB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4851",
"matchCriteriaId": "405C3661-5BC3-4EFC-9FF0-4C05D6F42A04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3448",
"matchCriteriaId": "098480E4-3DF9-4AE1-AD98-5A24C7D135FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3448",
"matchCriteriaId": "36C0F053-7225-4428-A7D5-7FE2E5036E79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2416",
"matchCriteriaId": "42BAE974-E011-42BC-BE68-E394DFF2F92D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.2275",
"matchCriteriaId": "E1128C36-7004-461A-AF79-A530709E8B45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36805",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-368xx/CVE-2023-36886.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36886",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-09-12T17:15:16.397",
"lastModified": "2023-09-12T19:38:09.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T00:47:57.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
@ -34,10 +54,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*",
"versionStartIncluding": "9.0",
"versionEndExcluding": "9.0.49.04",
"matchCriteriaId": "D82EE042-2FBD-4B57-B159-053DC80E726C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*",
"versionStartIncluding": "9.1",
"versionEndExcluding": "9.1.21.05",
"matchCriteriaId": "69ACF461-9B62-46A5-AFEC-FFF2F87CF716"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36886",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-391xx/CVE-2023-39150.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-39150",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-12T13:15:07.897",
"lastModified": "2023-09-12T14:47:07.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T00:45:57.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:conemu_project:conemu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "230724",
"matchCriteriaId": "F03DAE54-3D7C-4F9D-B47A-9B2C73B6C90E"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/dgl/081cf503dc635df39d844e058a6d4c88",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/Maximus5/ConEmu/commit/60683a186628ffaa7689fcb64b3c38ced69287c1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

205
CVE-2023/CVE-2023-402xx/CVE-2023-40218.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40218",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-12T15:15:23.767",
"lastModified": "2023-09-12T19:38:09.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T00:45:00.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +54,189 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_9820_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E582F31-BCC1-4276-BC34-A38EDCC4BB01"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8C35DE-1C58-4C6E-BB15-0E3C2FECB8DA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63C0D9AC-BD23-48C9-83E7-301DEC06E583"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A72ADEBB-ED72-4A5B-BB27-95EDE43F8116"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C"
}
]
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-407xx/CVE-2023-40784.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-40784",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-12T15:15:24.170",
"lastModified": "2023-09-12T19:38:09.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T00:44:12.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dedecms:dedecms:5.7.102:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB71658-A983-4698-81BD-28948E895672"
}
]
}
]
}
],
"references": [
{
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2023-40784",
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.cnblogs.com/SFYHAC/articles/17619123.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

70
CVE-2023/CVE-2023-408xx/CVE-2023-40834.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-40834",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-12T14:15:58.353",
"lastModified": "2023-09-12T14:47:07.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T00:45:48.203",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenCart v4.0.2.2 is vulnerable to Brute Force Attack."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencart:opencart:4.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37BCD6AF-B8F6-4626-86EC-4F589C7F4409"
}
]
}
]
}
],
"references": [
{
"url": "https://packetstormsecurity.com/files/174525/OpenCart-CMS-4.0.2.2-Brute-Force.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.opencart.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-48xx/CVE-2023-4890.json
View File

@ -1,9 +1,9 @@
{
"id": "CVE-2023-4890",
"sourceIdentifier": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-12T02:15:13.773",
"lastModified": "2023-09-12T11:52:00.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T00:46:23.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
@ -46,18 +66,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:designchemical:jquery_accordion_menu_widget:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.2",
"matchCriteriaId": "AA2CDBD1-6337-42F1-85BB-CF4324627243"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/jquery-vertical-accordion-menu/tags/3.1.2/dcwp_jquery_accordion.php#L112",
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/jquery-vertical-accordion-menu/tags/3.1.2/dcwp_jquery_accordion.php#L94",
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0cf3015-cdc9-4ac9-82f3-e9b4d1203e22?source=cve",
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-49xx/CVE-2023-4913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4913",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-12T15:15:24.447",
"lastModified": "2023-09-12T19:38:09.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T00:44:04.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cecil:cecil:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.27.3",
"versionEndExcluding": "7.47.1",
"matchCriteriaId": "D81CDA31-9624-412B-9269-EE19CCDB1FB8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/cecilapp/cecil/commit/00dc79f10ce723034b7140d79f4ac731d1d902eb",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/d2a9ec4d-1b4b-470b-87da-ec069f5925ae",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit"
]
}
]
}

66
CVE-2023/CVE-2023-49xx/CVE-2023-4914.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4914",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-12T15:15:24.717",
"lastModified": "2023-09-12T19:38:09.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-14T00:43:57.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -36,8 +58,18 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +78,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cecil:cecil:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.47.1",
"matchCriteriaId": "65701C86-4518-447B-A220-8CEEB416C872"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/cecilapp/cecil/commit/00dc79f10ce723034b7140d79f4ac731d1d902eb",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/cdd995b2-c983-428b-a73a-827b61b7c06b",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit"
]
}
]
}

38
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-13T23:55:25.093255+00:00
2023-09-14T02:00:25.134907+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-13T23:15:08.283000+00:00
2023-09-14T01:52:27.907000+00:00
```
### Last Data Feed Release
@ -23,7 +23,7 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-09-13T00:00:13.539135+00:00
2023-09-14T00:00:13.554379+00:00
```
### Total Number of included CVEs
@ -34,22 +34,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `0`
* [CVE-2023-40617](CVE-2023/CVE-2023-406xx/CVE-2023-40617.json) (`2023-09-13T22:15:07.733`)
* [CVE-2023-41152](CVE-2023/CVE-2023-411xx/CVE-2023-41152.json) (`2023-09-13T22:15:08.490`)
* [CVE-2023-41154](CVE-2023/CVE-2023-411xx/CVE-2023-41154.json) (`2023-09-13T22:15:08.623`)
* [CVE-2023-41155](CVE-2023/CVE-2023-411xx/CVE-2023-41155.json) (`2023-09-13T22:15:08.747`)
* [CVE-2023-41158](CVE-2023/CVE-2023-411xx/CVE-2023-41158.json) (`2023-09-13T22:15:08.887`)
* [CVE-2023-41162](CVE-2023/CVE-2023-411xx/CVE-2023-41162.json) (`2023-09-13T22:15:09.017`)
* [CVE-2023-23840](CVE-2023/CVE-2023-238xx/CVE-2023-23840.json) (`2023-09-13T23:15:07.820`)
* [CVE-2023-23845](CVE-2023/CVE-2023-238xx/CVE-2023-23845.json) (`2023-09-13T23:15:08.283`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `20`
* [CVE-2012-2098](CVE-2012/CVE-2012-20xx/CVE-2012-2098.json) (`2023-09-14T00:15:07.623`)
* [CVE-2023-31284](CVE-2023/CVE-2023-312xx/CVE-2023-31284.json) (`2023-09-14T00:15:08.960`)
* [CVE-2023-36805](CVE-2023/CVE-2023-368xx/CVE-2023-36805.json) (`2023-09-14T00:30:46.650`)
* [CVE-2023-4914](CVE-2023/CVE-2023-49xx/CVE-2023-4914.json) (`2023-09-14T00:43:57.353`)
* [CVE-2023-4913](CVE-2023/CVE-2023-49xx/CVE-2023-4913.json) (`2023-09-14T00:44:04.400`)
* [CVE-2023-40784](CVE-2023/CVE-2023-407xx/CVE-2023-40784.json) (`2023-09-14T00:44:12.470`)
* [CVE-2023-40218](CVE-2023/CVE-2023-402xx/CVE-2023-40218.json) (`2023-09-14T00:45:00.417`)
* [CVE-2023-2071](CVE-2023/CVE-2023-20xx/CVE-2023-2071.json) (`2023-09-14T00:45:17.207`)
* [CVE-2023-40834](CVE-2023/CVE-2023-408xx/CVE-2023-40834.json) (`2023-09-14T00:45:48.203`)
* [CVE-2023-39150](CVE-2023/CVE-2023-391xx/CVE-2023-39150.json) (`2023-09-14T00:45:57.777`)
* [CVE-2023-4890](CVE-2023/CVE-2023-48xx/CVE-2023-4890.json) (`2023-09-14T00:46:23.910`)
* [CVE-2023-36886](CVE-2023/CVE-2023-368xx/CVE-2023-36886.json) (`2023-09-14T00:47:57.027`)
* [CVE-2023-35674](CVE-2023/CVE-2023-356xx/CVE-2023-35674.json) (`2023-09-14T01:28:46.143`)
* [CVE-2023-35673](CVE-2023/CVE-2023-356xx/CVE-2023-35673.json) (`2023-09-14T01:30:16.627`)
* [CVE-2023-35671](CVE-2023/CVE-2023-356xx/CVE-2023-35671.json) (`2023-09-14T01:31:36.297`)
* [CVE-2023-35670](CVE-2023/CVE-2023-356xx/CVE-2023-35670.json) (`2023-09-14T01:41:38.713`)
* [CVE-2023-35669](CVE-2023/CVE-2023-356xx/CVE-2023-35669.json) (`2023-09-14T01:44:54.843`)
* [CVE-2023-35667](CVE-2023/CVE-2023-356xx/CVE-2023-35667.json) (`2023-09-14T01:46:29.760`)
* [CVE-2023-35666](CVE-2023/CVE-2023-356xx/CVE-2023-35666.json) (`2023-09-14T01:51:25.017`)
* [CVE-2023-35664](CVE-2023/CVE-2023-356xx/CVE-2023-35664.json) (`2023-09-14T01:52:27.907`)
## Download and Usage