admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-12T02:00:25.726326+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-12 02:00:29 +00:00
parent 073de65bd2
commit aeb4669cfc
24 changed files with 904 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2022/CVE-2022-364xx/CVE-2022-36440.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-36440",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-03T16:15:07.287",
"lastModified": "2023-04-21T04:15:41.777",
"lastModified": "2023-09-12T00:15:08.523",
"vulnStatus": "Modified",
"descriptions": [
{
@ -90,6 +90,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GM66PNHGCXZU66LQCTP2FSJLFF6CVMSI/",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5495",
"source": "cve@mitre.org"
}
]
}

8
CVE-2022/CVE-2022-403xx/CVE-2022-40302.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-40302",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-03T12:16:27.423",
"lastModified": "2023-05-19T17:54:22.700",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-12T00:15:08.693",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -71,6 +71,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5495",
"source": "cve@mitre.org"
}
]
}

8
CVE-2022/CVE-2022-403xx/CVE-2022-40318.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-40318",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-03T12:16:27.800",
"lastModified": "2023-05-19T17:54:40.543",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-12T00:15:08.787",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -71,6 +71,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5495",
"source": "cve@mitre.org"
}
]
}

8
CVE-2022/CVE-2022-436xx/CVE-2022-43681.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-43681",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-03T12:16:30.070",
"lastModified": "2023-05-19T17:54:28.407",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-12T00:15:08.860",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -71,6 +71,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5495",
"source": "cve@mitre.org"
}
]
}

66
CVE-2023/CVE-2023-309xx/CVE-2023-30908.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30908",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-09-07T22:15:07.500",
"lastModified": "2023-09-08T14:15:10.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-12T00:09:54.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +54,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.60.05",
"matchCriteriaId": "951E6F0C-7E2A-4B71-810C-130B79FFC3E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0",
"versionEndExcluding": "8.5",
"matchCriteriaId": "73DAA8E6-8BA9-4EB3-BD06-1E2F8DF5D9DF"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-314xx/CVE-2023-31490.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31490",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T16:15:14.757",
"lastModified": "2023-05-16T19:55:57.310",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-12T00:15:08.947",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -72,6 +72,10 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5495",
"source": "cve@mitre.org"
}
]
}

76
CVE-2023/CVE-2023-377xx/CVE-2023-37759.json
View File

@ -2,27 +2,91 @@
"id": "CVE-2023-37759",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-08T03:15:08.727",
"lastModified": "2023-09-08T12:58:39.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-12T00:10:11.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendylogics:crypto_currency_tracker:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.5",
"matchCriteriaId": "A2A218B3-9272-4504-921D-CC7F212D9A94"
}
]
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://tregix.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

8
CVE-2023/CVE-2023-388xx/CVE-2023-38802.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38802",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-29T16:15:09.113",
"lastModified": "2023-08-31T18:36:05.720",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-12T00:15:09.043",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -86,6 +86,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5495",
"source": "cve@mitre.org"
}
]
}

46
CVE-2023/CVE-2023-394xx/CVE-2023-39421.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39421",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2023-09-07T13:15:08.617",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-12T00:08:23.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
},
{
"source": "cve-requests@bitdefender.com",
"type": "Secondary",
@ -46,10 +66,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:resortdata:internet_reservation_module_next_generation:5.4.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "579767F6-293C-43C0-8ECF-CE14E7BE16A9"
}
]
}
]
}
],
"references": [
{
"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained",
"source": "cve-requests@bitdefender.com"
"source": "cve-requests@bitdefender.com",
"tags": [
"Third Party Advisory"
]
}
]
}

46
CVE-2023/CVE-2023-394xx/CVE-2023-39422.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39422",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2023-09-07T13:15:08.710",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-12T00:08:38.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve-requests@bitdefender.com",
"type": "Secondary",
@ -46,10 +66,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:resortdata:internet_reservation_module_next_generation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCCB65A-86A1-4C73-A33B-DE4E5B03F21F"
}
]
}
]
}
],
"references": [
{
"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained",
"source": "cve-requests@bitdefender.com"
"source": "cve-requests@bitdefender.com",
"tags": [
"Third Party Advisory"
]
}
]
}

46
CVE-2023/CVE-2023-394xx/CVE-2023-39423.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39423",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2023-09-07T13:15:08.837",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-12T00:08:52.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "cve-requests@bitdefender.com",
"type": "Secondary",
@ -46,10 +66,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:resortdata:internet_reservation_module_next_generation:5.3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D4E8D4-6E26-4EEE-BFB6-FA4BB522808C"
}
]
}
]
}
],
"references": [
{
"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained",
"source": "cve-requests@bitdefender.com"
"source": "cve-requests@bitdefender.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-394xx/CVE-2023-39424.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39424",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2023-09-07T13:15:08.933",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-12T00:09:32.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve-requests@bitdefender.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "cve-requests@bitdefender.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "cve-requests@bitdefender.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +76,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:resortdata:internet_reservation_module_next_generation:5.3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D4E8D4-6E26-4EEE-BFB6-FA4BB522808C"
}
]
}
]
}
],
"references": [
{
"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained",
"source": "cve-requests@bitdefender.com"
"source": "cve-requests@bitdefender.com",
"tags": [
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-396xx/CVE-2023-39620.json
View File

@ -2,19 +2,93 @@
"id": "CVE-2023-39620",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-08T03:15:08.787",
"lastModified": "2023-09-08T12:58:39.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-12T00:10:23.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:buffalo:terastation_nas_5410r_firmware:5.00-0.07:*:*:*:*:*:*:*",
"matchCriteriaId": "4914C3B5-4521-4137-9CE8-7A4ED638AED9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:buffalo:terastation_nas_5410r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A7CFA6-84AC-4CFD-9DF1-5E83B0E931D1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration",
"source": "nvd@nist.gov",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration.",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

74
CVE-2023/CVE-2023-397xx/CVE-2023-39711.json
View File

@ -2,27 +2,89 @@
"id": "CVE-2023-39711",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-07T15:15:07.697",
"lastModified": "2023-09-07T16:25:45.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-12T00:09:43.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:free_and_open_source_inventory_management_system_project:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4E30A0-0847-427A-9B08-FB699FCC7958"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Arajawat007/1683f9640c0d62337e0bbe23569d1ea5#file-cve-2023-39711",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

97
CVE-2023/CVE-2023-403xx/CVE-2023-40353.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40353",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-08T03:15:08.853",
"lastModified": "2023-09-08T12:58:39.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-12T00:10:41.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +54,81 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193"
}
]
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-404xx/CVE-2023-40440.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40440",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-12T00:15:09.133",
"lastModified": "2023-09-12T00:15:09.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213844",
"source": "product-security@apple.com"
}
]
}

28
CVE-2023/CVE-2023-404xx/CVE-2023-40442.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-40442",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-12T00:15:09.203",
"lastModified": "2023-09-12T00:15:09.203",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. An app may be able to read sensitive location information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213842",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213844",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213845",
"source": "product-security@apple.com"
}
]
}

68
CVE-2023/CVE-2023-409xx/CVE-2023-40953.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40953",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-08T03:15:08.930",
"lastModified": "2023-09-08T12:58:39.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-12T00:10:48.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,73 @@
"value": "iCMS v7.0.16 es vulnerable a Cross-Site Request Forgery (CSRF)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:idreamsoft:icms:7.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF5334A-FE6D-45F3-801F-DF6CC9FC92F0"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/ChubbyZ/e1e5c1858c389334dcf581a19c741308",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.icmsdev.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

26
CVE-2023/CVE-2023-410xx/CVE-2023-41064.json
View File

@ -2,24 +2,16 @@
"id": "CVE-2023-41064",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-07T18:15:07.727",
"lastModified": "2023-09-11T19:15:43.720",
"lastModified": "2023-09-12T00:15:09.267",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.9, macOS Big Sur 11.7.10, macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1, iOS 15.7.9 and iPadOS 15.7.9. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/3",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/4",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213905",
"source": "product-security@apple.com"
@ -29,23 +21,15 @@
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213905",
"url": "https://support.apple.com/en-us/HT213913",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213906",
"url": "https://support.apple.com/en-us/HT213914",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213913",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213914",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213915",
"url": "https://support.apple.com/en-us/HT213915",
"source": "product-security@apple.com"
}
]

8
CVE-2023/CVE-2023-413xx/CVE-2023-41358.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41358",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-29T04:15:16.180",
"lastModified": "2023-08-30T00:44:34.590",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-12T00:15:09.387",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -72,6 +72,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5495",
"source": "cve@mitre.org"
}
]
}

44
CVE-2023/CVE-2023-419xx/CVE-2023-41990.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-41990",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-12T00:15:09.463",
"lastModified": "2023-09-12T00:15:09.463",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, iOS 15.7.8 and iPadOS 15.7.8, watchOS 9.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213599",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213601",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213605",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213606",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213842",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213844",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213845",
"source": "product-security@apple.com"
}
]
}

59
CVE-2023/CVE-2023-48xx/CVE-2023-4898.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4898",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-12T00:15:09.917",
"lastModified": "2023-09-12T00:15:09.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-305"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/dc3dfbf31495fe316b21ee184b9317b38101d30e",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/a3dda692-7e8a-44a9-bd96-24cfd3f721d2",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-48xx/CVE-2023-4899.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4899",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-12T00:15:10.003",
"lastModified": "2023-09-12T00:15:10.003",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": " SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/dc3dfbf31495fe316b21ee184b9317b38101d30e",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/70a2fb18-f030-4abb-9ddc-13f94107ac9d",
"source": "security@huntr.dev"
}
]
}

41
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-11T23:55:26.249370+00:00
2023-09-12T02:00:25.726326+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-11T23:15:07.480000+00:00
2023-09-12T00:15:10.003000+00:00
```
### Last Data Feed Release
@ -23,31 +23,48 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-09-11T00:00:13.562919+00:00
2023-09-12T00:00:13.565890+00:00
```
### Total Number of included CVEs
```plain
224678
224683
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `5`
* [CVE-2023-38878](CVE-2023/CVE-2023-388xx/CVE-2023-38878.json) (`2023-09-11T22:15:08.023`)
* [CVE-2023-41879](CVE-2023/CVE-2023-418xx/CVE-2023-41879.json) (`2023-09-11T22:15:08.267`)
* [CVE-2023-39069](CVE-2023/CVE-2023-390xx/CVE-2023-39069.json) (`2023-09-11T23:15:07.480`)
* [CVE-2023-40440](CVE-2023/CVE-2023-404xx/CVE-2023-40440.json) (`2023-09-12T00:15:09.133`)
* [CVE-2023-40442](CVE-2023/CVE-2023-404xx/CVE-2023-40442.json) (`2023-09-12T00:15:09.203`)
* [CVE-2023-41990](CVE-2023/CVE-2023-419xx/CVE-2023-41990.json) (`2023-09-12T00:15:09.463`)
* [CVE-2023-4898](CVE-2023/CVE-2023-48xx/CVE-2023-4898.json) (`2023-09-12T00:15:09.917`)
* [CVE-2023-4899](CVE-2023/CVE-2023-48xx/CVE-2023-4899.json) (`2023-09-12T00:15:10.003`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `18`
* [CVE-2021-39473](CVE-2021/CVE-2021-394xx/CVE-2021-39473.json) (`2023-09-11T22:15:07.680`)
* [CVE-2023-41635](CVE-2023/CVE-2023-416xx/CVE-2023-41635.json) (`2023-09-11T22:15:08.103`)
* [CVE-2023-41640](CVE-2023/CVE-2023-416xx/CVE-2023-41640.json) (`2023-09-11T22:15:08.193`)
* [CVE-2022-36440](CVE-2022/CVE-2022-364xx/CVE-2022-36440.json) (`2023-09-12T00:15:08.523`)
* [CVE-2022-40302](CVE-2022/CVE-2022-403xx/CVE-2022-40302.json) (`2023-09-12T00:15:08.693`)
* [CVE-2022-40318](CVE-2022/CVE-2022-403xx/CVE-2022-40318.json) (`2023-09-12T00:15:08.787`)
* [CVE-2022-43681](CVE-2022/CVE-2022-436xx/CVE-2022-43681.json) (`2023-09-12T00:15:08.860`)
* [CVE-2023-39421](CVE-2023/CVE-2023-394xx/CVE-2023-39421.json) (`2023-09-12T00:08:23.007`)
* [CVE-2023-39422](CVE-2023/CVE-2023-394xx/CVE-2023-39422.json) (`2023-09-12T00:08:38.390`)
* [CVE-2023-39423](CVE-2023/CVE-2023-394xx/CVE-2023-39423.json) (`2023-09-12T00:08:52.437`)
* [CVE-2023-39424](CVE-2023/CVE-2023-394xx/CVE-2023-39424.json) (`2023-09-12T00:09:32.553`)
* [CVE-2023-39711](CVE-2023/CVE-2023-397xx/CVE-2023-39711.json) (`2023-09-12T00:09:43.303`)
* [CVE-2023-30908](CVE-2023/CVE-2023-309xx/CVE-2023-30908.json) (`2023-09-12T00:09:54.460`)
* [CVE-2023-37759](CVE-2023/CVE-2023-377xx/CVE-2023-37759.json) (`2023-09-12T00:10:11.453`)
* [CVE-2023-39620](CVE-2023/CVE-2023-396xx/CVE-2023-39620.json) (`2023-09-12T00:10:23.430`)
* [CVE-2023-40353](CVE-2023/CVE-2023-403xx/CVE-2023-40353.json) (`2023-09-12T00:10:41.327`)
* [CVE-2023-40953](CVE-2023/CVE-2023-409xx/CVE-2023-40953.json) (`2023-09-12T00:10:48.407`)
* [CVE-2023-31490](CVE-2023/CVE-2023-314xx/CVE-2023-31490.json) (`2023-09-12T00:15:08.947`)
* [CVE-2023-38802](CVE-2023/CVE-2023-388xx/CVE-2023-38802.json) (`2023-09-12T00:15:09.043`)
* [CVE-2023-41064](CVE-2023/CVE-2023-410xx/CVE-2023-41064.json) (`2023-09-12T00:15:09.267`)
* [CVE-2023-41358](CVE-2023/CVE-2023-413xx/CVE-2023-41358.json) (`2023-09-12T00:15:09.387`)
## Download and Usage