admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-03T23:55:25.103177+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-03 23:55:28 +00:00
parent c09d2fef1a
commit aa8c847f18
20 changed files with 765 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2023/CVE-2023-201xx/CVE-2023-20181.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20181",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:10.737",
"lastModified": "2023-08-03T22:15:10.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20204.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20204",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:11.313",
"lastModified": "2023-08-03T22:15:11.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-commpilot-xss-jC46sezF",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20214.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20214",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:11.420",
"lastModified": "2023-08-03T22:15:11.420",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.\r\n\r This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20215.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20215",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:11.513",
"lastModified": "2023-08-03T22:15:11.513",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked.\r\n\r This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content format. An attacker could exploit this vulnerability by using an affected device to connect to a malicious server and receiving crafted HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-bypass-vXvqwzsj",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20216.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20216",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:11.647",
"lastModified": "2023-08-03T22:15:11.647",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. \r\n\r This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions.\r\n\r There are workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-priv-esc-qTgUZOsQ",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20218.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20218",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:11.770",
"lastModified": "2023-08-03T22:15:11.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser.\r\n\r This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.\r\n\r Cisco will not release software updates that address this vulnerability. \r\n\r {{value}} [\"%7b%7bvalue%7d%7d\"])}]]"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-309xx/CVE-2023-30950.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-30950",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-08-03T22:15:11.887",
"lastModified": "2023-08-03T22:15:11.887",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=d839709d-c50f-4a37-8faa-b0c35054418a",
"source": "cve-coordination@palantir.com"
}
]
}

43
CVE-2023/CVE-2023-309xx/CVE-2023-30951.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-30951",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-08-03T22:15:11.993",
"lastModified": "2023-08-03T22:15:11.993",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=fe021f28-9e25-42c4-acd8-772cd8006ced",
"source": "cve-coordination@palantir.com"
}
]
}

43
CVE-2023/CVE-2023-309xx/CVE-2023-30952.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-30952",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-08-03T22:15:12.083",
"lastModified": "2023-08-03T22:15:12.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=42bdb7fa-9a6d-4462-b89d-cabc62f281f4",
"source": "cve-coordination@palantir.com"
}
]
}

43
CVE-2023/CVE-2023-309xx/CVE-2023-30958.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-30958",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-08-03T22:15:12.170",
"lastModified": "2023-08-03T22:15:12.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed.\n\nThis defect was resolved with the release of Foundry Frontend 6.225.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b",
"source": "cve-coordination@palantir.com"
}
]
}

43
CVE-2023/CVE-2023-374xx/CVE-2023-37497.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-37497",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-03T22:15:12.257",
"lastModified": "2023-08-03T22:15:12.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2023/CVE-2023-374xx/CVE-2023-37498.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-37498",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-03T22:15:12.343",
"lastModified": "2023-08-03T22:15:12.343",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. \u00a0It is possible that an attacker could potentially escalate their privileges.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106545",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2023/CVE-2023-374xx/CVE-2023-37499.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-37499",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-03T22:15:12.427",
"lastModified": "2023-08-03T22:15:12.427",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. \u00a0An attacker could hijack a user's session and perform other attacks.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106555",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2023/CVE-2023-375xx/CVE-2023-37500.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-37500",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-03T22:15:12.517",
"lastModified": "2023-08-03T22:15:12.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. \u00a0An attacker could hijack a user's session and perform other attacks.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106554",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2023/CVE-2023-375xx/CVE-2023-37501.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-37501",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-03T23:15:10.020",
"lastModified": "2023-08-03T23:15:10.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. \u00a0An attacker could hijack a user's session and perform other attacks.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106556",
"source": "psirt@hcl.com"
}
]
}

24
CVE-2023/CVE-2023-389xx/CVE-2023-38949.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38949",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T23:15:10.973",
"lastModified": "2023-08-03T23:15:10.973",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request."
}
],
"metrics": {},
"references": [
{
"url": "http://zkteco.com",
"source": "cve@mitre.org"
},
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38949",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-389xx/CVE-2023-38950.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38950",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T23:15:11.117",
"lastModified": "2023-08-03T23:15:11.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload."
}
],
"metrics": {},
"references": [
{
"url": "http://zkteco.com",
"source": "cve@mitre.org"
},
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38950",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-389xx/CVE-2023-38951.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38951",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T23:15:11.363",
"lastModified": "2023-08-03T23:15:11.363",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration."
}
],
"metrics": {},
"references": [
{
"url": "http://zkteco.com",
"source": "cve@mitre.org"
},
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38951",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-389xx/CVE-2023-38952.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38952",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T23:15:11.473",
"lastModified": "2023-08-03T23:15:11.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system."
}
],
"metrics": {},
"references": [
{
"url": "http://zkteco.com",
"source": "cve@mitre.org"
},
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38952",
"source": "cve@mitre.org"
}
]
}

57
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-03T22:00:29.636831+00:00
2023-08-03T23:55:25.103177+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-03T21:24:30.280000+00:00
2023-08-03T23:15:11.473000+00:00
```
### Last Data Feed Release
@ -29,47 +29,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
221600
221619
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `19`
* [CVE-2023-33666](CVE-2023/CVE-2023-336xx/CVE-2023-33666.json) (`2023-08-03T20:15:11.337`)
* [CVE-2023-39121](CVE-2023/CVE-2023-391xx/CVE-2023-39121.json) (`2023-08-03T20:15:11.623`)
* [CVE-2023-3749](CVE-2023/CVE-2023-37xx/CVE-2023-3749.json) (`2023-08-03T20:15:11.883`)
* [CVE-2023-20181](CVE-2023/CVE-2023-201xx/CVE-2023-20181.json) (`2023-08-03T22:15:10.737`)
* [CVE-2023-20204](CVE-2023/CVE-2023-202xx/CVE-2023-20204.json) (`2023-08-03T22:15:11.313`)
* [CVE-2023-20214](CVE-2023/CVE-2023-202xx/CVE-2023-20214.json) (`2023-08-03T22:15:11.420`)
* [CVE-2023-20215](CVE-2023/CVE-2023-202xx/CVE-2023-20215.json) (`2023-08-03T22:15:11.513`)
* [CVE-2023-20216](CVE-2023/CVE-2023-202xx/CVE-2023-20216.json) (`2023-08-03T22:15:11.647`)
* [CVE-2023-20218](CVE-2023/CVE-2023-202xx/CVE-2023-20218.json) (`2023-08-03T22:15:11.770`)
* [CVE-2023-30950](CVE-2023/CVE-2023-309xx/CVE-2023-30950.json) (`2023-08-03T22:15:11.887`)
* [CVE-2023-30951](CVE-2023/CVE-2023-309xx/CVE-2023-30951.json) (`2023-08-03T22:15:11.993`)
* [CVE-2023-30952](CVE-2023/CVE-2023-309xx/CVE-2023-30952.json) (`2023-08-03T22:15:12.083`)
* [CVE-2023-30958](CVE-2023/CVE-2023-309xx/CVE-2023-30958.json) (`2023-08-03T22:15:12.170`)
* [CVE-2023-37497](CVE-2023/CVE-2023-374xx/CVE-2023-37497.json) (`2023-08-03T22:15:12.257`)
* [CVE-2023-37498](CVE-2023/CVE-2023-374xx/CVE-2023-37498.json) (`2023-08-03T22:15:12.343`)
* [CVE-2023-37499](CVE-2023/CVE-2023-374xx/CVE-2023-37499.json) (`2023-08-03T22:15:12.427`)
* [CVE-2023-37500](CVE-2023/CVE-2023-375xx/CVE-2023-37500.json) (`2023-08-03T22:15:12.517`)
* [CVE-2023-37501](CVE-2023/CVE-2023-375xx/CVE-2023-37501.json) (`2023-08-03T23:15:10.020`)
* [CVE-2023-38949](CVE-2023/CVE-2023-389xx/CVE-2023-38949.json) (`2023-08-03T23:15:10.973`)
* [CVE-2023-38950](CVE-2023/CVE-2023-389xx/CVE-2023-38950.json) (`2023-08-03T23:15:11.117`)
* [CVE-2023-38951](CVE-2023/CVE-2023-389xx/CVE-2023-38951.json) (`2023-08-03T23:15:11.363`)
* [CVE-2023-38952](CVE-2023/CVE-2023-389xx/CVE-2023-38952.json) (`2023-08-03T23:15:11.473`)
### CVEs modified in the last Commit
Recently modified CVEs: `41`
Recently modified CVEs: `0`
* [CVE-2022-47506](CVE-2022/CVE-2022-475xx/CVE-2022-47506.json) (`2023-08-03T21:15:12.730`)
* [CVE-2022-47507](CVE-2022/CVE-2022-475xx/CVE-2022-47507.json) (`2023-08-03T21:15:12.867`)
* [CVE-2022-47509](CVE-2022/CVE-2022-475xx/CVE-2022-47509.json) (`2023-08-03T21:15:12.990`)
* [CVE-2022-47512](CVE-2022/CVE-2022-475xx/CVE-2022-47512.json) (`2023-08-03T21:15:13.127`)
* [CVE-2023-3508](CVE-2023/CVE-2023-35xx/CVE-2023-3508.json) (`2023-08-03T20:03:41.923`)
* [CVE-2023-3507](CVE-2023/CVE-2023-35xx/CVE-2023-3507.json) (`2023-08-03T20:06:15.517`)
* [CVE-2023-3345](CVE-2023/CVE-2023-33xx/CVE-2023-3345.json) (`2023-08-03T20:30:11.853`)
* [CVE-2023-0602](CVE-2023/CVE-2023-06xx/CVE-2023-0602.json) (`2023-08-03T20:35:13.990`)
* [CVE-2023-4006](CVE-2023/CVE-2023-40xx/CVE-2023-4006.json) (`2023-08-03T20:39:51.860`)
* [CVE-2023-4005](CVE-2023/CVE-2023-40xx/CVE-2023-4005.json) (`2023-08-03T20:40:43.133`)
* [CVE-2023-32225](CVE-2023/CVE-2023-322xx/CVE-2023-32225.json) (`2023-08-03T20:46:02.310`)
* [CVE-2023-32226](CVE-2023/CVE-2023-322xx/CVE-2023-32226.json) (`2023-08-03T20:49:39.170`)
* [CVE-2023-32227](CVE-2023/CVE-2023-322xx/CVE-2023-32227.json) (`2023-08-03T20:54:18.493`)
* [CVE-2023-3134](CVE-2023/CVE-2023-31xx/CVE-2023-3134.json) (`2023-08-03T21:00:41.997`)
* [CVE-2023-23836](CVE-2023/CVE-2023-238xx/CVE-2023-23836.json) (`2023-08-03T21:15:13.297`)
* [CVE-2023-23837](CVE-2023/CVE-2023-238xx/CVE-2023-23837.json) (`2023-08-03T21:15:13.427`)
* [CVE-2023-23838](CVE-2023/CVE-2023-238xx/CVE-2023-23838.json) (`2023-08-03T21:15:13.577`)
* [CVE-2023-23839](CVE-2023/CVE-2023-238xx/CVE-2023-23839.json) (`2023-08-03T21:15:13.687`)
* [CVE-2023-23841](CVE-2023/CVE-2023-238xx/CVE-2023-23841.json) (`2023-08-03T21:15:13.827`)
* [CVE-2023-23843](CVE-2023/CVE-2023-238xx/CVE-2023-23843.json) (`2023-08-03T21:15:13.960`)
* [CVE-2023-23844](CVE-2023/CVE-2023-238xx/CVE-2023-23844.json) (`2023-08-03T21:15:14.107`)
* [CVE-2023-33224](CVE-2023/CVE-2023-332xx/CVE-2023-33224.json) (`2023-08-03T21:15:14.230`)
* [CVE-2023-33231](CVE-2023/CVE-2023-332xx/CVE-2023-33231.json) (`2023-08-03T21:15:14.363`)
* [CVE-2023-37213](CVE-2023/CVE-2023-372xx/CVE-2023-37213.json) (`2023-08-03T21:21:59.040`)
* [CVE-2023-3130](CVE-2023/CVE-2023-31xx/CVE-2023-3130.json) (`2023-08-03T21:24:30.280`)
## Download and Usage