admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-10T08:00:24.154328+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-10 10:00:27 +02:00
parent 8f4d930a54
commit a4126ec945
25 changed files with 1050 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2022/CVE-2022-40xx/CVE-2022-4008.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-4008",
"sourceIdentifier": "security@octopus.com",
"published": "2023-05-10T06:15:09.000",
"lastModified": "2023-05-10T06:15:09.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service"
}
],
"metrics": {},
"references": [
{
"url": "https://advisories.octopus.com/post/2023/sa2023-08/",
"source": "security@octopus.com"
}
]
}

40
CVE-2023/CVE-2023-223xx/CVE-2023-22361.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-22361",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:10.800",
"lastModified": "2023-05-10T06:15:10.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN40604023/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/archives/73969/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/",
"source": "vultures@jpcert.or.jp"
}
]
}

40
CVE-2023/CVE-2023-224xx/CVE-2023-22441.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-22441",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:11.160",
"lastModified": "2023-05-10T06:15:11.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier"
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN40604023/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/archives/73969/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/",
"source": "vultures@jpcert.or.jp"
}
]
}

40
CVE-2023/CVE-2023-235xx/CVE-2023-23578.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-23578",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:11.430",
"lastModified": "2023-05-10T06:15:11.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN40604023/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/archives/73969/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/",
"source": "vultures@jpcert.or.jp"
}
]
}

40
CVE-2023/CVE-2023-239xx/CVE-2023-23901.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-23901",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:11.727",
"lastModified": "2023-05-10T06:15:11.727",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN40604023/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/archives/73969/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/",
"source": "vultures@jpcert.or.jp"
}
]
}

40
CVE-2023/CVE-2023-239xx/CVE-2023-23906.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-23906",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:12.007",
"lastModified": "2023-05-10T06:15:12.007",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN40604023/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/archives/73969/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/",
"source": "vultures@jpcert.or.jp"
}
]
}

40
CVE-2023/CVE-2023-245xx/CVE-2023-24586.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-24586",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:12.310",
"lastModified": "2023-05-10T06:15:12.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN40604023/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/archives/73969/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/",
"source": "vultures@jpcert.or.jp"
}
]
}

40
CVE-2023/CVE-2023-250xx/CVE-2023-25070.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-25070",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:12.497",
"lastModified": "2023-05-10T06:15:12.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN40604023/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/archives/73969/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/",
"source": "vultures@jpcert.or.jp"
}
]
}

40
CVE-2023/CVE-2023-250xx/CVE-2023-25072.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-25072",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:13.030",
"lastModified": "2023-05-10T06:15:13.030",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN40604023/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/archives/73969/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/",
"source": "vultures@jpcert.or.jp"
}
]
}

40
CVE-2023/CVE-2023-251xx/CVE-2023-25184.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-25184",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:13.427",
"lastModified": "2023-05-10T06:15:13.427",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN40604023/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/archives/73969/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/",
"source": "vultures@jpcert.or.jp"
}
]
}

59
CVE-2023/CVE-2023-26xx/CVE-2023-2614.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2614",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-05-10T06:15:15.007",
"lastModified": "2023-05-10T06:15:15.007",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-26xx/CVE-2023-2615.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2615",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-05-10T06:15:16.380",
"lastModified": "2023-05-10T06:15:16.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a",
"source": "security@huntr.dev"
}
]
}

92
CVE-2023/CVE-2023-26xx/CVE-2023-2617.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-2617",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-10T06:15:16.853",
"lastModified": "2023-05-10T06:15:16.853",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/opencv/opencv_contrib/pull/3480",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.228547",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.228547",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2023/CVE-2023-26xx/CVE-2023-2618.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-2618",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-10T06:15:17.577",
"lastModified": "2023-05-10T06:15:17.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"references": [
{
"url": "https://github.com/opencv/opencv_contrib/pull/3484",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.228548",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.228548",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-26xx/CVE-2023-2619.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-2619",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-10T06:15:17.990",
"lastModified": "2023-05-10T06:15:17.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects the function exec of the file disapprove_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228549 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://blog.csdn.net/weixin_43864034/article/details/130596916",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.228549",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.228549",
"source": "cna@vuldb.com"
}
]
}

24
CVE-2023/CVE-2023-273xx/CVE-2023-27385.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-27385",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:13.680",
"lastModified": "2023-05-10T06:15:13.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU97372625/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-004_en.pdf",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-275xx/CVE-2023-27510.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-27510",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:13.807",
"lastModified": "2023-05-10T06:15:13.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry form versions 0.6.1 and 0.6.0, JB Inquiry form versions 0.5.2, 0.5.1 and 0.5.0, and JB Inquiry form version 0.40."
}
],
"metrics": {},
"references": [
{
"url": "https://jubei.co.jp/formmail/info20230414.html",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://jvn.jp/en/jp/JVN36340790/",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-275xx/CVE-2023-27527.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-27527",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:13.953",
"lastModified": "2023-05-10T06:15:13.953",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN73178249/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.touki-kyoutaku-online.moj.go.jp/",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-278xx/CVE-2023-27888.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-27888",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:14.077",
"lastModified": "2023-05-10T06:15:14.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product."
}
],
"metrics": {},
"references": [
{
"url": "https://joruri-pwm.jp/org/docs/2022093000017/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://jvn.jp/en/jp/JVN87559956/",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-278xx/CVE-2023-27889.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-27889",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:14.280",
"lastModified": "2023-05-10T06:15:14.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN99657911/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://wordpress.org/plugins/liquid-speech-balloon/#developers",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-279xx/CVE-2023-27918.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-27918",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:14.547",
"lastModified": "2023-05-10T06:15:14.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN00971105/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://wordpress.org/plugins/ameliabooking/#developers",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-279xx/CVE-2023-27919.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-27919",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-10T06:15:14.753",
"lastModified": "2023-05-10T06:15:14.753",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated attacker to alter the information stored in the system."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN50862842/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://main.next-engine.com/Usernotice/detail?id=1054",
"source": "vultures@jpcert.or.jp"
}
]
}

63
CVE-2023/CVE-2023-307xx/CVE-2023-30777.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-30777",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-10T06:15:18.520",
"lastModified": "2023-05-10T06:15:18.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <=\u00a06.1.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/articles/reflected-xss-in-advanced-custom-fields-plugins-affecting-2-million-sites?_s_id=cve",
"source": "audit@patchstack.com"
},
{
"url": "https://patchstack.com/database/vulnerability/advanced-custom-fields-pro/wordpress-advanced-custom-fields-pro-plugin-6-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
{
"url": "https://patchstack.com/database/vulnerability/advanced-custom-fields/wordpress-advanced-custom-fields-plugin-6-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2023/CVE-2023-325xx/CVE-2023-32573.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32573",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-10T06:15:19.070",
"lastModified": "2023-05-10T06:15:19.070",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled."
}
],
"metrics": {},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/474093",
"source": "cve@mitre.org"
}
]
}

50
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-05-10T06:00:23.927804+00:00 2023-05-10T08:00:24.154328+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-05-10T05:15:12.190000+00:00 2023-05-10T06:15:19.070000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,35 +29,43 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
214667 214691
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `5` Recently added CVEs: `24`
* [CVE-2023-26126](CVE-2023/CVE-2023-261xx/CVE-2023-26126.json) (`2023-05-10T05:15:08.860`) * [CVE-2022-4008](CVE-2022/CVE-2022-40xx/CVE-2022-4008.json) (`2023-05-10T06:15:09.000`)
* [CVE-2023-2616](CVE-2023/CVE-2023-26xx/CVE-2023-2616.json) (`2023-05-10T05:15:11.877`) * [CVE-2023-22361](CVE-2023/CVE-2023-223xx/CVE-2023-22361.json) (`2023-05-10T06:15:10.800`)
* [CVE-2023-32568](CVE-2023/CVE-2023-325xx/CVE-2023-32568.json) (`2023-05-10T05:15:11.990`) * [CVE-2023-22441](CVE-2023/CVE-2023-224xx/CVE-2023-22441.json) (`2023-05-10T06:15:11.160`)
* [CVE-2023-32569](CVE-2023/CVE-2023-325xx/CVE-2023-32569.json) (`2023-05-10T05:15:12.103`) * [CVE-2023-23578](CVE-2023/CVE-2023-235xx/CVE-2023-23578.json) (`2023-05-10T06:15:11.430`)
* [CVE-2023-32570](CVE-2023/CVE-2023-325xx/CVE-2023-32570.json) (`2023-05-10T05:15:12.190`) * [CVE-2023-23901](CVE-2023/CVE-2023-239xx/CVE-2023-23901.json) (`2023-05-10T06:15:11.727`)
* [CVE-2023-23906](CVE-2023/CVE-2023-239xx/CVE-2023-23906.json) (`2023-05-10T06:15:12.007`)
* [CVE-2023-24586](CVE-2023/CVE-2023-245xx/CVE-2023-24586.json) (`2023-05-10T06:15:12.310`)
* [CVE-2023-25070](CVE-2023/CVE-2023-250xx/CVE-2023-25070.json) (`2023-05-10T06:15:12.497`)
* [CVE-2023-25072](CVE-2023/CVE-2023-250xx/CVE-2023-25072.json) (`2023-05-10T06:15:13.030`)
* [CVE-2023-25184](CVE-2023/CVE-2023-251xx/CVE-2023-25184.json) (`2023-05-10T06:15:13.427`)
* [CVE-2023-2614](CVE-2023/CVE-2023-26xx/CVE-2023-2614.json) (`2023-05-10T06:15:15.007`)
* [CVE-2023-2615](CVE-2023/CVE-2023-26xx/CVE-2023-2615.json) (`2023-05-10T06:15:16.380`)
* [CVE-2023-2617](CVE-2023/CVE-2023-26xx/CVE-2023-2617.json) (`2023-05-10T06:15:16.853`)
* [CVE-2023-2618](CVE-2023/CVE-2023-26xx/CVE-2023-2618.json) (`2023-05-10T06:15:17.577`)
* [CVE-2023-2619](CVE-2023/CVE-2023-26xx/CVE-2023-2619.json) (`2023-05-10T06:15:17.990`)
* [CVE-2023-27385](CVE-2023/CVE-2023-273xx/CVE-2023-27385.json) (`2023-05-10T06:15:13.680`)
* [CVE-2023-27510](CVE-2023/CVE-2023-275xx/CVE-2023-27510.json) (`2023-05-10T06:15:13.807`)
* [CVE-2023-27527](CVE-2023/CVE-2023-275xx/CVE-2023-27527.json) (`2023-05-10T06:15:13.953`)
* [CVE-2023-27888](CVE-2023/CVE-2023-278xx/CVE-2023-27888.json) (`2023-05-10T06:15:14.077`)
* [CVE-2023-27889](CVE-2023/CVE-2023-278xx/CVE-2023-27889.json) (`2023-05-10T06:15:14.280`)
* [CVE-2023-27918](CVE-2023/CVE-2023-279xx/CVE-2023-27918.json) (`2023-05-10T06:15:14.547`)
* [CVE-2023-27919](CVE-2023/CVE-2023-279xx/CVE-2023-27919.json) (`2023-05-10T06:15:14.753`)
* [CVE-2023-30777](CVE-2023/CVE-2023-307xx/CVE-2023-30777.json) (`2023-05-10T06:15:18.520`)
* [CVE-2023-32573](CVE-2023/CVE-2023-325xx/CVE-2023-32573.json) (`2023-05-10T06:15:19.070`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `11` Recently modified CVEs: `0`
* [CVE-2023-2260](CVE-2023/CVE-2023-22xx/CVE-2023-2260.json) (`2023-05-10T05:15:11.440`)
* [CVE-2023-2459](CVE-2023/CVE-2023-24xx/CVE-2023-2459.json) (`2023-05-10T04:15:44.010`)
* [CVE-2023-2460](CVE-2023/CVE-2023-24xx/CVE-2023-2460.json) (`2023-05-10T04:15:44.167`)
* [CVE-2023-2461](CVE-2023/CVE-2023-24xx/CVE-2023-2461.json) (`2023-05-10T04:15:44.253`)
* [CVE-2023-2462](CVE-2023/CVE-2023-24xx/CVE-2023-2462.json) (`2023-05-10T04:15:44.333`)
* [CVE-2023-2463](CVE-2023/CVE-2023-24xx/CVE-2023-2463.json) (`2023-05-10T04:15:44.407`)
* [CVE-2023-2464](CVE-2023/CVE-2023-24xx/CVE-2023-2464.json) (`2023-05-10T04:15:44.490`)
* [CVE-2023-2465](CVE-2023/CVE-2023-24xx/CVE-2023-2465.json) (`2023-05-10T04:15:44.563`)
* [CVE-2023-2466](CVE-2023/CVE-2023-24xx/CVE-2023-2466.json) (`2023-05-10T04:15:44.647`)
* [CVE-2023-2467](CVE-2023/CVE-2023-24xx/CVE-2023-2467.json) (`2023-05-10T04:15:44.727`)
* [CVE-2023-2468](CVE-2023/CVE-2023-24xx/CVE-2023-2468.json) (`2023-05-10T04:15:44.797`)
## Download and Usage ## Download and Usage