admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-21T18:00:38.765995+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-21 18:00:42 +00:00
parent 093f7aa010
commit a39adc01eb
78 changed files with 13144 additions and 311 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
CVE-2020/CVE-2020-288xx/CVE-2020-28840.json
View File

@ -2,31 +2,99 @@
"id": "CVE-2020-28840",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.103",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:17:16.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matthiaswandel:jhead:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.04",
"matchCriteriaId": "E3DC2CCE-58F1-405D-B9B1-AAA8C70C88E9"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900820",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-xh27-xwgj-gqw2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/Matthias-Wandel/jhead/commit/4827ed31c226dc5ed93603bd649e0e387a1778da",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Matthias-Wandel/jhead/issues/8",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

64
CVE-2021/CVE-2021-290xx/CVE-2021-29057.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2021-29057",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.813",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:39:13.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thoughtworks:node-worker-threads-pool:1.4.3:*:*:*:*:node.js:*:*",
"matchCriteriaId": "947E2D8D-B83E-4069-BB79-493156230791"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/SUCHMOKUO/node-worker-threads-pool/issues/20",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

15
CVE-2022/CVE-2022-43xx/CVE-2022-4367.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2022-4367",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-21T17:15:46.307",
"lastModified": "2023-08-21T17:15:46.307",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** Duplicate, use CVE-2023-4279 instead."
}
],
"metrics": {},
"references": []
}

58
CVE-2022/CVE-2022-49xx/CVE-2022-4953.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2022-4953",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-14T20:15:10.193",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:44:04.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,14 +46,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.5.5",
"matchCriteriaId": "675854B7-A3C5-4A34-879B-B7E3C294F35C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/elementor/elementor/commit/292fc49e0f979bd52d838f0326d1faaebfa59f5e",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Patch"
]
},
{
"url": "https://wpscan.com/vulnerability/8273357e-f9e1-44bc-8082-8faab838eda7",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-08xx/CVE-2023-0872.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0872",
"sourceIdentifier": "security@opennms.com",
"published": "2023-08-14T18:15:10.730",
"lastModified": "2023-08-14T18:59:33.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:12:20.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
},
{
"source": "security@opennms.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@opennms.com",
"type": "Secondary",
@ -46,14 +76,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennms:horizon:*:*:*:*:*:*:*:*",
"versionStartIncluding": "31.0.8",
"versionEndExcluding": "32.0.2",
"matchCriteriaId": "62C4B0BB-21CA-40FC-8A39-26B86AA35FD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennms:meridian:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2020.0.0",
"versionEndIncluding": "2020.1.37",
"matchCriteriaId": "8437D5CA-17AA-4711-8E3D-DFB237B617AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennms:meridian:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2021.0.0",
"versionEndIncluding": "2021.1.29",
"matchCriteriaId": "19DD5F20-8B2D-4559-AB47-DB4E3CC13DD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennms:meridian:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.0.0",
"versionEndIncluding": "2022.1.18",
"matchCriteriaId": "B33DB38B-B66B-4C3F-B4BE-BA2407E99DEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennms:meridian:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.0.0",
"versionEndIncluding": "2023.1.5",
"matchCriteriaId": "518ACF5B-D2BB-4014-85C5-6F741041370C"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.opennms.com/horizon/32/releasenotes/changelog.html",
"source": "security@opennms.com"
"source": "security@opennms.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/OpenNMS/opennms/pull/6354",
"source": "security@opennms.com"
"source": "security@opennms.com",
"tags": [
"Patch"
]
}
]
}

3744
CVE-2023/CVE-2023-205xx/CVE-2023-20555.json
View File

File diff suppressed because it is too large Load Diff

4082
CVE-2023/CVE-2023-205xx/CVE-2023-20569.json
View File

File diff suppressed because it is too large Load Diff

63
CVE-2023/CVE-2023-205xx/CVE-2023-20586.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-20586",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.593",
"lastModified": "2023-08-08T18:33:14.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:25:49.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nA potential vulnerability was reported in Radeon\u2122 Software Crimson ReLive Edition which may allow escalation of privilege. Radeon\u2122 Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amd:radeon_software:-:*:*:*:crimson_relive:*:*:*",
"matchCriteriaId": "1B9B57CB-1D5E-4FE9-B03D-315A9B54650A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6007",
"source": "psirt@amd.com"
"source": "psirt@amd.com",
"tags": [
"Vendor Advisory"
]
}
]
}

905
CVE-2023/CVE-2023-205xx/CVE-2023-20588.json
View File

@ -2,23 +2,918 @@
"id": "CVE-2023-20588",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.653",
"lastModified": "2023-08-19T18:15:22.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:24:22.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u00a0\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-369"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7351p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB895BB-AEA5-4A4E-A9DE-EAD48656187D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB78361-9AAD-44BD-8B30-65715FEA4C06"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7401p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23D64F03-2F90-490B-844B-5F0F08B49294"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E41A87-7A39-4BB2-88E4-16DF0D81BFD2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7551p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED76988B-0245-4C25-876C-CACC57B04B8D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01BE5D42-1C62-4381-89E0-8F3264F696EC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7251_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B92B63F-3C30-4C00-9734-37CCA865FED9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*",
"matchCriteriaId": "565383C4-F690-4E3B-8A6A-B7D4ACCFAA05"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7261_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49CEC694-DF98-47C7-8C7B-0A26EDC413BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71ED05E6-8E69-41B9-9A36-CCE2D59A2603"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7281_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4847AB9-1A77-46BD-9236-FE8FFC4670B5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*",
"matchCriteriaId": "805B4FEA-CFB2-429C-818B-9277B6D546C3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7301_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE35B376-F439-428B-A299-CBEEE0BEFF3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F65FC5B9-0803-4D7F-8EF6-7B6681418596"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7351_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "014AE81A-ACEE-4E0A-A3FF-412DF86AE00C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5FC951-9FAD-45B4-B7CF-D1A9482507F5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7371_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB8E11E-5816-4ABB-849F-E10C1CFB39ED"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7576CB-A818-47A1-9A0D-6B8FD105FF08"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7401_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F08A2432-6FCE-4579-89FE-EB0348F1BE8B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C05F1EF0-3576-4D47-8704-36E9FAB1D432"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7451_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C952A84-3DA2-448F-85AC-573C270C312D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51C8CF00-8FC8-4206-9028-6F104699DE76"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7501_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B0CC20-FF43-4341-90BE-FA365CC4E53B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8BAB73-6F45-49AB-8F00-49A488006F3E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7551_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE69C69-9D13-4DF9-A5F2-69435598CA8B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAB403A-5A36-4DC3-A187-99127CF77BA7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7571_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99013A91-F504-4EB4-8904-7E551573AF49"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7571:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF0651-A320-40D1-986F-D2790488929E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:epyc_7601_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8480358-5313-4308-90F7-F93D9B11C66C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*",
"matchCriteriaId": "168076CD-1E6D-4328-AB59-4C1A90735AC4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D403DB4C-6053-41D1-9A69-6B2BEB3ACD40"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_pro_3400g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43C5E75B-136B-4A60-9C2C-84D9C78C0453"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC21C1E-D4E7-424F-A284-BBE94194B43C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_3400g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3EDC73-2517-4EBF-B160-85266304D866"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE15998-C424-4A1A-81DB-C4E15B0DF7B8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_pro_3400ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C6A9017-FE60-4087-AA9D-AFB4E444E884"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40933267-3CEF-417E-BE95-37B562F37E78"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_pro_3350g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D242085-9B1A-4125-8070-50505531EECE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9724784-3A56-4175-9829-796CF687CA09"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_5_pro_3350ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "055F87B8-FD74-44CC-A063-84E0BA2E8136"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CF4C3B-337D-44ED-8544-A3D55AB1E62E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_3_pro_3200g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C61CD3C7-E080-4C11-81BC-8D2A5D4F140C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFFAD03-CEE3-4C35-B6D2-627004A22934"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_3_3200g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "926812AD-94F0-4CB8-9890-EAB11FDC1804"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BB6B36-892D-434B-B590-6BEAFD4037BC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_3_3200ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9E5D46-DB87-4420-9AC6-2ABCB0119E01"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF105508-6252-4101-92B5-ECA9022D4720"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:ryzen_3_pro_3200ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE83C48-571F-4BD6-ABE3-2B14ED510D13"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52DFA8C8-AD16-45B1-934F-AEE78C51DDAC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:athlon_pro_300ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F521757-7ABC-4CEB-AD06-2FD738216E8E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9832717E-8322-4548-B6C7-DE662D2B05AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:athlon_gold_3150ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11D12DB6-A9E9-4BEA-BC80-D6672A3383CD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D689C088-F1F1-4368-B6AE-75D3F9582FB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:athlon_gold_pro_3150ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E09DC414-96EE-478E-847C-7ACB5915659B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:athlon_gold_3150g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD375C2E-B976-4DAE-BF89-EFED1482DB28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:athlon_gold_3150g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE68ECE-5298-4BC1-AC24-5CF613389CDC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "420E8314-35B8-4A12-AD42-3914EBA51D4D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:athlon_gold_pro_3150g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0FB0AF-E942-4257-A9F2-8077A753A169"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:athlon_silver_3050ge_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F48D3D-C024-45F8-A299-322FB62EF6F4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:athlon_silver_3050ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0332AB-3568-4AF7-9738-3CF2923C6DDA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:amd:athlon_silver_pro_3125ge_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7122B9-4664-492C-8440-CE0C0AADAD4C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:athlon_silver_pro_3125ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "368AD9F8-E7E3-4316-9671-7305FDD3D285"
}
]
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007",
"source": "psirt@amd.com"
"source": "psirt@amd.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5480",
"source": "psirt@amd.com"
"source": "psirt@amd.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-212xx/CVE-2023-21274.json
View File

@ -2,23 +2,92 @@
"id": "CVE-2023-21274",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:12.823",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:42:55.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/NeuralNetworks/+/2bffd7f5e66dd0cf7e5668fb65c4f2b2e9f87cf7",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-212xx/CVE-2023-21275.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-21275",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:12.897",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:42:30.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/8277a2a946e617a7ea65056e4cedeb1fecf3a5f5",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-212xx/CVE-2023-21276.json
View File

@ -2,23 +2,92 @@
"id": "CVE-2023-21276",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:12.967",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:42:15.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/1272eec833fb49c30a4d8bdc432765e7c4413b3f",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-212xx/CVE-2023-21277.json
View File

@ -2,23 +2,92 @@
"id": "CVE-2023-21277",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.023",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:42:02.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/9b58aee2a4528c60b0aa2540bd0f48d2871d2dc7",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-212xx/CVE-2023-21278.json
View File

@ -2,23 +2,92 @@
"id": "CVE-2023-21278",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.087",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:41:52.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple locations, there is a possible way to obscure the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/49773f9d871dd8975128fccf71513928a5a97345",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-212xx/CVE-2023-21279.json
View File

@ -2,23 +2,92 @@
"id": "CVE-2023-21279",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.150",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:41:38.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/155b14600fb13553a47b4e45fe0acd163da07453",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-212xx/CVE-2023-21280.json
View File

@ -2,23 +2,92 @@
"id": "CVE-2023-21280",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.217",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:41:11.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/06e772e05514af4aa427641784c5eec39a892ed3",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-212xx/CVE-2023-21281.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21281",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.283",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:40:53.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/badb243574d7fca9aa89152d9d25eeb4f8615385",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-212xx/CVE-2023-21282.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21282",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.347",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:40:21.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/external/aac/+/4242f97d149b0bf0cd96f00cd1e9d30d5922cd46",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

89
CVE-2023/CVE-2023-212xx/CVE-2023-21283.json
View File

@ -2,27 +2,104 @@
"id": "CVE-2023-21283",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.407",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:39:50.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/e17fd149c0a2bf6cce56ebfae3fa5364fead22cc",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/9b41a963f352fdb3da1da8c633d45280badfcb24",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-212xx/CVE-2023-21284.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21284",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.477",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:39:15.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/ed3f25b7222d4cff471f2b7d22d1150348146957",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-212xx/CVE-2023-21285.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21285",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.537",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:34:52.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/0c3b7ec3377e7fb645ec366be3be96bb1a252ca1",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-269xx/CVE-2023-26961.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-26961",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-08T20:15:10.080",
"lastModified": "2023-08-14T14:19:59.293",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-21T17:15:46.583",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files by changing the extension of the uploaded file."
"value": "Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files (e.g., JavaScript content for stored XSS) via the type field in a JSON document within a PUT /gallery/api/media request."
}
],
"metrics": {

64
CVE-2023/CVE-2023-284xx/CVE-2023-28481.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-28481",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T19:15:10.413",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:18:27.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using their own SSH key."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BA582564-26E0-465D-A957-0EFD55AC3D03"
}
]
}
]
}
],
"references": [
{
"url": "https://neo4j.com/security/cve-2023-28481/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-284xx/CVE-2023-28482.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-28482",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T19:15:10.513",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:21:28.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has permissions to upload data can browse data uploaded by any other user (irrespective of their permissions)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BA582564-26E0-465D-A957-0EFD55AC3D03"
}
]
}
]
}
],
"references": [
{
"url": "https://neo4j.com/security/cve-2023-28482/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-284xx/CVE-2023-28483.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-28483",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T19:15:10.567",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:04:17.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL queries that contain UDFs can bypass this configuration setting and, as a consequence, can write to any file location to which the administrative user has access."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BA582564-26E0-465D-A957-0EFD55AC3D03"
}
]
}
]
}
],
"references": [
{
"url": "https://neo4j.com/security/cve-2023-28483/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-287xx/CVE-2023-28714.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28714",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:25.880",
"lastModified": "2023-08-11T03:44:51.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:57:50.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -34,10 +54,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:proset\\/wireless_wifi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.220.0",
"matchCriteriaId": "F49E398F-DCA2-4584-BB56-3EF5A297ED8B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00872.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-287xx/CVE-2023-28736.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28736",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:25.950",
"lastModified": "2023-08-11T03:44:51.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:51:39.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -34,10 +54,53 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mdadm_project:mdadm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2",
"matchCriteriaId": "57006DDC-FD21-43BC-9DE8-6E03993FAB65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mdadm_project:mdadm:4.2:-:*:*:*:*:*:*",
"matchCriteriaId": "83942058-12AC-41D8-9966-54FC9FABCE4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mdadm_project:mdadm:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D9C5AB9-778F-4A22-91E2-04A124833A49"
}
]
}
]
}
],
"references": [
{
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

319
CVE-2023/CVE-2023-287xx/CVE-2023-28768.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28768",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-08-14T17:15:10.157",
"lastModified": "2023-08-14T17:27:48.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:07:05.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
},
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@ -46,10 +56,313 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:xgs2220-30_firmware:4.80\\(abxn.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A2EEDB89-057E-4FA4-99BF-4A85C63B05B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:xgs2220-30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F2BEA8-4817-4E14-B5B1-901671AD5E67"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:xgs2220-30f_firmware:4.80\\(abye.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AEE3D04C-A256-43D8-B1CB-5D2F8308F48D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:xgs2220-30f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A53E4C3-77BD-4646-8B78-9E3A77585779"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:xgs2220-30hp_firmware:4.80\\(abxo.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "318E9F6B-2D24-4FAD-86D6-CEEF5B69A606"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:xgs2220-30hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACCEDBD-3152-4549-9F80-C12715A51BE3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:xgs2220-54_firmware:4.80\\(abxp.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "827B19A6-3006-46EF-8A5A-C5800428A0A9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:xgs2220-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51B14340-165C-407D-B609-B17C44A90D4F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:xgs2220-54fp_firmware:4.80\\(acce.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "145E79B5-559E-4701-8232-E37665646947"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:xgs2220-54fp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E578CCE-7347-4A9D-A8F2-ADEF6B37BDA2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:xgs2220-54hp_firmware:4.80\\(abxq.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3F704060-74A6-4E63-B15F-D93D4B5ECC88"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:xgs2220-54hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF030C04-7B74-4B23-8CE9-2D78403B188E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:xmg1930-30_firmware:4.80\\(acar.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E53CFC62-7077-41D2-8749-CDCCE9E021D7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:xmg1930-30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D71444-A727-4B2A-AB17-3BC790829072"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:xmg1930-30hp_firmware:4.80\\(acas.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "65963F09-74C2-4EA3-8DC8-D8C4EEC36538"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:xmg1930-30hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42C2DF2C-0060-45A3-99A3-0B5A37CCC241"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:xs1930-10_firmware:4.80\\(abqe.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D037CF12-2F62-46AE-AEC0-8BFD94FBEAD0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:xs1930-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F675B520-4F05-41D6-ADDF-C26A9C427A55"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:xs1930-12f_firmware:4.80\\(abzv.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AD3211B9-2B47-4328-AA29-E366A6D238DF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:xs1930-12f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB74204B-D5FB-44C6-A59C-8133ECE9CD75"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:xs1930-12hp_firmware:4.80\\(abqf.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E3E7BBA5-A534-45DE-A5C0-10EFEE929635"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:xs1930-12hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2171AB-AE63-45F6-9B22-2F93C105B18D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-xgs2220-xmg1930-and-xs1930-series-switches",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-287xx/CVE-2023-28773.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28773",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-08T13:15:10.233",
"lastModified": "2023-08-08T13:57:34.073",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:57:03.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kolja-nolte:secondary_title:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.9.1",
"matchCriteriaId": "EC2369E5-3B0D-4C62-8642-0B0939389BC2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/secondary-title/wordpress-secondary-title-plugin-2-0-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-289xx/CVE-2023-28938.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28938",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:27.257",
"lastModified": "2023-08-11T03:44:51.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:55:01.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -34,10 +54,53 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mdadm_project:mdadm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2",
"matchCriteriaId": "57006DDC-FD21-43BC-9DE8-6E03993FAB65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mdadm_project:mdadm:4.2:-:*:*:*:*:*:*",
"matchCriteriaId": "83942058-12AC-41D8-9966-54FC9FABCE4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mdadm_project:mdadm:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D9C5AB9-778F-4A22-91E2-04A124833A49"
}
]
}
]
}
],
"references": [
{
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-28xx/CVE-2023-2803.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2803",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-14T20:15:11.547",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:10:22.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themefic:ultimate_addons_for_contact_form_7:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.29",
"matchCriteriaId": "56F326EB-BF3E-4B11-9605-75D5B0403DCB"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ec640d47-bb22-478d-9668-1dab72f12f8d",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-29xx/CVE-2023-2916.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2916",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-15T09:15:09.713",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:49:19.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +76,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:revmakx:infinitewp_client:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.12.1",
"matchCriteriaId": "DA2C819A-AE97-4E6E-BD0B-A78EE7A01E26"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/iwp-client/tags/1.11.1/core.class.php#L365",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2925897/iwp-client#file4",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa157c80-447f-4406-9e49-9cc6208b7b19?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-301xx/CVE-2023-30186.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30186",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T13:15:10.420",
"lastModified": "2023-08-18T03:21:09.943",
"lastModified": "2023-08-21T16:57:17.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 1.8,
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]

14
CVE-2023/CVE-2023-301xx/CVE-2023-30187.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30187",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T13:15:10.527",
"lastModified": "2023-08-18T03:20:19.403",
"lastModified": "2023-08-21T16:57:23.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 1.8,
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]

14
CVE-2023/CVE-2023-301xx/CVE-2023-30188.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30188",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T13:15:10.720",
"lastModified": "2023-08-18T03:19:32.193",
"lastModified": "2023-08-21T16:57:38.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]

47
CVE-2023/CVE-2023-307xx/CVE-2023-30754.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30754",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-14T15:15:12.123",
"lastModified": "2023-08-14T15:58:29.657",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:31:57.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adfoxly:adfoxly:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.5",
"matchCriteriaId": "E5F28128-CA11-490D-A897-D1E6BDB5D1B8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/adfoxly/wordpress-adfoxly-ad-manager-adsense-ads-ads-txt-plugin-1-8-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-312xx/CVE-2023-31246.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31246",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:31.570",
"lastModified": "2023-08-11T03:44:51.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:51:07.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -34,10 +54,59 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:server_debug_and_provisioning_tool:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4",
"matchCriteriaId": "8AC96E98-AC54-4317-B9C3-6281F7456613"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:server_debug_and_provisioning_tool:1.4:build_2:*:*:*:*:*:*",
"matchCriteriaId": "CCC8F48E-3F17-4CBF-B1E1-1469715196D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:server_debug_and_provisioning_tool:1.4:build_3:*:*:*:*:*:*",
"matchCriteriaId": "69412E99-BF49-4E16-92A0-431767D9513F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:server_debug_and_provisioning_tool:1.4:build_4:*:*:*:*:*:*",
"matchCriteriaId": "50421F17-BD45-43EE-8739-C6B731250630"
}
]
}
]
}
],
"references": [
{
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00905.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-314xx/CVE-2023-31447.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31447",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:46.847",
"lastModified": "2023-08-21T17:15:46.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code."
}
],
"metrics": {},
"references": [
{
"url": "https://draytek.com",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4",
"source": "cve@mitre.org"
}
]
}

96
CVE-2023/CVE-2023-31xx/CVE-2023-3160.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3160",
"sourceIdentifier": "security@eset.com",
"published": "2023-08-14T10:15:09.503",
"lastModified": "2023-08-14T13:06:15.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:03:22.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@eset.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "security@eset.com",
"type": "Secondary",
@ -46,10 +76,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:endpoint_antivirus:-:*:*:*:*:-:*:*",
"matchCriteriaId": "2B76C798-A8F7-4705-B85A-98CE4C44AC53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:endpoint_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81593DEE-54D7-49D5-9AE6-20B7E2B0AF8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:internet_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2CAD248-1F32-4459-A530-8706E334C67F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:mail_security:-:*:*:*:*:domino:*:*",
"matchCriteriaId": "5043B5B1-38B2-4621-B738-A79E5DF8D98E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:mail_security:-:*:*:*:*:exchange_server:*:*",
"matchCriteriaId": "DE40A56E-EBC0-43C8-85FB-868802B4817F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:nod32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82540E3B-B426-424F-A6FD-C0AAB596389A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:security:-:*:*:*:*:sharepoint_server:*:*",
"matchCriteriaId": "D6CCDFB5-D27D-40F5-9BFC-274DA84783E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:server_security:-:*:*:*:*:windows_server:*:*",
"matchCriteriaId": "74BC745B-A4C5-4EAE-B985-78FDA3C40516"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:smart_security:-:*:*:*:premium:*:*:*",
"matchCriteriaId": "375F46B4-9FDF-48FB-935A-8BB6FEF5221A"
}
]
}
]
}
],
"references": [
{
"url": "https://support.eset.com/en/ca8466",
"source": "security@eset.com"
"source": "security@eset.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-320xx/CVE-2023-32002.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32002",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-08-21T17:15:47.000",
"lastModified": "2023-08-21T17:15:47.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js."
}
],
"metrics": {},
"references": [
{
"url": "https://hackerone.com/reports/1960870",
"source": "support@hackerone.com"
}
]
}

6
CVE-2023/CVE-2023-326xx/CVE-2023-32663.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-32663",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:32.987",
"lastModified": "2023-08-17T16:45:58.003",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-21T17:15:47.183",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
"value": "Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n"
}
],
"metrics": {

53
CVE-2023/CVE-2023-33xx/CVE-2023-3328.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3328",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-14T20:15:11.663",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:14:56.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Custom Field For WP Job Manager WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:custom_field_for_wp_job_manager_project:custom_field_for_wp_job_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2",
"matchCriteriaId": "48A981FF-3252-4ACA-94FE-2543605E74A9"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d8b76875-cf7f-43a9-b88b-d8aefefab131",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-33xx/CVE-2023-3366.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3366",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:48.927",
"lastModified": "2023-08-21T17:15:48.927",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/b2f06223-9352-4227-ae94-32061e2c5611",
"source": "contact@wpscan.com"
}
]
}

53
CVE-2023/CVE-2023-34xx/CVE-2023-3435.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3435",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-14T20:15:11.747",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:04:43.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solwininfotech:user_activity_log:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6.5",
"matchCriteriaId": "2ACDD8B1-FE7A-48A1-BD34-E650D32AF2C1"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/30a37a61-0d16-46f7-b9d8-721d983afc6b",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-36xx/CVE-2023-3601.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3601",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-14T20:15:11.827",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:05:15.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webfactoryltd:simple_author_box:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.52",
"matchCriteriaId": "8F9A6FF8-DA9E-46C0-92E6-FB95E4EF24F1"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/c0cc513e-c306-4920-9afb-e33d95a7292f",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-36xx/CVE-2023-3604.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3604",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:49.260",
"lastModified": "2023-08-21T17:15:49.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8f6615e8-f607-4ce4-a0e0-d5fc841ead16",
"source": "contact@wpscan.com"
}
]
}

53
CVE-2023/CVE-2023-36xx/CVE-2023-3645.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3645",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-14T20:15:12.103",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:06:14.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bitapps:contact_form_builder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.0",
"matchCriteriaId": "A7ED2BAF-CAA9-46AB-A5E2-19BC3FDBB4A9"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/58c11f1e-6ea0-468c-b974-4aea9eb94b82",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-36xx/CVE-2023-3667.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3667",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:49.617",
"lastModified": "2023-08-21T17:15:49.617",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/9f2f3f85-6812-46b5-9175-c56f6852afd7",
"source": "contact@wpscan.com"
}
]
}

65
CVE-2023/CVE-2023-37xx/CVE-2023-3721.json
View File

@ -2,18 +2,41 @@
"id": "CVE-2023-3721",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-14T20:15:12.413",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:53:45.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -21,12 +44,44 @@
"value": "CWE-79"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lesterchan:wp-email:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.69.1",
"matchCriteriaId": "3F45FEDE-6C11-4D4A-B0BD-305C51FFF803"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3f90347a-6586-4648-9f2c-d4f321bf801a",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-380xx/CVE-2023-38035.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38035",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-08-21T17:15:47.457",
"lastModified": "2023-08-21T17:15:47.457",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. "
}
],
"metrics": {},
"references": [
{
"url": "https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface",
"source": "support@hackerone.com"
}
]
}

24
CVE-2023/CVE-2023-388xx/CVE-2023-38836.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38836",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:47.633",
"lastModified": "2023-08-21T17:15:47.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code via the GIF header component."
}
],
"metrics": {},
"references": [
{
"url": "http://boidcms.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/BoidCMS/BoidCMS/issues/27",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-388xx/CVE-2023-38840.json
View File

@ -2,16 +2,20 @@
"id": "CVE-2023-38840",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:10.320",
"lastModified": "2023-08-17T16:15:09.893",
"lastModified": "2023-08-21T17:15:47.793",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Bitwarden Windows Desktop v2023.5.1 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process."
"value": "Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bitwarden/clients/pull/5813",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bitwarden/desktop/issues/476",
"source": "cve@mitre.org"

20
CVE-2023/CVE-2023-389xx/CVE-2023-38961.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38961",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:47.973",
"lastModified": "2023-08-21T17:15:47.973",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/jerryscript-project/jerryscript/issues/5092",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-389xx/CVE-2023-38976.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38976",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:48.127",
"lastModified": "2023-08-21T17:15:48.127",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/weaviate/weaviate/issues/3258",
"source": "cve@mitre.org"
}
]
}

78
CVE-2023/CVE-2023-38xx/CVE-2023-3824.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3824",
"sourceIdentifier": "security@php.net",
"published": "2023-08-11T06:15:10.560",
"lastModified": "2023-08-12T06:19:10.403",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:31:40.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@php.net",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{
"source": "security@php.net",
"type": "Secondary",
@ -46,14 +76,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.0.30",
"matchCriteriaId": "C516377E-EAA8-4534-B0B8-4BF7A664DDFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.22",
"matchCriteriaId": "3DA6AD3E-CB35-4AF2-86E9-3BC831728058"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.8",
"matchCriteriaId": "32E9658B-C729-4A49-98BE-CD0F8E782667"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv",
"source": "security@php.net"
"source": "security@php.net",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/",
"source": "security@php.net"
"source": "security@php.net",
"tags": [
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-390xx/CVE-2023-39061.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39061",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:48.277",
"lastModified": "2023-08-21T17:15:48.277",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code."
}
],
"metrics": {},
"references": [
{
"url": "http://chamilo.com",
"source": "cve@mitre.org"
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-123-2023-07-08-Moderate-impact-Moderate-risk-CSRF-through-admin-account-forum-posts",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-390xx/CVE-2023-39094.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39094",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:48.437",
"lastModified": "2023-08-21T17:15:48.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZeroWdd/studentmanager/issues/12",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-391xx/CVE-2023-39106.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39106",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:48.587",
"lastModified": "2023-08-21T17:15:48.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/nacos-group/nacos-spring-project/issues/314",
"source": "cve@mitre.org"
}
]
}

82
CVE-2023/CVE-2023-392xx/CVE-2023-39292.json
View File

@ -2,19 +2,93 @@
"id": "CVE-2023-39292",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T19:15:12.897",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:24:42.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitel:mivoice_office_400:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.0.9281",
"matchCriteriaId": "B6BA3954-75F0-4CE5-A76C-5BF0E467F2A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mitel:mivoice_office_400_smb_controller_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.2.5.23",
"matchCriteriaId": "84538675-E950-4902-BE84-D51FFCB4DC5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mitel:mivoice_office_400_smb_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC91A7AC-4869-49D7-AB93-5B521A470AC8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-392xx/CVE-2023-39293.json
View File

@ -2,19 +2,93 @@
"id": "CVE-2023-39293",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T19:15:13.017",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:58:05.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitel:mivoice_office_400:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.0.9281",
"matchCriteriaId": "B6BA3954-75F0-4CE5-A76C-5BF0E467F2A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mitel:mivoice_office_400_smb_controller_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.2.5.23",
"matchCriteriaId": "84538675-E950-4902-BE84-D51FFCB4DC5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mitel:mivoice_office_400_smb_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC91A7AC-4869-49D7-AB93-5B521A470AC8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0009",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-396xx/CVE-2023-39660.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39660",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:48.797",
"lastModified": "2023-08-21T17:15:48.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gventuri/pandas-ai/issues/399",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/gventuri/pandas-ai/pull/409",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-398xx/CVE-2023-39852.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-39852",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T21:15:09.907",
"lastModified": "2023-08-21T07:15:34.127",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-21T17:51:08.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** DISPUTED ** Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who indicates that the userid is a session variable controlled by the server, and thus cannot be used for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:doctor_appointment_system_project:doctor_appointment_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68074324-B3A0-4D9A-B66B-CB3E1DDE661F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/KLSEHB/vulnerability-report/blob/main/Doctormms_CVE-2023-39852",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/php/14182/doctor-appointment-system.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

32
CVE-2023/CVE-2023-39xx/CVE-2023-3936.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3936",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:49.967",
"lastModified": "2023-08-21T17:15:49.967",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/6d09a5d3-046d-47ef-86b4-c024ea09dc0f",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-39xx/CVE-2023-3954.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3954",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:50.047",
"lastModified": "2023-08-21T17:15:50.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/b463ccbb-2dc1-479f-bc88-becd204b2dc0",
"source": "contact@wpscan.com"
}
]
}

64
CVE-2023/CVE-2023-402xx/CVE-2023-40294.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-40294",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T04:15:11.337",
"lastModified": "2023-08-14T13:06:15.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:25:38.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:0branch:boron:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "82303CD4-FB83-4A0E-8F7E-0FEB740E4C03"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/0branch/boron/issues/3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-402xx/CVE-2023-40295.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-40295",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T04:15:11.403",
"lastModified": "2023-08-14T13:06:15.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:35:53.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInitUtf8 at string.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:0branch:boron:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "82303CD4-FB83-4A0E-8F7E-0FEB740E4C03"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/0branch/boron/issues/3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-403xx/CVE-2023-40305.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-40305",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T06:15:09.683",
"lastModified": "2023-08-14T13:06:15.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T16:00:37.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:indent:2.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0840F9FF-EA53-47DD-813A-889E6EAA76A6"
}
]
}
]
}
],
"references": [
{
"url": "https://ftp.gnu.org/gnu/indent/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://savannah.gnu.org/bugs/index.php?64503",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

54
CVE-2023/CVE-2023-43xx/CVE-2023-4308.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4308",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-15T08:15:09.717",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T17:54:39.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plugin-planet:user_submitted_posts:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "20230811",
"matchCriteriaId": "387AEB00-B4FE-4E03-B30F-9AB7E176F5C8"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2952471/user-submitted-posts",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb4d37c-c4c2-4523-9b4e-73ffb7be81ea?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

118
CVE-2023/CVE-2023-43xx/CVE-2023-4350.json
View File

@ -2,31 +2,135 @@
"id": "CVE-2023-4350",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-15T18:15:11.103",
"lastModified": "2023-08-20T03:15:15.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-21T17:27:02.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0.5845.96",
"matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://crbug.com/1454817",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5479",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-43xx/CVE-2023-4351.json
View File

@ -2,31 +2,123 @@
"id": "CVE-2023-4351",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-15T18:15:11.260",
"lastModified": "2023-08-20T03:15:15.870",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-21T17:29:16.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0.5845.96",
"matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1465833",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5479",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-43xx/CVE-2023-4352.json
View File

@ -2,31 +2,123 @@
"id": "CVE-2023-4352",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-15T18:15:11.463",
"lastModified": "2023-08-20T03:15:16.283",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-21T17:35:28.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0.5845.96",
"matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1452076",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5479",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-43xx/CVE-2023-4353.json
View File

@ -2,31 +2,123 @@
"id": "CVE-2023-4353",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-15T18:15:11.613",
"lastModified": "2023-08-20T03:15:16.470",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-21T17:36:21.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0.5845.96",
"matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1458046",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5479",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-43xx/CVE-2023-4354.json
View File

@ -2,31 +2,123 @@
"id": "CVE-2023-4354",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-15T18:15:11.763",
"lastModified": "2023-08-20T03:15:16.833",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-21T17:37:13.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0.5845.96",
"matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1464215",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5479",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-43xx/CVE-2023-4355.json
View File

@ -2,31 +2,123 @@
"id": "CVE-2023-4355",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-15T18:15:11.923",
"lastModified": "2023-08-20T03:15:17.210",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-21T17:39:24.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0.5845.96",
"matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1468943",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5479",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-43xx/CVE-2023-4356.json
View File

@ -2,31 +2,123 @@
"id": "CVE-2023-4356",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-15T18:15:12.090",
"lastModified": "2023-08-20T03:15:17.737",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-21T17:40:42.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0.5845.96",
"matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1449929",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5479",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

118
CVE-2023/CVE-2023-43xx/CVE-2023-4361.json
View File

@ -2,31 +2,135 @@
"id": "CVE-2023-4361",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-15T18:15:12.960",
"lastModified": "2023-08-20T03:15:19.067",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-21T17:54:24.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0.5845.96",
"matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://crbug.com/1465230",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5479",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-44xx/CVE-2023-4456.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-4456",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-21T17:15:50.283",
"lastModified": "2023-08-21T17:15:50.283",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4456",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233087",
"source": "secalert@redhat.com"
}
]
}

64
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-21T16:00:31.634679+00:00
2023-08-21T18:00:38.765995+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-21T15:55:47.347000+00:00
2023-08-21T17:58:05.637000+00:00
```
### Last Data Feed Release
@ -29,31 +29,61 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223057
223074
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `17`
* [CVE-2022-4367](CVE-2022/CVE-2022-43xx/CVE-2022-4367.json) (`2023-08-21T17:15:46.307`)
* [CVE-2023-31447](CVE-2023/CVE-2023-314xx/CVE-2023-31447.json) (`2023-08-21T17:15:46.847`)
* [CVE-2023-32002](CVE-2023/CVE-2023-320xx/CVE-2023-32002.json) (`2023-08-21T17:15:47.000`)
* [CVE-2023-38035](CVE-2023/CVE-2023-380xx/CVE-2023-38035.json) (`2023-08-21T17:15:47.457`)
* [CVE-2023-38836](CVE-2023/CVE-2023-388xx/CVE-2023-38836.json) (`2023-08-21T17:15:47.633`)
* [CVE-2023-38961](CVE-2023/CVE-2023-389xx/CVE-2023-38961.json) (`2023-08-21T17:15:47.973`)
* [CVE-2023-38976](CVE-2023/CVE-2023-389xx/CVE-2023-38976.json) (`2023-08-21T17:15:48.127`)
* [CVE-2023-39061](CVE-2023/CVE-2023-390xx/CVE-2023-39061.json) (`2023-08-21T17:15:48.277`)
* [CVE-2023-39094](CVE-2023/CVE-2023-390xx/CVE-2023-39094.json) (`2023-08-21T17:15:48.437`)
* [CVE-2023-39106](CVE-2023/CVE-2023-391xx/CVE-2023-39106.json) (`2023-08-21T17:15:48.587`)
* [CVE-2023-39660](CVE-2023/CVE-2023-396xx/CVE-2023-39660.json) (`2023-08-21T17:15:48.797`)
* [CVE-2023-3366](CVE-2023/CVE-2023-33xx/CVE-2023-3366.json) (`2023-08-21T17:15:48.927`)
* [CVE-2023-3604](CVE-2023/CVE-2023-36xx/CVE-2023-3604.json) (`2023-08-21T17:15:49.260`)
* [CVE-2023-3667](CVE-2023/CVE-2023-36xx/CVE-2023-3667.json) (`2023-08-21T17:15:49.617`)
* [CVE-2023-3936](CVE-2023/CVE-2023-39xx/CVE-2023-3936.json) (`2023-08-21T17:15:49.967`)
* [CVE-2023-3954](CVE-2023/CVE-2023-39xx/CVE-2023-3954.json) (`2023-08-21T17:15:50.047`)
* [CVE-2023-4456](CVE-2023/CVE-2023-44xx/CVE-2023-4456.json) (`2023-08-21T17:15:50.283`)
### CVEs modified in the last Commit
Recently modified CVEs: `12`
Recently modified CVEs: `60`
* [CVE-2021-28025](CVE-2021/CVE-2021-280xx/CVE-2021-28025.json) (`2023-08-21T15:41:19.287`)
* [CVE-2022-41984](CVE-2022/CVE-2022-419xx/CVE-2022-41984.json) (`2023-08-21T14:33:50.620`)
* [CVE-2022-36392](CVE-2022/CVE-2022-363xx/CVE-2022-36392.json) (`2023-08-21T14:34:05.403`)
* [CVE-2022-45112](CVE-2022/CVE-2022-451xx/CVE-2022-45112.json) (`2023-08-21T14:34:23.620`)
* [CVE-2022-38973](CVE-2022/CVE-2022-389xx/CVE-2022-38973.json) (`2023-08-21T14:34:40.520`)
* [CVE-2023-2606](CVE-2023/CVE-2023-26xx/CVE-2023-2606.json) (`2023-08-21T14:05:18.320`)
* [CVE-2023-40303](CVE-2023/CVE-2023-403xx/CVE-2023-40303.json) (`2023-08-21T14:24:42.610`)
* [CVE-2023-2802](CVE-2023/CVE-2023-28xx/CVE-2023-2802.json) (`2023-08-21T14:27:16.020`)
* [CVE-2023-22276](CVE-2023/CVE-2023-222xx/CVE-2023-22276.json) (`2023-08-21T14:31:52.990`)
* [CVE-2023-40235](CVE-2023/CVE-2023-402xx/CVE-2023-40235.json) (`2023-08-21T14:38:48.630`)
* [CVE-2023-32267](CVE-2023/CVE-2023-322xx/CVE-2023-32267.json) (`2023-08-21T15:48:26.110`)
* [CVE-2023-39553](CVE-2023/CVE-2023-395xx/CVE-2023-39553.json) (`2023-08-21T15:55:47.347`)
* [CVE-2023-0872](CVE-2023/CVE-2023-08xx/CVE-2023-0872.json) (`2023-08-21T17:12:20.407`)
* [CVE-2023-26961](CVE-2023/CVE-2023-269xx/CVE-2023-26961.json) (`2023-08-21T17:15:46.583`)
* [CVE-2023-32663](CVE-2023/CVE-2023-326xx/CVE-2023-32663.json) (`2023-08-21T17:15:47.183`)
* [CVE-2023-38840](CVE-2023/CVE-2023-388xx/CVE-2023-38840.json) (`2023-08-21T17:15:47.793`)
* [CVE-2023-28481](CVE-2023/CVE-2023-284xx/CVE-2023-28481.json) (`2023-08-21T17:18:27.813`)
* [CVE-2023-28482](CVE-2023/CVE-2023-284xx/CVE-2023-28482.json) (`2023-08-21T17:21:28.503`)
* [CVE-2023-20588](CVE-2023/CVE-2023-205xx/CVE-2023-20588.json) (`2023-08-21T17:24:22.070`)
* [CVE-2023-39292](CVE-2023/CVE-2023-392xx/CVE-2023-39292.json) (`2023-08-21T17:24:42.877`)
* [CVE-2023-40294](CVE-2023/CVE-2023-402xx/CVE-2023-40294.json) (`2023-08-21T17:25:38.010`)
* [CVE-2023-20586](CVE-2023/CVE-2023-205xx/CVE-2023-20586.json) (`2023-08-21T17:25:49.017`)
* [CVE-2023-20569](CVE-2023/CVE-2023-205xx/CVE-2023-20569.json) (`2023-08-21T17:26:07.933`)
* [CVE-2023-4350](CVE-2023/CVE-2023-43xx/CVE-2023-4350.json) (`2023-08-21T17:27:02.017`)
* [CVE-2023-4351](CVE-2023/CVE-2023-43xx/CVE-2023-4351.json) (`2023-08-21T17:29:16.257`)
* [CVE-2023-4352](CVE-2023/CVE-2023-43xx/CVE-2023-4352.json) (`2023-08-21T17:35:28.180`)
* [CVE-2023-40295](CVE-2023/CVE-2023-402xx/CVE-2023-40295.json) (`2023-08-21T17:35:53.970`)
* [CVE-2023-4353](CVE-2023/CVE-2023-43xx/CVE-2023-4353.json) (`2023-08-21T17:36:21.240`)
* [CVE-2023-4354](CVE-2023/CVE-2023-43xx/CVE-2023-4354.json) (`2023-08-21T17:37:13.257`)
* [CVE-2023-4355](CVE-2023/CVE-2023-43xx/CVE-2023-4355.json) (`2023-08-21T17:39:24.197`)
* [CVE-2023-4356](CVE-2023/CVE-2023-43xx/CVE-2023-4356.json) (`2023-08-21T17:40:42.347`)
* [CVE-2023-2916](CVE-2023/CVE-2023-29xx/CVE-2023-2916.json) (`2023-08-21T17:49:19.573`)
* [CVE-2023-39852](CVE-2023/CVE-2023-398xx/CVE-2023-39852.json) (`2023-08-21T17:51:08.113`)
* [CVE-2023-3721](CVE-2023/CVE-2023-37xx/CVE-2023-3721.json) (`2023-08-21T17:53:45.117`)
* [CVE-2023-4361](CVE-2023/CVE-2023-43xx/CVE-2023-4361.json) (`2023-08-21T17:54:24.567`)
* [CVE-2023-4308](CVE-2023/CVE-2023-43xx/CVE-2023-4308.json) (`2023-08-21T17:54:39.980`)
* [CVE-2023-39293](CVE-2023/CVE-2023-392xx/CVE-2023-39293.json) (`2023-08-21T17:58:05.637`)
## Download and Usage