admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-09T20:00:27.134268+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-09 20:00:30 +00:00
parent d4cc9923e0
commit adbbb3a78a
91 changed files with 5052 additions and 241 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2022/CVE-2022-485xx/CVE-2022-48580.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48580",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T18:15:10.540",
"lastModified": "2023-08-09T18:53:15.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for\u00a0the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48580/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48581.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48581",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T18:15:10.960",
"lastModified": "2023-08-09T18:53:15.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the \u201cdash export\u201d feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48581/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48582.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48582",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T18:15:11.073",
"lastModified": "2023-08-09T18:53:15.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48582/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48583.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48583",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T18:15:11.187",
"lastModified": "2023-08-09T18:53:15.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48583/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48584.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48584",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T18:15:11.287",
"lastModified": "2023-08-09T18:53:15.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48584/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48585.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48585",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T18:15:11.483",
"lastModified": "2023-08-09T18:53:15.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201cadmin brand portal\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48585/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48586.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48586",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T18:15:11.840",
"lastModified": "2023-08-09T18:53:15.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201cjson walker\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48586/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48587.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48587",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T18:15:12.187",
"lastModified": "2023-08-09T18:53:15.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201cschedule editor\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48587/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48588.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48588",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T18:15:12.327",
"lastModified": "2023-08-09T18:53:15.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201cschedule editor decoupled\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48588/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48589.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48589",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T18:15:12.430",
"lastModified": "2023-08-09T18:53:15.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201creporting job editor\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48589/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48590.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48590",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T18:15:12.533",
"lastModified": "2023-08-09T18:53:15.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48590/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48591.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48591",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:12.913",
"lastModified": "2023-08-09T19:15:12.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48591/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48592.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48592",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:13.137",
"lastModified": "2023-08-09T19:15:13.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48592/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48593.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48593",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:13.253",
"lastModified": "2023-08-09T19:15:13.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48593/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48594.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48594",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:13.367",
"lastModified": "2023-08-09T19:15:13.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48594/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48595.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48595",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:13.467",
"lastModified": "2023-08-09T19:15:13.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48595/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48596.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48596",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:13.567",
"lastModified": "2023-08-09T19:15:13.567",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48596/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48597.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48597",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:13.667",
"lastModified": "2023-08-09T19:15:13.667",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48597/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48598.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48598",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:13.770",
"lastModified": "2023-08-09T19:15:13.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48598/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-485xx/CVE-2022-48599.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48599",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:13.877",
"lastModified": "2023-08-09T19:15:13.877",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48599/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-486xx/CVE-2022-48600.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48600",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:13.973",
"lastModified": "2023-08-09T19:15:13.973",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48600/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-486xx/CVE-2022-48601.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48601",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:14.080",
"lastModified": "2023-08-09T19:15:14.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48601/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-486xx/CVE-2022-48602.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48602",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:14.190",
"lastModified": "2023-08-09T19:15:14.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48602/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-486xx/CVE-2022-48603.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48603",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:14.297",
"lastModified": "2023-08-09T19:15:14.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48603/",
"source": "contact@securifera.com"
}
]
}

55
CVE-2022/CVE-2022-486xx/CVE-2022-48604.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48604",
"sourceIdentifier": "contact@securifera.com",
"published": "2023-08-09T19:15:14.393",
"lastModified": "2023-08-09T19:15:14.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@securifera.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48604/",
"source": "contact@securifera.com"
}
]
}

115
CVE-2023/CVE-2023-208xx/CVE-2023-20802.json
View File

@ -2,19 +2,126 @@
"id": "CVE-2023-20802",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-08-07T04:15:13.797",
"lastModified": "2023-08-07T12:57:21.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:07:36.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-233xx/CVE-2023-23346.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23346",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-09T19:15:14.500",
"lastModified": "2023-08-09T19:15:14.500",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.1,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106670",
"source": "psirt@hcl.com"
}
]
}

8
CVE-2023/CVE-2023-296xx/CVE-2023-29689.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29689",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T15:15:10.137",
"lastModified": "2023-08-09T17:37:23.420",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-09T18:15:12.643",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -64,6 +64,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174088/Pyro-CMS-3.9-Server-Side-Template-Injection.html",
"source": "cve@mitre.org"
},
{
"url": "https://cupc4k3.lol/ssti-leads-to-rce-on-pyrocms-7515be27c811",
"source": "cve@mitre.org",

4
CVE-2023/CVE-2023-339xx/CVE-2023-33953.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33953",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-08-09T13:15:09.370",
"lastModified": "2023-08-09T13:15:09.370",
"vulnStatus": "Received",
"lastModified": "2023-08-09T18:05:18.757",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-345xx/CVE-2023-34545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34545",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T14:15:10.617",
"lastModified": "2023-08-09T14:15:10.617",
"vulnStatus": "Received",
"lastModified": "2023-08-09T18:05:18.757",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-35xx/CVE-2023-3518.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3518",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-08-09T16:15:09.957",
"lastModified": "2023-08-09T16:15:09.957",
"vulnStatus": "Received",
"lastModified": "2023-08-09T18:05:18.757",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

80
CVE-2023/CVE-2023-364xx/CVE-2023-36499.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-36499",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:10.160",
"lastModified": "2023-08-07T19:30:24.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:02:22.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:xr300_firmware:1.0.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "3E35B900-99B9-4937-B3F5-04212913F6DC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-366xx/CVE-2023-36686.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36686",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-05T23:15:12.273",
"lastModified": "2023-08-06T12:00:51.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:01:02.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cartflows:cartflows:*:*:*:*:pro:wordpress:*:*",
"versionEndIncluding": "1.11.11",
"matchCriteriaId": "3E34F7ED-A303-41C6-8560-3A2DD5EE763B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cartflows-pro/wordpress-cartflows-pro-plugin-1-11-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-374xx/CVE-2023-37483.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37483",
"sourceIdentifier": "cna@sap.com",
"published": "2023-08-08T01:15:17.313",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:21:52.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -46,14 +66,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:powerdesigner:16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E17F2B57-5B4A-4718-8123-CBF87F1CCFE0"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3341460",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-374xx/CVE-2023-37484.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37484",
"sourceIdentifier": "cna@sap.com",
"published": "2023-08-08T01:15:17.627",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:21:40.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -46,14 +66,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:powerdesigner:16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E17F2B57-5B4A-4718-8123-CBF87F1CCFE0"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3341460",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-374xx/CVE-2023-37487.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37487",
"sourceIdentifier": "cna@sap.com",
"published": "2023-08-08T01:15:18.247",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:21:30.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -46,14 +66,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "391F491C-2DE8-44E5-B054-42F188161C8A"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3333616",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-374xx/CVE-2023-37490.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37490",
"sourceIdentifier": "cna@sap.com",
"published": "2023-08-08T01:15:18.677",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:21:14.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -46,14 +66,42 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA0DF9-D893-4AF9-923E-E47EA5C02C52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*",
"matchCriteriaId": "85CBCF48-5478-4EE5-8F69-6E59EFDB707D"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3317710",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-374xx/CVE-2023-37491.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37491",
"sourceIdentifier": "cna@sap.com",
"published": "2023-08-08T01:15:18.840",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:20:38.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -46,14 +66,77 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:message_server:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B5281B-885B-4121-9532-E3BDA2325273"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:message_server:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "253C27F5-F9DF-4A73-BEC4-1710A14DD008"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:message_server:kernel_7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "231F8984-8AF6-4AA1-8E9E-0DA7860F70AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:message_server:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "8066016B-B096-49F2-9DE1-A86C2B863AF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:message_server:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2A1340C0-7CA8-4CE6-9E20-2ED434EBFD1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:message_server:krnl64nuc_7.22ex:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA177BA-4BEA-48C8-B142-8120E0112551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:message_server:rnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "992F4CF6-2ECD-41AF-923C-399C74E1F84D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:message_server:rnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "D95E9CA2-8B8A-47AF-BD8F-642F59783B4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:message_server:rnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "D1875FA4-5448-47D5-9E86-416E2DFA5E6F"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3344295",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

133
CVE-2023/CVE-2023-374xx/CVE-2023-37492.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37492",
"sourceIdentifier": "cna@sap.com",
"published": "2023-08-08T01:15:18.993",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:20:16.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "cna@sap.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +64,119 @@
"value": "CWE-862"
}
]
},
{
"source": "cna@sap.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "6F048ED9-2DDF-4EB9-8571-73832AFABF6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "C37DC475-6B9A-493C-9A6F-28CDD65D2A5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "2BD9FE51-F76C-439A-A3C0-5279EC1059F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "4EB54432-0E1A-45F2-BEE1-8DC28FAADA9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "8E96C58C-ED44-487B-A67E-FDAE3C29023A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "A14DF5EB-B8CE-4A47-9959-2F65A5DCEF5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "419BA423-0803-4F51-8889-014A521F02CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "DA20ECDC-8807-462C-A0F0-70DF6F5A119B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "800AAC21-325C-4F16-AE5A-9F89327E5356"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "BDC15DB7-A95B-475F-AAA6-60A801F65690"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "55A2FECF-A32E-4188-9563-E8BA0E952261"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "9CBF2E53-17F0-4BF0-9C38-749C7E611BF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "5160572B-E3AB-4B96-8950-07DDAFA0E4A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:793:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "AB104F44-D209-41D3-AE25-A5A4A8CE3323"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:804:*:*:*:sap_basis:*:*:*",
"matchCriteriaId": "FF9FC6F8-E0D3-4F96-BB6C-E922C4C87327"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3348000",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-375xx/CVE-2023-37569.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37569",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2023-08-08T09:15:10.620",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:15:12.777",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174084/Emagic-Data-Center-Management-Suite-6.0-Remote-Command-Execution.html",
"source": "vdisclose@cert-in.org.in"
},
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226",
"source": "vdisclose@cert-in.org.in"

47
CVE-2023/CVE-2023-383xx/CVE-2023-38392.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38392",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-07T13:15:11.880",
"lastModified": "2023-08-07T15:41:35.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:01:11.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgogo:custom_field_template:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.6.0",
"matchCriteriaId": "DB6B4744-E7BC-4CC7-82FC-3F80563221D5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/custom-field-template/wordpress-custom-field-template-plugin-2-5-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-384xx/CVE-2023-38412.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-38412",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:10.233",
"lastModified": "2023-08-07T19:30:24.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:02:31.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:r6900p_firmware:1.3.3.154:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8B361B-A65E-47CE-B77B-4D2F5C44BD3C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-385xx/CVE-2023-38591.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-38591",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:10.317",
"lastModified": "2023-08-07T19:30:24.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:02:39.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:dg834gv5_firmware:1.6.01.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA427BF-331A-46BC-9C67-3CFF3661C1BB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:dg834gv5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F92A4286-8696-4FC7-9D1D-4035E267770B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-386xx/CVE-2023-38646.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38646",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-21T15:15:10.003",
"lastModified": "2023-07-31T18:36:05.793",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-09T18:15:13.213",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -113,6 +113,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/metabase/metabase/issues/32552",
"source": "cve@mitre.org",

107
CVE-2023/CVE-2023-389xx/CVE-2023-38921.json
View File

@ -2,23 +2,120 @@
"id": "CVE-2023-38921",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:10.393",
"lastModified": "2023-08-07T19:30:24.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:03:20.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:wg302v2_firmware:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB7BBB6-E1A4-4271-8E0C-B8DC73B0E934"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:wg302v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55487992-36DA-45AB-8D58-E440D98E116D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:wag302v2_firmware:5.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BC914778-D3E7-4D0C-8F48-108BCCA08991"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:wag302v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CAC63A2-F40A-4FDE-949D-A1852DF3E107"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/upgrade_handler",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

134
CVE-2023/CVE-2023-389xx/CVE-2023-38922.json
View File

@ -2,23 +2,147 @@
"id": "CVE-2023-38922",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:10.477",
"lastModified": "2023-08-07T19:30:24.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:03:54.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:jwnr2000v2_firmware:1.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "21E91328-4F46-42D4-A99F-A83AE71C8F2D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:jwnr2000v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32886871-051A-40D8-97FA-6DCD20714D79"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:xwn5001_firmware:0.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C025A46-FB26-409A-888F-7336F871AC8A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:xwn5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEF5DCA-0EDB-4966-95AC-52B2661B8D1B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:xavn2001v2_firmware:0.4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2B5F63-7A1F-41F9-8184-112AB2D0979C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:xavn2001v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA4AFAA-8FBF-43FB-B2FB-8FF806FF2BBB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-389xx/CVE-2023-38924.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-38924",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:10.563",
"lastModified": "2023-08-07T19:30:20.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:04:06.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:dgn3500_firmware:1.1.00.37:*:*:*:*:*:*:*",
"matchCriteriaId": "2E149146-F876-4F97-AE57-FA30FFB77DA3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:dgn3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEBFD21-8AC6-4470-B742-58E2E946E427"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_password_create_smb_cfg/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

134
CVE-2023/CVE-2023-389xx/CVE-2023-38925.json
View File

@ -2,23 +2,147 @@
"id": "CVE-2023-38925",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:10.633",
"lastModified": "2023-08-07T19:30:20.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:04:34.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:dc112a_firmware:1.0.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "40766026-137D-4E44-9DEC-18E1B66CD074"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F87FFC46-137D-45B8-B437-F15565FB33D0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:ex6200_firmware:1.0.3.94:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B6521D-DFB6-47BF-8D4C-559763C56C9F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:ex6200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3186CC67-B567-4A0C-BD2C-0433716FBD1B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:r6300v2_firmware:1.0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "54C33521-BF2B-4C9B-BA3B-90ADB6B61145"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:r6300v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7909744D-FE9B-49D1-ADB3-029CCC432A47"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_smb_pass/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-389xx/CVE-2023-38926.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-38926",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:10.707",
"lastModified": "2023-08-07T19:30:20.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:04:22.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:ex6200_firmware:1.0.3.94:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B6521D-DFB6-47BF-8D4C-559763C56C9F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:ex6200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3186CC67-B567-4A0C-BD2C-0433716FBD1B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-389xx/CVE-2023-38928.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-38928",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:10.777",
"lastModified": "2023-08-07T19:30:20.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:04:57.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:r7100lg_firmware:1.0.0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "F2A7064F-FF99-4B7C-B35B-693E7787AD1C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/usb_remote_invite_password",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-389xx/CVE-2023-38929.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-38929",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:10.843",
"lastModified": "2023-08-07T19:30:20.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:05:18.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:4g300_firmware:1.01.42:*:*:*:*:*:*:*",
"matchCriteriaId": "7A11C718-6F74-46FD-8C72-6E9FF1FA9FE4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A63A3E-E6B1-42C8-ABA8-5E19777392B5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

184
CVE-2023/CVE-2023-389xx/CVE-2023-38930.json
View File

@ -2,19 +2,195 @@
"id": "CVE-2023-38930",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:10.907",
"lastModified": "2023-08-07T19:30:20.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:05:36.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94B37C-491D-4E7C-8273-F46FEDA62C9F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac7:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96503617-6B69-4862-ADFE-4EF379876F0F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3530E4-70D6-4246-84CA-E25797329DE0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB77DC8-C11D-418A-AB87-5FE0226CA6CA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7\\(775\\):*:*:*:*:*:*:*",
"matchCriteriaId": "706158B7-6114-4AA8-A1A0-BB24119A3264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E92D910-72BB-443F-9927-1E72AC8C8C9B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/addWifiMacFilter/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

162
CVE-2023/CVE-2023-389xx/CVE-2023-38932.json
View File

@ -2,23 +2,175 @@
"id": "CVE-2023-38932",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:11.043",
"lastModified": "2023-08-07T19:30:20.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:05:45.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE52B3C-3B08-4B8E-965B-0B7BD05EBBB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:pa202_firmware:1.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68BF38F0-62D2-4789-8E5E-A6E7F5BC3AC3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:pa202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAE4C66-1579-4B54-B268-FD75363E4699"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:pw201a_firmware:1.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8444B664-7963-4DC7-9141-EF055F175FF2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:pw201a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7614AEA9-9216-4872-A29C-C51736516F54"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:fh1202_firmware:1.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA584AC-7E1F-4FF7-91EA-F82AC2D2D3CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A632A11-60A0-457C-A039-BED32F83BD52"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/formSafeEmailFilter",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

130
CVE-2023/CVE-2023-389xx/CVE-2023-38934.json
View File

@ -2,19 +2,141 @@
"id": "CVE-2023-38934",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:11.207",
"lastModified": "2023-08-07T19:30:20.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:06:05.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E28AF51D-EBFB-4EC8-9FCB-C3DFAE1DBB2E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7A0DCB-AC18-4F32-86E2-F2C2E9118A71"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3530E4-70D6-4246-84CA-E25797329DE0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB77DC8-C11D-418A-AB87-5FE0226CA6CA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7\\(775\\):*:*:*:*:*:*:*",
"matchCriteriaId": "706158B7-6114-4AA8-A1A0-BB24119A3264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E92D910-72BB-443F-9927-1E72AC8C8C9B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetDeviceName/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

157
CVE-2023/CVE-2023-389xx/CVE-2023-38938.json
View File

@ -2,19 +2,168 @@
"id": "CVE-2023-38938",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:11.477",
"lastModified": "2023-08-07T19:30:20.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:06:15.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE52B3C-3B08-4B8E-965B-0B7BD05EBBB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:pa202_firmware:1.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68BF38F0-62D2-4789-8E5E-A6E7F5BC3AC3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:pa202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAE4C66-1579-4B54-B268-FD75363E4699"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:pw201a_firmware:1.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8444B664-7963-4DC7-9141-EF055F175FF2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:pw201a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7614AEA9-9216-4872-A29C-C51736516F54"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:fh1202_firmware:1.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA584AC-7E1F-4FF7-91EA-F82AC2D2D3CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A632A11-60A0-457C-A039-BED32F83BD52"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/frmL7ImForm",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

103
CVE-2023/CVE-2023-389xx/CVE-2023-38939.json
View File

@ -2,19 +2,114 @@
"id": "CVE-2023-38939",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:11.540",
"lastModified": "2023-08-07T19:30:20.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:06:28.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE52B3C-3B08-4B8E-965B-0B7BD05EBBB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:fh1202_firmware:1.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA584AC-7E1F-4FF7-91EA-F82AC2D2D3CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A632A11-60A0-457C-A039-BED32F83BD52"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/formWrlsafeset",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

130
CVE-2023/CVE-2023-389xx/CVE-2023-38940.json
View File

@ -2,19 +2,141 @@
"id": "CVE-2023-38940",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:11.610",
"lastModified": "2023-08-07T19:30:20.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:06:42.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E28AF51D-EBFB-4EC8-9FCB-C3DFAE1DBB2E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7A0DCB-AC18-4F32-86E2-F2C2E9118A71"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3530E4-70D6-4246-84CA-E25797329DE0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB77DC8-C11D-418A-AB87-5FE0226CA6CA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7\\(775\\):*:*:*:*:*:*:*",
"matchCriteriaId": "706158B7-6114-4AA8-A1A0-BB24119A3264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E92D910-72BB-443F-9927-1E72AC8C8C9B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/form_fast_setting_wifi_set",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-389xx/CVE-2023-38997.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38997",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.593",
"lastModified": "2023-08-09T19:15:14.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability in the Captive Portal templates of OPNsense before 23.7 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/opnsense/core/commit/448762d440b51574f1906c0ec2f5ea6dc4f16eb2",
"source": "cve@mitre.org"
},
{
"url": "https://logicaltrust.net/blog/2023/08/opnsense.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-389xx/CVE-2023-38998.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38998",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.660",
"lastModified": "2023-08-09T19:15:14.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An open redirect in the Login page of OPNsense before 23.7 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/opnsense/core/commit/6bc025af1705dcdd8ef22ff5d4fcb986fa4e45f8",
"source": "cve@mitre.org"
},
{
"url": "https://logicaltrust.net/blog/2023/08/opnsense.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-389xx/CVE-2023-38999.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38999",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.723",
"lastModified": "2023-08-09T19:15:14.723",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/opnsense/core/commit/5d68f43d1f254144831881fc87d885eed120cf3c",
"source": "cve@mitre.org"
},
{
"url": "https://logicaltrust.net/blog/2023/08/opnsense.html",
"source": "cve@mitre.org"
}
]
}

65
CVE-2023/CVE-2023-38xx/CVE-2023-3896.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3896",
"sourceIdentifier": "security@opencloudos.tech",
"published": "2023-08-07T13:15:12.927",
"lastModified": "2023-08-07T15:41:35.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:00:58.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@opencloudos.tech",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-369"
}
]
},
{
"source": "security@opencloudos.tech",
"type": "Secondary",
@ -46,14 +76,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vim:vim:9.0.1367:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C64D89-A08A-462B-A7A0-081F1CF58908"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vim/vim/issues/12528",
"source": "security@opencloudos.tech"
"source": "security@opencloudos.tech",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/vim/vim/pull/12540",
"source": "security@opencloudos.tech"
"source": "security@opencloudos.tech",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-390xx/CVE-2023-39000.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39000",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.787",
"lastModified": "2023-08-09T19:15:14.787",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense before 23.7 allows attackers to inject arbitrary JavaScript via the URL path."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/opnsense/core/commit/d1f350ce70e477adc86d445f5cda9b24f9ff0168",
"source": "cve@mitre.org"
},
{
"url": "https://logicaltrust.net/blog/2023/08/opnsense.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-390xx/CVE-2023-39001.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39001",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.850",
"lastModified": "2023-08-09T19:15:14.850",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows attackers to execute arbitrary commands via a crafted backup configuration file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/opnsense/core/commit/e800097d0c287bb665f0751a98a67c75ef7b45e5",
"source": "cve@mitre.org"
},
{
"url": "https://logicaltrust.net/blog/2023/08/opnsense.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-390xx/CVE-2023-39002.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39002",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.900",
"lastModified": "2023-08-09T19:15:14.900",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/opnsense/core/commit/a4f6a8f8d604271f81984cfcbba0471af58e34dc",
"source": "cve@mitre.org"
},
{
"url": "https://logicaltrust.net/blog/2023/08/opnsense.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-390xx/CVE-2023-39003.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39003",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.953",
"lastModified": "2023-08-09T19:15:14.953",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OPNsense before 23.7 was discovered to contain insecure permissions in the directory /tmp."
}
],
"metrics": {},
"references": [
{
"url": "http://opnsense.com",
"source": "cve@mitre.org"
},
{
"url": "https://logicaltrust.net/blog/2023/08/opnsense.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-390xx/CVE-2023-39004.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39004",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:15.013",
"lastModified": "2023-08-09T19:15:15.013",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation."
}
],
"metrics": {},
"references": [
{
"url": "http://opnsense.com",
"source": "cve@mitre.org"
},
{
"url": "https://logicaltrust.net/blog/2023/08/opnsense.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-390xx/CVE-2023-39005.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39005",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:15.077",
"lastModified": "2023-08-09T19:15:15.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions exist for configd.socket in OPNsense before 23.7."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/opnsense/core/issues/6647",
"source": "cve@mitre.org"
},
{
"url": "https://logicaltrust.net/blog/2023/08/opnsense.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-390xx/CVE-2023-39006.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39006",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:15.140",
"lastModified": "2023-08-09T19:15:15.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Crash Reporter (crash_reporter.php) component of OPNsense before 23.7 mishandles input sanitization."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/opnsense/core/commit/1c05a19d9d52c7bfa4ac52114935d9fe76d5d181",
"source": "cve@mitre.org"
},
{
"url": "https://logicaltrust.net/blog/2023/08/opnsense.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-390xx/CVE-2023-39007.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39007",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:15.207",
"lastModified": "2023-08-09T19:15:15.207",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/opnsense/core/commit/5edff49db1cd8b5078611e2f542d91c02af2b25c",
"source": "cve@mitre.org"
},
{
"url": "https://logicaltrust.net/blog/2023/08/opnsense.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-390xx/CVE-2023-39008.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39008",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:15.270",
"lastModified": "2023-08-09T19:15:15.270",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/opnsense/core/commit/e800097d0c287bb665f0751a98a67c75ef7b45e5",
"source": "cve@mitre.org"
},
{
"url": "https://logicaltrust.net/blog/2023/08/opnsense.html",
"source": "cve@mitre.org"
}
]
}

86
CVE-2023/CVE-2023-394xx/CVE-2023-39436.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39436",
"sourceIdentifier": "cna@sap.com",
"published": "2023-08-08T01:15:19.150",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:19:29.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -46,14 +66,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:supplier_relationship_management:600:*:*:*:*:*:*:*",
"matchCriteriaId": "55527525-88C2-4FAD-AD3F-023928317556"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:supplier_relationship_management:602:*:*:*:*:*:*:*",
"matchCriteriaId": "15FDAEAF-58BD-4839-839F-A1E8C8E0E0AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:supplier_relationship_management:603:*:*:*:*:*:*:*",
"matchCriteriaId": "794DE5E4-B5A6-4ACC-8EBF-F76FCAD7369C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:supplier_relationship_management:604:*:*:*:*:*:*:*",
"matchCriteriaId": "685CA87A-7F6F-4D75-83D9-C5F26201257D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:supplier_relationship_management:605:*:*:*:*:*:*:*",
"matchCriteriaId": "189F4096-39A5-44E6-B954-70B45FA1F695"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:supplier_relationship_management:606:*:*:*:*:*:*:*",
"matchCriteriaId": "24247E81-67E8-42DE-9871-2EC7F0960A98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:supplier_relationship_management:616:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFCE15C-77A9-4C6E-8616-3F7EBA1EB220"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:supplier_relationship_management:617:*:*:*:*:*:*:*",
"matchCriteriaId": "67BE6CAE-5A02-4567-ADEA-2B16C763CA06"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/2067220",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-394xx/CVE-2023-39437.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39437",
"sourceIdentifier": "cna@sap.com",
"published": "2023-08-08T01:15:19.477",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:19:10.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -46,14 +66,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "391F491C-2DE8-44E5-B054-42F188161C8A"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3358300",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-394xx/CVE-2023-39440.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39440",
"sourceIdentifier": "cna@sap.com",
"published": "2023-08-08T01:15:20.100",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:22:07.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -46,14 +66,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA0DF9-D893-4AF9-923E-E47EA5C02C52"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3312586",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-395xx/CVE-2023-39528.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39528",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-07T21:15:10.597",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T19:45:03.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.1.1",
"matchCriteriaId": "705A3EBE-48E5-4E3B-A8D8-471098F8B56E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-395xx/CVE-2023-39529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39529",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-07T21:15:10.703",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T19:46:13.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.1.1",
"matchCriteriaId": "705A3EBE-48E5-4E3B-A8D8-471098F8B56E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/b08c647305dc1e9e6a2445b724d13a9733b6ed82",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-2rf5-3fw8-qm47",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-395xx/CVE-2023-39530.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39530",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-07T21:15:10.817",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T19:36:10.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.1.1",
"matchCriteriaId": "705A3EBE-48E5-4E3B-A8D8-471098F8B56E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-v4gr-v679-42p7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-395xx/CVE-2023-39531.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39531",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-09T17:15:09.827",
"lastModified": "2023-08-09T17:15:09.827",
"vulnStatus": "Received",
"lastModified": "2023-08-09T18:05:18.757",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-399xx/CVE-2023-39969.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39969",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-09T16:15:09.733",
"lastModified": "2023-08-09T16:15:09.733",
"vulnStatus": "Received",
"lastModified": "2023-08-09T18:05:18.757",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-39xx/CVE-2023-3953.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3953",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-08-09T15:15:09.623",
"lastModified": "2023-08-09T15:15:09.623",
"vulnStatus": "Received",
"lastModified": "2023-08-09T18:05:18.757",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-400xx/CVE-2023-40012.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40012",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-09T16:15:10.060",
"lastModified": "2023-08-09T16:15:10.060",
"vulnStatus": "Received",
"lastModified": "2023-08-09T18:05:18.757",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

61
CVE-2023/CVE-2023-41xx/CVE-2023-4165.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4165",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-05T14:15:23.390",
"lastModified": "2023-08-06T12:01:01.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:54:06.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F52BB0F-F178-4DFE-AE9E-6C91D2137799"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nagenanhai/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.236181",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.236181",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-41xx/CVE-2023-4166.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4166",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-05T16:15:23.747",
"lastModified": "2023-08-06T12:01:01.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:30:04.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F52BB0F-F178-4DFE-AE9E-6C91D2137799"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Das1yGa0/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.236182",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.236182",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-41xx/CVE-2023-4167.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4167",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-05T16:15:23.907",
"lastModified": "2023-08-06T12:01:01.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:37:23.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emby:emby.releases:4.7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "522A039F-CD65-48A0-BEC2-71F59E93FBCE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/whoamiecho/vuls/blob/main/emby.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.236183",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.236183",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-41xx/CVE-2023-4168.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4168",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-05T18:15:09.563",
"lastModified": "2023-08-07T18:15:10.287",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-09T19:58:40.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,8 +83,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +103,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:templatecookie:adlisting:2.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "799A4E72-E409-4345-B0BA-A7DBDF6EE9F5"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174015/Adlisting-Classified-Ads-2.14.0-Information-Disclosure.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.236184",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.236184",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-41xx/CVE-2023-4169.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4169",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-05T18:15:17.850",
"lastModified": "2023-08-06T12:01:01.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T19:24:47.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,8 +83,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +103,59 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ruijie:rg-ew1200g_firmware:1.0\\(1\\)b1p5:*:*:*:*:*:*:*",
"matchCriteriaId": "3B16D6E8-5A22-45DB-9DAE-AC8CBC2DC1E5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ruijie:rg-ew1200g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D49D3A7-F8C9-4273-B947-21B516DB5877"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.236185",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.236185",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-41xx/CVE-2023-4170.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4170",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-05T19:15:18.463",
"lastModified": "2023-08-06T12:01:01.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T19:35:58.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dedebiz:dedebiz:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0617CF-E88B-4486-B850-BAE317599BB6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Wkingxc/CVE/blob/master/dedebiz_XSS.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.236186",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.236186",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-41xx/CVE-2023-4185.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4185",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-06T13:15:14.137",
"lastModified": "2023-08-07T12:57:26.370",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:52:43.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:online_hospital_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E9FA36-133C-473E-A155-A5FF15908E42"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Yusoyea/VulList/blob/main/Hospital%20Management%20System%20patientlogin.php%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.236220",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.236220",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-41xx/CVE-2023-4192.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4192",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-07T00:15:09.387",
"lastModified": "2023-08-07T12:57:26.370",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T18:15:25.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:resort_reservation_system_project:resort_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57B25E14-73A3-436D-900D-0E09E0A423DE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Yesec/Resort-Reservation-System/blob/main/SQL%20Injection%20in%20manage_user.php/vuln.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.236235",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.236235",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-41xx/CVE-2023-4199.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4199",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-07T18:15:10.667",
"lastModified": "2023-08-07T18:20:15.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T19:52:53.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92A0265A-E1A5-4424-8D30-EC76231AEE53"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Yesec/Inventory-Management-System/blob/main/SQL%20Injection%20in%20catagory_data.php/vuln.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.236289",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.236289",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-42xx/CVE-2023-4273.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4273",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-09T15:15:09.823",
"lastModified": "2023-08-09T15:15:09.823",
"vulnStatus": "Received",
"lastModified": "2023-08-09T18:05:18.757",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

89
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-09T18:00:37.265849+00:00
2023-08-09T20:00:27.134268+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-09T17:59:30.673000+00:00
2023-08-09T19:58:40.947000+00:00
```
### Last Data Feed Release
@ -29,48 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
222163
222201
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `38`
* [CVE-2023-39969](CVE-2023/CVE-2023-399xx/CVE-2023-39969.json) (`2023-08-09T16:15:09.733`)
* [CVE-2023-3518](CVE-2023/CVE-2023-35xx/CVE-2023-3518.json) (`2023-08-09T16:15:09.957`)
* [CVE-2023-40012](CVE-2023/CVE-2023-400xx/CVE-2023-40012.json) (`2023-08-09T16:15:10.060`)
* [CVE-2023-39531](CVE-2023/CVE-2023-395xx/CVE-2023-39531.json) (`2023-08-09T17:15:09.827`)
* [CVE-2022-48593](CVE-2022/CVE-2022-485xx/CVE-2022-48593.json) (`2023-08-09T19:15:13.253`)
* [CVE-2022-48594](CVE-2022/CVE-2022-485xx/CVE-2022-48594.json) (`2023-08-09T19:15:13.367`)
* [CVE-2022-48595](CVE-2022/CVE-2022-485xx/CVE-2022-48595.json) (`2023-08-09T19:15:13.467`)
* [CVE-2022-48596](CVE-2022/CVE-2022-485xx/CVE-2022-48596.json) (`2023-08-09T19:15:13.567`)
* [CVE-2022-48597](CVE-2022/CVE-2022-485xx/CVE-2022-48597.json) (`2023-08-09T19:15:13.667`)
* [CVE-2022-48598](CVE-2022/CVE-2022-485xx/CVE-2022-48598.json) (`2023-08-09T19:15:13.770`)
* [CVE-2022-48599](CVE-2022/CVE-2022-485xx/CVE-2022-48599.json) (`2023-08-09T19:15:13.877`)
* [CVE-2022-48600](CVE-2022/CVE-2022-486xx/CVE-2022-48600.json) (`2023-08-09T19:15:13.973`)
* [CVE-2022-48601](CVE-2022/CVE-2022-486xx/CVE-2022-48601.json) (`2023-08-09T19:15:14.080`)
* [CVE-2022-48602](CVE-2022/CVE-2022-486xx/CVE-2022-48602.json) (`2023-08-09T19:15:14.190`)
* [CVE-2022-48603](CVE-2022/CVE-2022-486xx/CVE-2022-48603.json) (`2023-08-09T19:15:14.297`)
* [CVE-2022-48604](CVE-2022/CVE-2022-486xx/CVE-2022-48604.json) (`2023-08-09T19:15:14.393`)
* [CVE-2023-23346](CVE-2023/CVE-2023-233xx/CVE-2023-23346.json) (`2023-08-09T19:15:14.500`)
* [CVE-2023-38997](CVE-2023/CVE-2023-389xx/CVE-2023-38997.json) (`2023-08-09T19:15:14.593`)
* [CVE-2023-38998](CVE-2023/CVE-2023-389xx/CVE-2023-38998.json) (`2023-08-09T19:15:14.660`)
* [CVE-2023-38999](CVE-2023/CVE-2023-389xx/CVE-2023-38999.json) (`2023-08-09T19:15:14.723`)
* [CVE-2023-39000](CVE-2023/CVE-2023-390xx/CVE-2023-39000.json) (`2023-08-09T19:15:14.787`)
* [CVE-2023-39001](CVE-2023/CVE-2023-390xx/CVE-2023-39001.json) (`2023-08-09T19:15:14.850`)
* [CVE-2023-39002](CVE-2023/CVE-2023-390xx/CVE-2023-39002.json) (`2023-08-09T19:15:14.900`)
* [CVE-2023-39003](CVE-2023/CVE-2023-390xx/CVE-2023-39003.json) (`2023-08-09T19:15:14.953`)
* [CVE-2023-39004](CVE-2023/CVE-2023-390xx/CVE-2023-39004.json) (`2023-08-09T19:15:15.013`)
* [CVE-2023-39005](CVE-2023/CVE-2023-390xx/CVE-2023-39005.json) (`2023-08-09T19:15:15.077`)
* [CVE-2023-39006](CVE-2023/CVE-2023-390xx/CVE-2023-39006.json) (`2023-08-09T19:15:15.140`)
* [CVE-2023-39007](CVE-2023/CVE-2023-390xx/CVE-2023-39007.json) (`2023-08-09T19:15:15.207`)
* [CVE-2023-39008](CVE-2023/CVE-2023-390xx/CVE-2023-39008.json) (`2023-08-09T19:15:15.270`)
### CVEs modified in the last Commit
Recently modified CVEs: `94`
Recently modified CVEs: `52`
* [CVE-2023-23757](CVE-2023/CVE-2023-237xx/CVE-2023-23757.json) (`2023-08-09T17:52:32.070`)
* [CVE-2023-38763](CVE-2023/CVE-2023-387xx/CVE-2023-38763.json) (`2023-08-09T17:52:32.503`)
* [CVE-2023-3650](CVE-2023/CVE-2023-36xx/CVE-2023-3650.json) (`2023-08-09T17:52:43.370`)
* [CVE-2023-39508](CVE-2023/CVE-2023-395xx/CVE-2023-39508.json) (`2023-08-09T17:52:57.137`)
* [CVE-2023-38764](CVE-2023/CVE-2023-387xx/CVE-2023-38764.json) (`2023-08-09T17:53:00.830`)
* [CVE-2023-3671](CVE-2023/CVE-2023-36xx/CVE-2023-3671.json) (`2023-08-09T17:53:05.527`)
* [CVE-2023-3575](CVE-2023/CVE-2023-35xx/CVE-2023-3575.json) (`2023-08-09T17:53:14.573`)
* [CVE-2023-20804](CVE-2023/CVE-2023-208xx/CVE-2023-20804.json) (`2023-08-09T17:53:15.283`)
* [CVE-2023-3524](CVE-2023/CVE-2023-35xx/CVE-2023-3524.json) (`2023-08-09T17:53:21.030`)
* [CVE-2023-3492](CVE-2023/CVE-2023-34xx/CVE-2023-3492.json) (`2023-08-09T17:53:34.870`)
* [CVE-2023-20805](CVE-2023/CVE-2023-208xx/CVE-2023-20805.json) (`2023-08-09T17:53:38.957`)
* [CVE-2023-3365](CVE-2023/CVE-2023-33xx/CVE-2023-3365.json) (`2023-08-09T17:53:54.090`)
* [CVE-2023-2843](CVE-2023/CVE-2023-28xx/CVE-2023-2843.json) (`2023-08-09T17:54:01.737`)
* [CVE-2023-38765](CVE-2023/CVE-2023-387xx/CVE-2023-38765.json) (`2023-08-09T17:54:16.737`)
* [CVE-2023-0604](CVE-2023/CVE-2023-06xx/CVE-2023-0604.json) (`2023-08-09T17:54:28.973`)
* [CVE-2023-38766](CVE-2023/CVE-2023-387xx/CVE-2023-38766.json) (`2023-08-09T17:55:00.717`)
* [CVE-2023-38767](CVE-2023/CVE-2023-387xx/CVE-2023-38767.json) (`2023-08-09T17:55:22.623`)
* [CVE-2023-36220](CVE-2023/CVE-2023-362xx/CVE-2023-36220.json) (`2023-08-09T17:55:37.767`)
* [CVE-2023-38768](CVE-2023/CVE-2023-387xx/CVE-2023-38768.json) (`2023-08-09T17:55:47.517`)
* [CVE-2023-38769](CVE-2023/CVE-2023-387xx/CVE-2023-38769.json) (`2023-08-09T17:56:35.557`)
* [CVE-2023-38770](CVE-2023/CVE-2023-387xx/CVE-2023-38770.json) (`2023-08-09T17:57:18.643`)
* [CVE-2023-38771](CVE-2023/CVE-2023-387xx/CVE-2023-38771.json) (`2023-08-09T17:57:29.410`)
* [CVE-2023-38773](CVE-2023/CVE-2023-387xx/CVE-2023-38773.json) (`2023-08-09T17:57:38.727`)
* [CVE-2023-4187](CVE-2023/CVE-2023-41xx/CVE-2023-4187.json) (`2023-08-09T17:58:37.840`)
* [CVE-2023-20781](CVE-2023/CVE-2023-207xx/CVE-2023-20781.json) (`2023-08-09T17:59:30.673`)
* [CVE-2023-20802](CVE-2023/CVE-2023-208xx/CVE-2023-20802.json) (`2023-08-09T18:07:36.453`)
* [CVE-2023-29689](CVE-2023/CVE-2023-296xx/CVE-2023-29689.json) (`2023-08-09T18:15:12.643`)
* [CVE-2023-37569](CVE-2023/CVE-2023-375xx/CVE-2023-37569.json) (`2023-08-09T18:15:12.777`)
* [CVE-2023-38646](CVE-2023/CVE-2023-386xx/CVE-2023-38646.json) (`2023-08-09T18:15:13.213`)
* [CVE-2023-4192](CVE-2023/CVE-2023-41xx/CVE-2023-4192.json) (`2023-08-09T18:15:25.423`)
* [CVE-2023-39437](CVE-2023/CVE-2023-394xx/CVE-2023-39437.json) (`2023-08-09T18:19:10.230`)
* [CVE-2023-39436](CVE-2023/CVE-2023-394xx/CVE-2023-39436.json) (`2023-08-09T18:19:29.723`)
* [CVE-2023-37492](CVE-2023/CVE-2023-374xx/CVE-2023-37492.json) (`2023-08-09T18:20:16.060`)
* [CVE-2023-37491](CVE-2023/CVE-2023-374xx/CVE-2023-37491.json) (`2023-08-09T18:20:38.800`)
* [CVE-2023-37490](CVE-2023/CVE-2023-374xx/CVE-2023-37490.json) (`2023-08-09T18:21:14.410`)
* [CVE-2023-37487](CVE-2023/CVE-2023-374xx/CVE-2023-37487.json) (`2023-08-09T18:21:30.300`)
* [CVE-2023-37484](CVE-2023/CVE-2023-374xx/CVE-2023-37484.json) (`2023-08-09T18:21:40.633`)
* [CVE-2023-37483](CVE-2023/CVE-2023-374xx/CVE-2023-37483.json) (`2023-08-09T18:21:52.827`)
* [CVE-2023-39440](CVE-2023/CVE-2023-394xx/CVE-2023-39440.json) (`2023-08-09T18:22:07.123`)
* [CVE-2023-4166](CVE-2023/CVE-2023-41xx/CVE-2023-4166.json) (`2023-08-09T18:30:04.680`)
* [CVE-2023-4167](CVE-2023/CVE-2023-41xx/CVE-2023-4167.json) (`2023-08-09T18:37:23.557`)
* [CVE-2023-4185](CVE-2023/CVE-2023-41xx/CVE-2023-4185.json) (`2023-08-09T18:52:43.840`)
* [CVE-2023-4165](CVE-2023/CVE-2023-41xx/CVE-2023-4165.json) (`2023-08-09T18:54:06.607`)
* [CVE-2023-4169](CVE-2023/CVE-2023-41xx/CVE-2023-4169.json) (`2023-08-09T19:24:47.690`)
* [CVE-2023-4170](CVE-2023/CVE-2023-41xx/CVE-2023-4170.json) (`2023-08-09T19:35:58.457`)
* [CVE-2023-39530](CVE-2023/CVE-2023-395xx/CVE-2023-39530.json) (`2023-08-09T19:36:10.557`)
* [CVE-2023-39528](CVE-2023/CVE-2023-395xx/CVE-2023-39528.json) (`2023-08-09T19:45:03.020`)
* [CVE-2023-39529](CVE-2023/CVE-2023-395xx/CVE-2023-39529.json) (`2023-08-09T19:46:13.237`)
* [CVE-2023-4199](CVE-2023/CVE-2023-41xx/CVE-2023-4199.json) (`2023-08-09T19:52:53.200`)
* [CVE-2023-4168](CVE-2023/CVE-2023-41xx/CVE-2023-4168.json) (`2023-08-09T19:58:40.947`)
## Download and Usage