admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-19T23:55:37.409361+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-19 23:55:40 +00:00
parent 4183a81d73
commit a7399acc87
57 changed files with 5226 additions and 240 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2010/CVE-2010-38xx/CVE-2010-3856.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2010-3856",
"sourceIdentifier": "secalert@redhat.com",
"published": "2011-01-07T19:00:17.843",
"lastModified": "2023-02-13T04:26:39.060",
"lastModified": "2023-07-19T20:15:09.733",
"vulnStatus": "Modified",
"descriptions": [
{
@ -354,6 +354,10 @@
"url": "http://seclists.org/fulldisclosure/2019/Jun/18",
"source": "secalert@redhat.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/31",
"source": "secalert@redhat.com"
},
{
"url": "http://security.gentoo.org/glsa/glsa-201011-01.xml",
"source": "secalert@redhat.com"
@ -377,6 +381,10 @@
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:212",
"source": "secalert@redhat.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/9",
"source": "secalert@redhat.com"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2010-0872.html",
"source": "secalert@redhat.com"

10
CVE-2016/CVE-2016-100xx/CVE-2016-10009.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2016-10009",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-01-05T02:59:03.057",
"lastModified": "2022-12-13T12:15:19.877",
"lastModified": "2023-07-19T20:15:09.867",
"vulnStatus": "Modified",
"descriptions": [
{
@ -98,6 +98,10 @@
"url": "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/31",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2",
"source": "cve@mitre.org",
@ -106,6 +110,10 @@
"Release Notes"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/9",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/94968",
"source": "cve@mitre.org"

67
CVE-2020/CVE-2020-367xx/CVE-2020-36757.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36757",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T07:15:09.440",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:19:16.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,42 +46,87 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thimpress:wp_hotel_booking:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.10.1",
"matchCriteriaId": "D7C89555-7323-4D7F-91AD-CE22CFF1E112"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368289%40wp-hotel-booking&new=2368289%40wp-hotel-booking&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd9826d7-f8f5-4d3d-8145-3d4e6a63d784?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

77
CVE-2020/CVE-2020-367xx/CVE-2020-36760.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36760",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T08:15:09.270",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T19:09:59.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,42 +46,97 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oceanwp:ocean_extra:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.5",
"matchCriteriaId": "8BD68F16-ABAE-4A1A-A768-663733F45616"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2391055%40ocean-extra&new=2391055%40ocean-extra&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eb3ef121-13ea-4e42-90c1-1f4bd31ebbcf?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

77
CVE-2020/CVE-2020-367xx/CVE-2020-36761.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36761",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T08:15:09.470",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T19:09:30.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,42 +46,97 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webberzone:top_10:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.9.4",
"matchCriteriaId": "3399A989-EA4A-406F-892C-D780E03E06B4"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368373%40top-10&new=2368373%40top-10&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0af86e4-c30b-49e2-ad6a-97a415a74d18?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

89
CVE-2021/CVE-2021-44xx/CVE-2021-4425.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4425",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T08:15:09.567",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:50:25.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -36,7 +36,7 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,44 +44,109 @@
"value": "CWE-352"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpmudev:defender_security:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.4.6",
"matchCriteriaId": "93BC3DB9-81AF-4F7F-9D65-DA6496F5F7B9"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2473684%40defender-security&new=2473684%40defender-security&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e772fbbe-33d5-46fa-a041-ab07d3f9318f?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

78
CVE-2021/CVE-2021-44xx/CVE-2021-4426.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4426",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T08:15:09.647",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:49:40.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,42 +46,98 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ashstonestudios:absolute_reviews:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.8",
"matchCriteriaId": "03BA8D0D-FCAD-4488-8852-1041A410E848"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2548729%40absolute-reviews&new=2548729%40absolute-reviews&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ec1ee47d-020c-482d-ad6f-663d78e624b8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Patch",
"Product",
"Third Party Advisory"
]
}
]
}

76
CVE-2021/CVE-2021-44xx/CVE-2021-4427.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4427",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T08:15:09.727",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:10:14.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,42 +46,96 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vuukle:vuukle_comments\\,_reactions\\,_share_bar\\,_revenue:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.4.31",
"matchCriteriaId": "5249D6BD-05DB-453F-95E5-F9497412C2F7"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2553337%40free-comments-for-wordpress-vuukle&new=2553337%40free-comments-for-wordpress-vuukle&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff28f33f-85d1-4987-975b-ee3bbcb394f4?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

79
CVE-2022/CVE-2022-485xx/CVE-2022-48521.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2022-48521",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-11T20:15:10.523",
"lastModified": "2023-07-12T12:46:41.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:31:33.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opendkim:opendkim:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.10.3",
"matchCriteriaId": "0B747EF7-FA4F-4C72-8008-B595EBA29911"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opendkim:opendkim:2.11.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "DE965688-99BD-45C0-96E2-22F198CEC7CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opendkim:opendkim:2.11.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "AAE447C2-4ED8-4898-B1DB-8860C6B56738"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opendkim:opendkim:2.11.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6DD73FDF-62BC-41A5-AF57-16C374EF8DC2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/trusteddomainproject/OpenDKIM/issues/148",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
}
]
}

2424
CVE-2023/CVE-2023-205xx/CVE-2023-20575.json
View File

File diff suppressed because it is too large Load Diff

8
CVE-2023/CVE-2023-214xx/CVE-2023-21400.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21400",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:24.340",
"lastModified": "2023-07-19T12:15:09.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:15:10.850",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -20,6 +20,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/2",
"source": "security@android.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/7",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/pixel/2023-07-01",
"source": "security@android.com"

55
CVE-2023/CVE-2023-262xx/CVE-2023-26217.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26217",
"sourceIdentifier": "security@tibco.com",
"published": "2023-07-19T21:15:09.783",
"lastModified": "2023-07-19T21:15:09.783",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@tibco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@tibco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.tibco.com/services/support/advisories",
"source": "security@tibco.com"
}
]
}

94
CVE-2023/CVE-2023-265xx/CVE-2023-26590.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26590",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-10T18:15:10.707",
"lastModified": "2023-07-10T18:15:29.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:30:31.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +54,80 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sox_project:sox:14.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "14A53C19-2DA3-49D1-8114-3DB90ACE3263"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-26590",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212279",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-273xx/CVE-2023-27379.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27379",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-19T14:15:10.000",
"lastModified": "2023-07-19T16:55:08.940",
"lastModified": "2023-07-19T18:15:10.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1756",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1756",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2023/CVE-2023-287xx/CVE-2023-28744.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28744",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-19T14:15:10.117",
"lastModified": "2023-07-19T16:55:08.940",
"lastModified": "2023-07-19T18:15:10.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1739",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1739",
"source": "talos-cna@cisco.com"
}
]
}

85
CVE-2023/CVE-2023-294xx/CVE-2023-29406.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-29406",
"sourceIdentifier": "security@golang.org",
"published": "2023-07-11T20:15:10.643",
"lastModified": "2023-07-12T12:46:41.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:31:04.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-436"
}
]
},
{
"source": "security@golang.org",
"type": "Secondary",
@ -23,22 +56,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.19.11",
"matchCriteriaId": "A12D1C04-755E-4205-8261-3A85D0AE0AB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.20.0",
"versionEndExcluding": "1.20.6",
"matchCriteriaId": "9A77E128-E2EE-4E9A-9C4C-5F812E14EBFA"
}
]
}
]
}
],
"references": [
{
"url": "https://go.dev/cl/506996",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Patch"
]
},
{
"url": "https://go.dev/issue/60374",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1878",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Vendor Advisory"
]
}
]
}

150
CVE-2023/CVE-2023-309xx/CVE-2023-30929.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30929",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.457",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:49:37.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

150
CVE-2023/CVE-2023-309xx/CVE-2023-30930.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30930",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.493",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:51:48.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Third Party Advisory"
]
}
]
}

150
CVE-2023/CVE-2023-309xx/CVE-2023-30931.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30931",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.533",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:55:47.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-312xx/CVE-2023-31213.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31213",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T11:15:09.537",
"lastModified": "2023-06-28T07:11:44.730",
"lastModified": "2023-07-19T18:25:45.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -76,8 +76,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpbakery:page_builder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.13.0",
"matchCriteriaId": "46FBF018-B0A3-4945-9CDB-663849480EF7"
"versionEndExcluding": "6.13.0",
"matchCriteriaId": "8A493EE4-5063-42A7-9CE3-CEE9A80E08D1"
}
]
}

54
CVE-2023/CVE-2023-31xx/CVE-2023-3168.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3168",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T05:15:10.487",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:08:30.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp_reroute_email_project:wp_reroute_email:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.9",
"matchCriteriaId": "1B4DC336-BCF8-41C9-84AB-D5616F690330"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2933637/wp-reroute-email",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a0e962b-b6a0-4179-91d0-5ede508a9895?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

37
CVE-2023/CVE-2023-31xx/CVE-2023-3199.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3199",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T05:15:10.553",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:14:09.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,18 +46,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.9.6",
"matchCriteriaId": "D181286E-99D3-48F5-A6A6-CE69143FBA0A"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/mstore-api/trunk/mstore-api.php#L256",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a604df5d-92b3-4df8-a7ef-00f0ee95cf0f?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-323xx/CVE-2023-32315.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32315",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T23:15:16.643",
"lastModified": "2023-06-03T03:57:06.817",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-19T18:15:11.090",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
@ -66,7 +66,7 @@
]
},
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@ -103,6 +103,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173607/Openfire-Authentication-Bypass-Remote-Code-Execution.html",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/igniterealtime/Openfire/security/advisories/GHSA-gw42-f939-fhvm",
"source": "security-advisories@github.com",

94
CVE-2023/CVE-2023-326xx/CVE-2023-32627.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32627",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-10T18:15:10.767",
"lastModified": "2023-07-10T18:15:29.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:30:20.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +54,80 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sox_project:sox:14.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "14A53C19-2DA3-49D1-8114-3DB90ACE3263"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-32627",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212282",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-326xx/CVE-2023-32657.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32657",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-19T22:15:10.743",
"lastModified": "2023-07-19T22:15:10.743",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nWeintek Weincloud v0.13.6\n\n \n\ncould allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses.\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

6
CVE-2023/CVE-2023-326xx/CVE-2023-32664.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-32664",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-19T14:15:10.207",
"lastModified": "2023-07-19T16:55:08.940",
"lastModified": "2023-07-19T18:15:11.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1795",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1795",
"source": "talos-cna@cisco.com"
}
]
}

63
CVE-2023/CVE-2023-326xx/CVE-2023-32693.json
View File

@ -2,16 +2,36 @@
"id": "CVE-2023-32693",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-11T18:15:14.147",
"lastModified": "2023-07-12T12:46:51.683",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T20:15:10.367",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.6."
"value": "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +66,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "0.26.6",
"matchCriteriaId": "E8E0EFDB-AFE5-4717-9C6C-6F0370EA77F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "0.27.0",
"versionEndExcluding": "0.27.3",
"matchCriteriaId": "4D389308-6526-443B-8169-2732F74EFF50"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/decidim/decidim/releases/tag/v0.26.6",
"url": "https://github.com/decidim/decidim/releases/tag/v0.26.7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/decidim/decidim/releases/tag/v0.27.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-331xx/CVE-2023-33148.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33148",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-07-11T18:15:14.403",
"lastModified": "2023-07-13T20:19:04.567",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-19T18:15:11.273",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -84,6 +84,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173591/Microsoft-Office-365-18.2305.1222.0-Remote-Code-Execution.html",
"source": "secure@microsoft.com"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33148",
"source": "secure@microsoft.com",

4
CVE-2023/CVE-2023-332xx/CVE-2023-33231.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33231",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-07-18T17:15:11.397",
"lastModified": "2023-07-18T17:33:48.187",
"lastModified": "2023-07-19T19:15:11.807",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -48,7 +48,7 @@
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-3_release_notes.htm",
"url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2-100_release_notes.htm",
"source": "psirt@solarwinds.com"
},
{

6
CVE-2023/CVE-2023-338xx/CVE-2023-33866.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33866",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-19T14:15:10.297",
"lastModified": "2023-07-19T16:55:08.940",
"lastModified": "2023-07-19T18:15:11.360",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,10 +50,6 @@
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1757",
"source": "talos-cna@cisco.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1757",
"source": "talos-cna@cisco.com"
}
]
}

54
CVE-2023/CVE-2023-33xx/CVE-2023-3369.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3369",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T05:15:10.693",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:37:17.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpmaniax:about_me_3000:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.6",
"matchCriteriaId": "89179752-980D-4B6C-85B3-0ECE41FE17DE"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/about-me-3000/trunk/aboutme3000.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be6f660f-041a-42f2-ab5b-72aedf75727d?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-340xx/CVE-2023-34089.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-34089",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-11T18:15:16.170",
"lastModified": "2023-07-19T00:48:30.407",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-19T21:15:09.887",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.6.\n"
"value": "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.7.\n"
}
],
"metrics": {

14
CVE-2023/CVE-2023-343xx/CVE-2023-34329.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-34329",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2023-07-18T18:15:12.193",
"lastModified": "2023-07-18T18:24:48.810",
"lastModified": "2023-07-19T21:15:09.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAMI SPx contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.\n\n"
"value": "\nAMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.\n\n"
}
],
"metrics": {
@ -17,8 +17,8 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
@ -26,10 +26,10 @@
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"exploitabilityScore": 1.7,
"impactScore": 6.0
}
]

4
CVE-2023/CVE-2023-343xx/CVE-2023-34330.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-34330",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2023-07-18T18:15:12.287",
"lastModified": "2023-07-18T18:24:48.810",
"lastModified": "2023-07-19T22:15:10.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAMI SPx contains a vulnerability in the BMC where a User may cause a improper control of generation of code by Dynamic Redfish Extension. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.\u00a0"
"value": "\nAMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.\u00a0"
}
],
"metrics": {

55
CVE-2023/CVE-2023-343xx/CVE-2023-34394.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34394",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-19T22:15:10.983",
"lastModified": "2023-07-19T22:15:10.983",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\nIn Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition.\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-02",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-344xx/CVE-2023-34429.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34429",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-19T22:15:11.073",
"lastModified": "2023-07-19T22:15:11.073",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nWeintek Weincloud v0.13.6\n\n \n\ncould allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-237"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

6
CVE-2023/CVE-2023-34xx/CVE-2023-3446.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3446",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-07-19T12:15:10.003",
"lastModified": "2023-07-19T15:15:11.197",
"lastModified": "2023-07-19T18:15:11.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/5",
"source": "openssl-security@openssl.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/6",
"source": "openssl-security@openssl.org"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb",
"source": "openssl-security@openssl.org"

55
CVE-2023/CVE-2023-34xx/CVE-2023-3466.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3466",
"sourceIdentifier": "secure@citrix.com",
"published": "2023-07-19T19:15:12.017",
"lastModified": "2023-07-19T19:15:12.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross-Site Scripting (XSS)\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@citrix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "secure@citrix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
"source": "secure@citrix.com"
}
]
}

55
CVE-2023/CVE-2023-34xx/CVE-2023-3467.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3467",
"sourceIdentifier": "secure@citrix.com",
"published": "2023-07-19T19:15:12.110",
"lastModified": "2023-07-19T19:15:12.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation to root administrator (nsroot)\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@citrix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@citrix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
"source": "secure@citrix.com"
}
]
}

55
CVE-2023/CVE-2023-351xx/CVE-2023-35134.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35134",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-19T22:15:11.170",
"lastModified": "2023-07-19T22:15:11.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nWeintek Weincloud v0.13.6\n\n could allow an attacker to reset a password with the corresponding account\u2019s JWT token only.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-640"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

154
CVE-2023/CVE-2023-35xx/CVE-2023-3519.json Normal file
View File

@ -0,0 +1,154 @@
{
"id": "CVE-2023-3519",
"sourceIdentifier": "secure@citrix.com",
"published": "2023-07-19T18:15:11.513",
"lastModified": "2023-07-19T20:29:47.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote code execution\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "secure@citrix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "secure@citrix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
"versionStartIncluding": "12.1",
"versionEndExcluding": "12.1-55.297",
"matchCriteriaId": "8927B2FA-F87E-4D81-AC29-9032184ECB7E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
"versionStartIncluding": "12.1",
"versionEndExcluding": "12.1-55.297",
"matchCriteriaId": "9845E7B1-5604-497D-8241-048E91987C13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.0-91.13",
"matchCriteriaId": "AD949674-8DC1-4B0D-8C0C-F593539E12F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
"versionStartIncluding": "13.1",
"versionEndExcluding": "13.1-37.159",
"matchCriteriaId": "BD0739E3-F7A4-463C-96B0-9D7BDBF218C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
"versionStartIncluding": "13.1",
"versionEndExcluding": "13.1-49.13",
"matchCriteriaId": "FCEED8AC-F9A9-4F75-BB32-F53967A8E9A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22:*:*:*:fips:*:*:*",
"matchCriteriaId": "102C0D0F-AC37-43B0-8B9A-103B37436130"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.0-91.13",
"matchCriteriaId": "BC825A83-8D84-42C7-868F-0470FF79D497"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1",
"versionEndExcluding": "13.1-49.13",
"matchCriteriaId": "442F6925-199D-4E5B-84C1-05C4D8108B62"
}
]
}
]
}
],
"references": [
{
"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
]
}
]
}

33
CVE-2023/CVE-2023-35xx/CVE-2023-3525.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3525",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-12T05:15:10.770",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:25:12.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,14 +46,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getnet_argentina_para_woocommerce_project:getnet_argentina_para_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionStartIncluding": "0.0.1",
"versionEndExcluding": "0.0.5",
"matchCriteriaId": "EEB865FC-4A52-4661-A9A6-02FA443FF5ED"
}
]
}
]
}
],
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.youtube.com/watch?v=xTyWqh93AM0",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
}
]
}

55
CVE-2023/CVE-2023-368xx/CVE-2023-36853.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36853",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-19T22:15:11.267",
"lastModified": "2023-07-19T22:15:11.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-749"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-02",
"source": "ics-cert@hq.dhs.gov"
}
]
}

111
CVE-2023/CVE-2023-369xx/CVE-2023-36924.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36924",
"sourceIdentifier": "cna@sap.com",
"published": "2023-07-11T03:15:10.417",
"lastModified": "2023-07-11T12:43:16.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:29:41.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -46,14 +66,97 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:erp_defense_forces_and_public_security:600:*:*:*:*:*:*:*",
"matchCriteriaId": "165083A6-F783-4DF8-BACA-F8322127B367"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:erp_defense_forces_and_public_security:603:*:*:*:*:*:*:*",
"matchCriteriaId": "EB212350-1381-411E-A8EF-E42DE7F456AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:erp_defense_forces_and_public_security:604:*:*:*:*:*:*:*",
"matchCriteriaId": "94C10D8C-34AB-435B-A5CD-24BEBCC626ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:erp_defense_forces_and_public_security:605:*:*:*:*:*:*:*",
"matchCriteriaId": "211D94F2-4D3F-4BD5-B072-7B6759159B5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:erp_defense_forces_and_public_security:616:*:*:*:*:*:*:*",
"matchCriteriaId": "A64661D0-94E6-4F55-AB7A-055E10A799DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:erp_defense_forces_and_public_security:617:*:*:*:*:*:*:*",
"matchCriteriaId": "89E96E9D-A9EF-4A55-9DC1-755B97768B29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:erp_defense_forces_and_public_security:618:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9EBD4C-AFCD-4B4F-AB57-FE00C21F2B61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:erp_defense_forces_and_public_security:802:*:*:*:*:*:*:*",
"matchCriteriaId": "67FF541F-7B4D-48A8-8CAF-D4B5923B3631"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:erp_defense_forces_and_public_security:803:*:*:*:*:*:*:*",
"matchCriteriaId": "BC80872A-80F9-496C-AE97-958E8FCE0BCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:erp_defense_forces_and_public_security:804:*:*:*:*:*:*:*",
"matchCriteriaId": "92030B39-9065-4EE3-8475-B86FBB1B622D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:erp_defense_forces_and_public_security:805:*:*:*:*:*:*:*",
"matchCriteriaId": "C31AEB42-A823-4344-8135-ACA063E4C41A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:erp_defense_forces_and_public_security:806:*:*:*:*:*:*:*",
"matchCriteriaId": "F2CD6245-D1FE-41A2-8295-E69F331428CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:erp_defense_forces_and_public_security:807:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9AC6AC-455D-40E7-AD6B-47FCEB5B4D5A"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3351410",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-36xx/CVE-2023-3623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3623",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-11T17:15:13.440",
"lastModified": "2023-07-12T12:46:51.683",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:48:01.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:istrong:mountain_flood_disaster_prevention_monitoring_and_early_warning_system:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-07-04",
"matchCriteriaId": "39082A4C-F0C8-4393-9933-0EABB3DFA9B2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/luoshaokai/cve/blob/main/one.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.233576",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.233576",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-36xx/CVE-2023-3624.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3624",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-11T17:15:13.510",
"lastModified": "2023-07-12T12:46:51.683",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:46:49.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +93,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nesote:inout_blockchain_fiatexchanger:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE5C62A-5599-4028-939B-AF21329B1D44"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.233577",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.233577",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-36xx/CVE-2023-3674.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-3674",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-19T19:15:12.213",
"lastModified": "2023-07-19T19:15:12.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3674",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222903",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db",
"source": "secalert@redhat.com"
}
]
}

14
CVE-2023/CVE-2023-371xx/CVE-2023-37198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37198",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-07-12T07:15:10.597",
"lastModified": "2023-07-19T17:52:50.213",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-07-19T18:03:58.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{

62
CVE-2023/CVE-2023-372xx/CVE-2023-37271.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37271",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-11T18:15:20.787",
"lastModified": "2023-07-12T12:46:41.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:32:26.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zope:restrictedpython:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3",
"matchCriteriaId": "95752DCB-8DB0-475D-BE5B-81BE201392E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zope:restrictedpython:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D0447A69-DDE0-4431-8646-1F5DD226402A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zope:restrictedpython:6.0:a1.dev0:*:*:*:*:*:*",
"matchCriteriaId": "49181331-68F7-430F-B731-BB1173EEEC1E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-372xx/CVE-2023-37276.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-37276",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-19T20:15:10.603",
"lastModified": "2023-07-19T20:15:10.603",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`). Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling. This issue has been addressed in version 3.8.5. Users are advised to upgrade. Users unable to upgrade can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/2001873",
"source": "security-advisories@github.com"
}
]
}

57
CVE-2023/CVE-2023-372xx/CVE-2023-37280.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37280",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-11T19:15:09.687",
"lastModified": "2023-07-12T12:46:41.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-19T18:31:42.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +66,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"versionEndExcluding": "1.0.3",
"matchCriteriaId": "73604DE7-60DC-4BCC-87F1-734915ADBC62"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/5fcd19bdc89a3fe4cb8ad8c356590e1e4740c743",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/147",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-hqv9-6jqw-9g8m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-373xx/CVE-2023-37362.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37362",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-19T22:15:11.380",
"lastModified": "2023-07-19T22:15:11.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nWeintek Weincloud v0.13.6\n\n \n\ncould allow an attacker to abuse the registration functionality to login with testing credentials to the official website.\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

28
CVE-2023/CVE-2023-377xx/CVE-2023-37733.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-37733",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-19T19:15:11.947",
"lastModified": "2023-07-19T19:15:11.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file."
}
],
"metrics": {},
"references": [
{
"url": "http://v40.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/TDuckCloud/tduck-platform",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/TDuckCloud/tduck-platform/issues/17",
"source": "cve@mitre.org"
}
]
}

71
CVE-2023/CVE-2023-378xx/CVE-2023-37899.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-37899",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-19T20:15:10.807",
"lastModified": "2023-07-19T20:15:10.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/feathersjs/feathers/pull/3241",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/feathersjs/feathers/pull/3242",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-37xx/CVE-2023-3722.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3722",
"sourceIdentifier": "securityalerts@avaya.com",
"published": "2023-07-19T20:15:11.020",
"lastModified": "2023-07-19T20:15:11.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "securityalerts@avaya.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "securityalerts@avaya.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://download.avaya.com/css/public/documents/101076366",
"source": "securityalerts@avaya.com"
}
]
}

59
CVE-2023/CVE-2023-37xx/CVE-2023-3782.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3782",
"sourceIdentifier": "reefs@jfrog.com",
"published": "2023-07-19T21:15:10.093",
"lastModified": "2023-07-19T21:15:10.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "reefs@jfrog.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "reefs@jfrog.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/square/okhttp/issues/7738",
"source": "reefs@jfrog.com"
},
{
"url": "https://research.jfrog.com/vulnerabilities/okhttp-client-brotli-dos/",
"source": "reefs@jfrog.com"
}
]
}

82
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-19T18:00:58.031131+00:00
2023-07-19T23:55:37.409361+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-19T17:56:49.593000+00:00
2023-07-19T22:15:11.380000+00:00
```
### Last Data Feed Release
@ -29,50 +29,60 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
220689
220705
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `16`
* [CVE-2023-25838](CVE-2023/CVE-2023-258xx/CVE-2023-25838.json) (`2023-07-19T16:15:09.540`)
* [CVE-2023-25839](CVE-2023/CVE-2023-258xx/CVE-2023-25839.json) (`2023-07-19T16:15:09.640`)
* [CVE-2023-32261](CVE-2023/CVE-2023-322xx/CVE-2023-32261.json) (`2023-07-19T16:15:09.737`)
* [CVE-2023-32262](CVE-2023/CVE-2023-322xx/CVE-2023-32262.json) (`2023-07-19T16:15:09.817`)
* [CVE-2023-32263](CVE-2023/CVE-2023-322xx/CVE-2023-32263.json) (`2023-07-19T16:15:09.893`)
* [CVE-2023-37748](CVE-2023/CVE-2023-377xx/CVE-2023-37748.json) (`2023-07-19T17:15:22.323`)
* [CVE-2023-37733](CVE-2023/CVE-2023-377xx/CVE-2023-37733.json) (`2023-07-19T19:15:11.947`)
* [CVE-2023-3466](CVE-2023/CVE-2023-34xx/CVE-2023-3466.json) (`2023-07-19T19:15:12.017`)
* [CVE-2023-3467](CVE-2023/CVE-2023-34xx/CVE-2023-3467.json) (`2023-07-19T19:15:12.110`)
* [CVE-2023-3674](CVE-2023/CVE-2023-36xx/CVE-2023-3674.json) (`2023-07-19T19:15:12.213`)
* [CVE-2023-37276](CVE-2023/CVE-2023-372xx/CVE-2023-37276.json) (`2023-07-19T20:15:10.603`)
* [CVE-2023-37899](CVE-2023/CVE-2023-378xx/CVE-2023-37899.json) (`2023-07-19T20:15:10.807`)
* [CVE-2023-3722](CVE-2023/CVE-2023-37xx/CVE-2023-3722.json) (`2023-07-19T20:15:11.020`)
* [CVE-2023-3519](CVE-2023/CVE-2023-35xx/CVE-2023-3519.json) (`2023-07-19T18:15:11.513`)
* [CVE-2023-26217](CVE-2023/CVE-2023-262xx/CVE-2023-26217.json) (`2023-07-19T21:15:09.783`)
* [CVE-2023-3782](CVE-2023/CVE-2023-37xx/CVE-2023-3782.json) (`2023-07-19T21:15:10.093`)
* [CVE-2023-32657](CVE-2023/CVE-2023-326xx/CVE-2023-32657.json) (`2023-07-19T22:15:10.743`)
* [CVE-2023-34394](CVE-2023/CVE-2023-343xx/CVE-2023-34394.json) (`2023-07-19T22:15:10.983`)
* [CVE-2023-34429](CVE-2023/CVE-2023-344xx/CVE-2023-34429.json) (`2023-07-19T22:15:11.073`)
* [CVE-2023-35134](CVE-2023/CVE-2023-351xx/CVE-2023-35134.json) (`2023-07-19T22:15:11.170`)
* [CVE-2023-36853](CVE-2023/CVE-2023-368xx/CVE-2023-36853.json) (`2023-07-19T22:15:11.267`)
* [CVE-2023-37362](CVE-2023/CVE-2023-373xx/CVE-2023-37362.json) (`2023-07-19T22:15:11.380`)
### CVEs modified in the last Commit
Recently modified CVEs: `63`
Recently modified CVEs: `40`
* [CVE-2023-30922](CVE-2023/CVE-2023-309xx/CVE-2023-30922.json) (`2023-07-19T17:10:01.970`)
* [CVE-2023-30924](CVE-2023/CVE-2023-309xx/CVE-2023-30924.json) (`2023-07-19T17:10:04.407`)
* [CVE-2023-30925](CVE-2023/CVE-2023-309xx/CVE-2023-30925.json) (`2023-07-19T17:10:07.203`)
* [CVE-2023-30927](CVE-2023/CVE-2023-309xx/CVE-2023-30927.json) (`2023-07-19T17:10:12.373`)
* [CVE-2023-30926](CVE-2023/CVE-2023-309xx/CVE-2023-30926.json) (`2023-07-19T17:12:46.443`)
* [CVE-2023-35874](CVE-2023/CVE-2023-358xx/CVE-2023-35874.json) (`2023-07-19T17:13:20.070`)
* [CVE-2023-3023](CVE-2023/CVE-2023-30xx/CVE-2023-3023.json) (`2023-07-19T17:13:40.433`)
* [CVE-2023-22506](CVE-2023/CVE-2023-225xx/CVE-2023-22506.json) (`2023-07-19T17:15:22.070`)
* [CVE-2023-33253](CVE-2023/CVE-2023-332xx/CVE-2023-33253.json) (`2023-07-19T17:15:22.167`)
* [CVE-2023-33876](CVE-2023/CVE-2023-338xx/CVE-2023-33876.json) (`2023-07-19T17:15:22.243`)
* [CVE-2023-3131](CVE-2023/CVE-2023-31xx/CVE-2023-3131.json) (`2023-07-19T17:15:43.263`)
* [CVE-2023-3209](CVE-2023/CVE-2023-32xx/CVE-2023-3209.json) (`2023-07-19T17:16:05.520`)
* [CVE-2023-3271](CVE-2023/CVE-2023-32xx/CVE-2023-3271.json) (`2023-07-19T17:16:17.150`)
* [CVE-2023-3202](CVE-2023/CVE-2023-32xx/CVE-2023-3202.json) (`2023-07-19T17:21:53.547`)
* [CVE-2023-33170](CVE-2023/CVE-2023-331xx/CVE-2023-33170.json) (`2023-07-19T17:25:39.773`)
* [CVE-2023-33173](CVE-2023/CVE-2023-331xx/CVE-2023-33173.json) (`2023-07-19T17:27:22.683`)
* [CVE-2023-33174](CVE-2023/CVE-2023-331xx/CVE-2023-33174.json) (`2023-07-19T17:28:11.077`)
* [CVE-2023-3166](CVE-2023/CVE-2023-31xx/CVE-2023-3166.json) (`2023-07-19T17:39:27.673`)
* [CVE-2023-25194](CVE-2023/CVE-2023-251xx/CVE-2023-25194.json) (`2023-07-19T17:42:24.030`)
* [CVE-2023-3158](CVE-2023/CVE-2023-31xx/CVE-2023-3158.json) (`2023-07-19T17:43:47.977`)
* [CVE-2023-3167](CVE-2023/CVE-2023-31xx/CVE-2023-3167.json) (`2023-07-19T17:46:13.803`)
* [CVE-2023-37198](CVE-2023/CVE-2023-371xx/CVE-2023-37198.json) (`2023-07-19T17:52:50.213`)
* [CVE-2023-29298](CVE-2023/CVE-2023-292xx/CVE-2023-29298.json) (`2023-07-19T17:55:22.400`)
* [CVE-2023-37197](CVE-2023/CVE-2023-371xx/CVE-2023-37197.json) (`2023-07-19T17:55:59.233`)
* [CVE-2023-37196](CVE-2023/CVE-2023-371xx/CVE-2023-37196.json) (`2023-07-19T17:56:49.593`)
* [CVE-2023-32315](CVE-2023/CVE-2023-323xx/CVE-2023-32315.json) (`2023-07-19T18:15:11.090`)
* [CVE-2023-32664](CVE-2023/CVE-2023-326xx/CVE-2023-32664.json) (`2023-07-19T18:15:11.197`)
* [CVE-2023-33148](CVE-2023/CVE-2023-331xx/CVE-2023-33148.json) (`2023-07-19T18:15:11.273`)
* [CVE-2023-33866](CVE-2023/CVE-2023-338xx/CVE-2023-33866.json) (`2023-07-19T18:15:11.360`)
* [CVE-2023-3446](CVE-2023/CVE-2023-34xx/CVE-2023-3446.json) (`2023-07-19T18:15:11.453`)
* [CVE-2023-3525](CVE-2023/CVE-2023-35xx/CVE-2023-3525.json) (`2023-07-19T18:25:12.327`)
* [CVE-2023-31213](CVE-2023/CVE-2023-312xx/CVE-2023-31213.json) (`2023-07-19T18:25:45.263`)
* [CVE-2023-36924](CVE-2023/CVE-2023-369xx/CVE-2023-36924.json) (`2023-07-19T18:29:41.167`)
* [CVE-2023-32627](CVE-2023/CVE-2023-326xx/CVE-2023-32627.json) (`2023-07-19T18:30:20.557`)
* [CVE-2023-26590](CVE-2023/CVE-2023-265xx/CVE-2023-26590.json) (`2023-07-19T18:30:31.940`)
* [CVE-2023-29406](CVE-2023/CVE-2023-294xx/CVE-2023-29406.json) (`2023-07-19T18:31:04.573`)
* [CVE-2023-37280](CVE-2023/CVE-2023-372xx/CVE-2023-37280.json) (`2023-07-19T18:31:42.580`)
* [CVE-2023-20575](CVE-2023/CVE-2023-205xx/CVE-2023-20575.json) (`2023-07-19T18:32:04.807`)
* [CVE-2023-37271](CVE-2023/CVE-2023-372xx/CVE-2023-37271.json) (`2023-07-19T18:32:26.387`)
* [CVE-2023-3369](CVE-2023/CVE-2023-33xx/CVE-2023-3369.json) (`2023-07-19T18:37:17.500`)
* [CVE-2023-3624](CVE-2023/CVE-2023-36xx/CVE-2023-3624.json) (`2023-07-19T18:46:49.327`)
* [CVE-2023-3623](CVE-2023/CVE-2023-36xx/CVE-2023-3623.json) (`2023-07-19T18:48:01.020`)
* [CVE-2023-30929](CVE-2023/CVE-2023-309xx/CVE-2023-30929.json) (`2023-07-19T18:49:37.593`)
* [CVE-2023-30930](CVE-2023/CVE-2023-309xx/CVE-2023-30930.json) (`2023-07-19T18:51:48.567`)
* [CVE-2023-30931](CVE-2023/CVE-2023-309xx/CVE-2023-30931.json) (`2023-07-19T18:55:47.867`)
* [CVE-2023-33231](CVE-2023/CVE-2023-332xx/CVE-2023-33231.json) (`2023-07-19T19:15:11.807`)
* [CVE-2023-32693](CVE-2023/CVE-2023-326xx/CVE-2023-32693.json) (`2023-07-19T20:15:10.367`)
* [CVE-2023-34089](CVE-2023/CVE-2023-340xx/CVE-2023-34089.json) (`2023-07-19T21:15:09.887`)
* [CVE-2023-34329](CVE-2023/CVE-2023-343xx/CVE-2023-34329.json) (`2023-07-19T21:15:09.983`)
* [CVE-2023-34330](CVE-2023/CVE-2023-343xx/CVE-2023-34330.json) (`2023-07-19T22:15:10.897`)
## Download and Usage