admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-24T02:00:26.207473+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-24 02:00:30 +00:00
parent 8db4ddcf9a
commit ada4b8ad8f
8 changed files with 469 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2022/CVE-2022-473xx/CVE-2022-47376.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2022-47376",
"sourceIdentifier": "cybersecurity@bd.com",
"published": "2023-06-13T20:15:08.967",
"lastModified": "2023-06-13T21:27:45.680",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-24T01:14:41.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "cybersecurity@bd.com",
"type": "Secondary",
@ -23,10 +56,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bd:alaris_infusion_central:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1",
"versionEndIncluding": "1.3.2",
"matchCriteriaId": "029AEEA5-5D83-4E15-8D6E-33FC6728F8F3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/alaris-infusion-central-recoverable-password-vulnerability",
"source": "cybersecurity@bd.com"
"source": "cybersecurity@bd.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-17xx/CVE-2023-1721.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-1721",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-06-24T00:15:09.140",
"lastModified": "2023-06-24T00:15:09.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/blessd/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-17xx/CVE-2023-1724.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-1724",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-06-24T01:15:08.543",
"lastModified": "2023-06-24T01:15:08.543",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/towers/",
"source": "help@fluidattacks.com"
},
{
"url": "https://github.com/ladybirdweb/faveo-helpdesk/",
"source": "help@fluidattacks.com"
}
]
}

70
CVE-2023/CVE-2023-316xx/CVE-2023-31672.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-31672",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-15T20:15:09.387",
"lastModified": "2023-06-15T20:46:39.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-24T01:18:15.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the PrestaShop < 2.4.3 module \"Length, weight or volume sell\" (ailinear) there is a SQL injection vulnerability."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad de inyecci\u00f3n SQL en las versiones de PrestaShop anteriores a v2.4.3 en el m\u00f3dulo \"Length, weight or volume sell\". "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.3",
"matchCriteriaId": "EB557345-23C0-4A2C-892B-71E57E2845B8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://friends-of-presta.github.io/security-advisories/modules/2023/06/15/ailinear.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-320xx/CVE-2023-32027.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32027",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-16T01:15:28.067",
"lastModified": "2023-06-16T03:19:08.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-24T01:32:49.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota de Microsoft ODBC Driver para SQL Server"
}
],
"metrics": {
@ -34,10 +38,90 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "17.0.1.1",
"versionEndExcluding": "17.10.4.1",
"matchCriteriaId": "5CC2AE26-7BA1-4E45-97D3-6F9EE992FA98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*",
"versionStartIncluding": "17.0.1.1",
"versionEndExcluding": "17.10.4.1",
"matchCriteriaId": "49DA289E-FD25-4CB0-9165-9E836EC93DD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "17.0.1.1",
"versionEndExcluding": "17.10.4.1",
"matchCriteriaId": "E6185183-17DD-4A16-9E08-E1277F58829A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "18.0.1.1",
"versionEndExcluding": "18.2.1.1",
"matchCriteriaId": "493BBE3B-5302-4BA1-9F69-734AA10305D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*",
"versionStartIncluding": "18.0.1.1",
"versionEndExcluding": "18.2.1.1",
"matchCriteriaId": "848BABEE-8496-4225-9E47-3CDB40CB8A86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "18.0.1.1",
"versionEndExcluding": "18.2.1.1",
"matchCriteriaId": "E45B3703-BF64-408E-A931-1D3C1DFFFA71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*",
"matchCriteriaId": "9144F644-A3D4-440C-8978-257E71204617"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CB7AD22-F27B-4807-88F1-02ED420421D5"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-320xx/CVE-2023-32028.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32028",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-16T01:15:28.120",
"lastModified": "2023-06-16T03:19:08.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-24T01:38:28.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft OLE DB Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota de Microsoft OLE DB\n"
}
],
"metrics": {
@ -34,10 +38,62 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "18.0.2",
"versionEndExcluding": "18.6.0006.0",
"matchCriteriaId": "14AC92FA-A1F6-4DD6-9623-A2F33F59A4F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.0.0",
"versionEndExcluding": "19.3.0001.0",
"matchCriteriaId": "6ABD3821-C5EB-4253-9D5E-6A1E29709AE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*",
"matchCriteriaId": "9144F644-A3D4-440C-8978-257E71204617"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CB7AD22-F27B-4807-88F1-02ED420421D5"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-348xx/CVE-2023-34852.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-34852",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-15T20:15:09.543",
"lastModified": "2023-06-15T20:46:39.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-24T01:26:15.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions."
},
{
"lang": "es",
"value": "Las versiones anteriores a v4.0.202302 inclusive, de PublicCMS, son vulnerables a permisos inseguros. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.202302",
"matchCriteriaId": "87210BBE-682E-469A-936F-4F9D0901BE61"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-kill/CVE-2023-34852/blob/main/CVE-2023-34852.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/sanluan/PublicCMS",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

19
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-23T23:55:25.396838+00:00
2023-06-24T02:00:26.207473+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-23T22:15:08.987000+00:00
2023-06-24T01:38:28.907000+00:00
```
### Last Data Feed Release
@ -23,27 +23,32 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-06-23T00:00:13.586249+00:00
2023-06-24T00:00:13.546976+00:00
```
### Total Number of included CVEs
```plain
218504
218506
```
### CVEs added in the last Commit
Recently added CVEs: `2`
* [CVE-2023-1783](CVE-2023/CVE-2023-17xx/CVE-2023-1783.json) (`2023-06-23T22:15:08.897`)
* [CVE-2023-35932](CVE-2023/CVE-2023-359xx/CVE-2023-35932.json) (`2023-06-23T22:15:08.987`)
* [CVE-2023-1721](CVE-2023/CVE-2023-17xx/CVE-2023-1721.json) (`2023-06-24T00:15:09.140`)
* [CVE-2023-1724](CVE-2023/CVE-2023-17xx/CVE-2023-1724.json) (`2023-06-24T01:15:08.543`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `5`
* [CVE-2022-47376](CVE-2022/CVE-2022-473xx/CVE-2022-47376.json) (`2023-06-24T01:14:41.157`)
* [CVE-2023-31672](CVE-2023/CVE-2023-316xx/CVE-2023-31672.json) (`2023-06-24T01:18:15.200`)
* [CVE-2023-34852](CVE-2023/CVE-2023-348xx/CVE-2023-34852.json) (`2023-06-24T01:26:15.970`)
* [CVE-2023-32027](CVE-2023/CVE-2023-320xx/CVE-2023-32027.json) (`2023-06-24T01:32:49.960`)
* [CVE-2023-32028](CVE-2023/CVE-2023-320xx/CVE-2023-32028.json) (`2023-06-24T01:38:28.907`)
## Download and Usage