admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-04T20:00:25.177435+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-04 22:00:28 +02:00
parent fc4abb6764
commit af5b8963b8
75 changed files with 6797 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
CVE-2021/CVE-2021-383xx/CVE-2021-38363.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2021-38363",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-20T13:15:06.753",
"lastModified": "2023-04-20T13:15:13.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:29:57.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414"
}
]
}
]
}
],
"references": [
{
"url": "https://opennetworking.org/onos/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

70
CVE-2021/CVE-2021-383xx/CVE-2021-38364.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2021-38364",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-20T13:15:06.827",
"lastModified": "2023-04-20T13:15:13.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:28:18.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414"
}
]
}
]
}
],
"references": [
{
"url": "https://opennetworking.org/onos/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

106
CVE-2022/CVE-2022-237xx/CVE-2022-23721.json Normal file
View File

@ -0,0 +1,106 @@
{
"id": "CVE-2022-23721",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2023-04-25T19:15:10.087",
"lastModified": "2023-05-04T19:39:23.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-694"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.9",
"matchCriteriaId": "D1089203-0C94-4337-9108-DDACBB1CE79B"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.pingidentity.com/r/en-us/pingid/davinci_pingid_windows_login_relnotes_2.9",
"source": "responsible-disclosure@pingidentity.com",
"tags": [
"Release Notes"
]
}
]
}

70
CVE-2022/CVE-2022-240xx/CVE-2022-24035.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2022-24035",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-20T13:15:06.893",
"lastModified": "2023-04-20T13:15:13.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:27:25.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414"
}
]
}
]
}
],
"references": [
{
"url": "https://wiki.onosproject.org/display/ONOS/Intent+Framework",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

82
CVE-2022/CVE-2022-279xx/CVE-2022-27978.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2022-27978",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T16:15:09.260",
"lastModified": "2023-05-04T18:47:32.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tooljet:tooljet:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "045EAA93-CC71-4B4B-BE27-6BA4E52D9DAB"
}
]
}
]
}
],
"references": [
{
"url": "http://tooljet.com",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/fourcube/security-advisories/blob/main/security-advisories/20220320-tooljet.md",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

82
CVE-2022/CVE-2022-279xx/CVE-2022-27979.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2022-27979",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T16:15:09.453",
"lastModified": "2023-05-04T18:34:40.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tooljet:tooljet:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C10A90-E547-4A76-A32E-7A73010BD212"
}
]
}
]
}
],
"references": [
{
"url": "http://tooljet.com",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/fourcube/security-advisories/blob/main/security-advisories/20220321-tooljet-xss.md",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

83
CVE-2022/CVE-2022-312xx/CVE-2022-31244.json Normal file
View File

@ -0,0 +1,83 @@
{
"id": "CVE-2022-31244",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T16:15:08.990",
"lastModified": "2023-05-04T19:02:43.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:one-network_directory_server:17r2:*:*:*:*:*:*:*",
"matchCriteriaId": "819D29A1-3700-4CE3-BEED-F3E815E8BD63"
}
]
}
]
}
],
"references": [
{
"url": "https://packetstormsecurity.com/files/171970/Nokia-OneNDS-17-Insecure-Permissions-Privilege-Escalation.html",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.nokia.com/networks/products/one-nds/",
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

89
CVE-2022/CVE-2022-399xx/CVE-2022-39989.json Normal file
View File

@ -0,0 +1,89 @@
{
"id": "CVE-2022-39989",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T14:15:09.387",
"lastModified": "2023-05-04T19:49:24.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fighting_cock_information_system_project:fighting_cock_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11C6CA2F-C8E7-4BB1-A787-92E8621D817F"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/0xHop/43c4da65e0d101328a46b1bd5a11b262",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://gist.github.com/0xHop/6ed962a1978edb1bd620c9c487400403",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.sourcecodester.com/php/12824/fighting-cock-information-system.html",
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

102
CVE-2022/CVE-2022-404xx/CVE-2022-40482.json Normal file
View File

@ -0,0 +1,102 @@
{
"id": "CVE-2022-40482",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T19:15:10.180",
"lastModified": "2023-05-04T19:40:31.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\\Auth\\SessionGuard class when a user is found to not exist."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "9.32.0",
"matchCriteriaId": "E4552441-3DC8-4890-B731-4F34868C15C8"
}
]
}
]
}
],
"references": [
{
"url": "https://ephort.dk/blog/laravel-timing-attack-vulnerability/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://github.com/ephort/laravel-user-enumeration-demo",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/laravel/framework/pull/44069",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/laravel/framework/releases/tag/v9.32.0",
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

133
CVE-2022/CVE-2022-407xx/CVE-2022-40722.json Normal file
View File

@ -0,0 +1,133 @@
{
"id": "CVE-2022-40722",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2023-04-25T19:15:10.240",
"lastModified": "2023-05-04T19:46:42.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 4.0
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-780"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.1.0",
"versionEndIncluding": "11.1.5",
"matchCriteriaId": "4F085AB7-29E3-4CC6-88C6-49EF87B1E7E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.2.0",
"versionEndIncluding": "11.2.2",
"matchCriteriaId": "2F76BB82-2AE0-4330-84E7-BBFFABF030C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingid_adapter_for_pingfederate:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.13.2",
"matchCriteriaId": "9285EE82-E2F6-4C82-8F0E-2149B8652E71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingid_integration_kit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.24",
"matchCriteriaId": "A0D3BE72-98EE-4FE4-BF80-CDD66F495AC1"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.pingidentity.com/r/en-us/pingid/pingid_adapter_configuring_offline_mfa",
"source": "responsible-disclosure@pingidentity.com",
"tags": [
"Product"
]
},
{
"url": "https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_20_rn",
"source": "responsible-disclosure@pingidentity.com",
"tags": [
"Release Notes"
]
}
]
}

132
CVE-2022/CVE-2022-407xx/CVE-2022-40723.json Normal file
View File

@ -0,0 +1,132 @@
{
"id": "CVE-2022-40723",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2023-04-25T19:15:10.310",
"lastModified": "2023-05-04T19:48:57.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-305"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.1.0",
"versionEndIncluding": "11.1.5",
"matchCriteriaId": "4F085AB7-29E3-4CC6-88C6-49EF87B1E7E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.2.0",
"versionEndIncluding": "11.2.2",
"matchCriteriaId": "2F76BB82-2AE0-4330-84E7-BBFFABF030C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingid_integration_kit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.24",
"matchCriteriaId": "A0D3BE72-98EE-4FE4-BF80-CDD66F495AC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:radius_pcv:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.0.2",
"matchCriteriaId": "4A97675A-6B44-4AB9-AC7A-D67153A0273C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:radius_pcv:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73EC03B9-23AE-4E5C-A7AD-44D10E3997FA"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_19_rn",
"source": "responsible-disclosure@pingidentity.com",
"tags": [
"Release Notes"
]
}
]
}

128
CVE-2022/CVE-2022-407xx/CVE-2022-40724.json Normal file
View File

@ -0,0 +1,128 @@
{
"id": "CVE-2022-40724",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2023-04-25T19:15:10.383",
"lastModified": "2023-05-04T19:49:32.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0",
"versionEndIncluding": "10.3.11",
"matchCriteriaId": "D71A00D1-7F03-41CD-A62F-267D8EA85696"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndIncluding": "11.0.6",
"matchCriteriaId": "4E06480B-D92B-42C1-8A57-90E5F9229E15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.1.0",
"versionEndIncluding": "11.1.5",
"matchCriteriaId": "4F085AB7-29E3-4CC6-88C6-49EF87B1E7E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.2.0",
"versionEndIncluding": "11.2.2",
"matchCriteriaId": "2F76BB82-2AE0-4330-84E7-BBFFABF030C0"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.pingidentity.com/r/en-us/pingfederate-110/fll1675188537050",
"source": "responsible-disclosure@pingidentity.com",
"tags": [
"Release Notes"
]
}
]
}

106
CVE-2022/CVE-2022-407xx/CVE-2022-40725.json Normal file
View File

@ -0,0 +1,106 @@
{
"id": "CVE-2022-40725",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2023-04-25T19:15:10.447",
"lastModified": "2023-05-04T19:52:10.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:desktop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.4",
"matchCriteriaId": "2FFF7637-5A29-4D36-A50F-B87B3F8EF030"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.pingidentity.com/r/en-us/pingid/desktop_app_1.7.4",
"source": "responsible-disclosure@pingidentity.com",
"tags": [
"Release Notes"
]
}
]
}

84
CVE-2022/CVE-2022-452xx/CVE-2022-45291.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2022-45291",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T19:15:10.520",
"lastModified": "2023-05-04T19:57:26.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pwsdashboard:personal_weather_station_dashboard:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F21F28D-A86E-40D6-BAED-1A5D8AA88CEE"
}
]
}
]
}
],
"references": [
{
"url": "https://cavefxa.com/posts/cve-2022-45291/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://pwsdashboard.com/",
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

4
CVE-2022/CVE-2022-458xx/CVE-2022-45818.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45818",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-04T13:15:13.580",
"lastModified": "2023-05-04T13:15:13.580",
"vulnStatus": "Received",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

497
CVE-2022/CVE-2022-463xx/CVE-2022-46302.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46302",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-04-20T14:15:08.177",
"lastModified": "2023-04-20T14:41:19.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:32:15.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
},
{
"source": "security@checkmk.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-829"
}
]
},
{
"source": "security@checkmk.com",
"type": "Secondary",
@ -46,10 +76,471 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E15C521C-CD7F-434A-9F43-6ED5C7645DA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "172724CA-44E1-4768-8BAF-611AE72C8510"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b10:*:*:*:*:*:*",
"matchCriteriaId": "EE1C7D4B-55E2-4A0B-96AD-4D1645141B43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b11:*:*:*:*:*:*",
"matchCriteriaId": "BD1E3D74-1902-4958-8919-2077A41DC9C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b12:*:*:*:*:*:*",
"matchCriteriaId": "7B691D90-C811-43A1-8062-71F2BF0EF5E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "AECA9A0D-0552-4DC2-97D4-F54B2C342177"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "99D39BA7-C78A-4667-95F1-55ACB9FD584F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "5B467203-3B24-4CAE-BEB4-88FEFA2223EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "FDEC890E-D96A-490D-988D-B06C6CD86A05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "D337C851-FEE8-44EE-A4A2-B3D5BE488C92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "C38DF519-C97C-4D80-A686-72002CDD9406"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "D812CCC1-053C-4998-9335-2FB6E4A8BED8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "DB52C0F4-B206-4F20-BDB7-3FF2E60185D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "D80533C1-AA9F-481B-A4A4-26AA0695C666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "FA0AD652-2417-4C33-8299-0411FA002BAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "29F70025-92A2-4618-A8DD-05098F45625F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "9CAAB02A-CB2D-42F9-9720-520822F88402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "46C5993C-BEE1-4C9B-BCDB-09A36DA2485E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "53E01ABC-75DA-4323-9E8C-F97321974583"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "77427E05-C4A1-4C28-84B8-947E26CF7EA8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "6036F586-CA74-40DE-B76F-C76357A1E833"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "8F9B59E4-0468-495E-96C8-F765AFED2D67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "4BD62952-9A86-4FEF-B8FC-3A2F468BFF95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "84B6760F-4EB5-47C2-BDB1-9D654826B01D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "104EB827-02D7-4AB9-897D-16210E8934D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "232E5841-8303-410C-9191-F9603B808AB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "B9276429-8D0B-4647-AFBE-9A0B158666D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "86E4613C-C843-473F-B7BE-E5759D8D35B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "0FBD73A9-AF27-402E-9B42-B9DF1567CF43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "9EEBA5A8-5330-47A8-9D3E-08A7E22F70C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "3A5E5E38-94BA-4708-80A4-25CF71074E82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "28FA4030-59CF-43CB-A9B7-E2304E2315DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "1E00E39E-522C-4FDD-B4D7-0444FFC120ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "437611CD-D465-4A9D-91A8-E52EA99AEF2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "D618A417-5DE0-43DA-BD5B-CB41BE70CAA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "35BB228F-5FD2-4926-9B66-CAACF9382248"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E5138E25-A5AF-495D-A713-B8BDACC133D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "7AE78B5E-2D00-462B-AC0E-5E68BC36ED1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9D69AA9A-C6FF-4A9F-8B02-2F207C4150FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "452F359B-BCB5-46E0-A77A-383C3C2E2D60"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "D9A66C28-A2BA-4091-AB4C-05CDB1D3777F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "463A4A68-810B-4C20-A696-4F94DB20224B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "F4459581-214F-423B-A29D-31C789FD7F1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "CC0CFABC-A53C-4FD3-A57A-CB72C87A034B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "F96B08FA-8129-4880-86FE-47B08C2B6964"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "CAEB960C-5A5E-4F7C-8588-3F6737AE5DCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "3CB134CD-0746-47C8-BAB8-2AE9C083C4D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "E4B5DDAA-F7B5-4BFD-836E-F7DA0FC7B0C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4DA5440-F376-4952-ABCB-AC557C5944A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "DB7DB93B-CDD2-4662-893B-6E36F9EDA7FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "81DFD64A-FEFD-4EBA-B6EC-28D3F0EEC33B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "918ACC6A-2EE8-401F-B18A-94B8757B202E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "1B6AE143-5A29-4EE8-AF7D-5D495A2248D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "9B678D96-5987-4423-A713-57812B896380"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "A16EA6BD-003D-416E-B6C7-EBE5AA4AC2B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "7A016627-9BF2-4D25-AB97-172EAEC4C187"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "333FBE01-E5C1-4668-B50F-B64A34E799A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "FE7C4821-74F2-442C-B51F-A52788FC61F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "168E2F68-E3EA-407F-8DCE-BDB1F557FFFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "D7A74CB5-CC6E-4166-B884-498F2CF1A33E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "42DCB139-5BBE-45F3-80F5-3A43D95A58BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "1A3E3E6C-DCC0-466D-A505-5F80379CF0AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "1542CDC8-9697-44DE-8F6A-3EB25D07EEE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "1A5B33FF-EA21-4AEB-8D9A-21DA9DB5892A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "78616E5A-E1FF-40AA-8E13-0B2E84CE6F8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "5D956394-C3F3-4C88-A791-364AE555D522"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "1982ED3B-A0FA-476A-BFB2-5B7B53289496"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "AA60BF44-AF52-458A-BD3F-9FD5D8408575"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "9BFE55DC-89EA-404F-8DDF-93E351366789"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "C62D8997-DD3B-4B83-B6A5-DFC2408A9164"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "80B4A77F-F636-49BB-8CB6-60064984463F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "356E5744-AB8E-4FBA-992F-74ED8F9086CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "41FB6FFA-F38F-4754-A1E6-35073D84069E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BC0AC5A2-3724-4942-ABE2-CA9F3B9B4BDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "E3AAC1AD-C2F5-4171-BD92-95A8BA09E79A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "8CB8C4BB-4AE6-4EA2-8F38-780B627721ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "D0F14106-2A3D-4FC7-A0C7-6EDA75D1A8F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "F8C2DA36-8419-4846-BFA0-A729BE7D72C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "8AA4FA3D-7A59-4597-9D79-B6B020D86BD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "79F0CF88-FF11-4741-AFF6-9F88F57C2140"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "8E93629E-C0CB-4636-B343-1C0646D8228E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "58102464-E66F-49CD-8952-3F3F9A6A45CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "9C98E509-8466-4F95-ABE7-7ECC91640E04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "A7B89F71-ABD2-4B2D-AE6B-C0F243E89443"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "960DF373-EDE6-4318-B6E9-07573ED5907A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "3144AABF-74CB-44EE-A618-8529A8ACFCF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "88AC7AB0-40DF-44D1-83EA-FDD4D5346BBD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "4285A4A3-3DED-456D-93D4-1B9FDB42C1EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "098FD286-B6CB-4428-9A62-A5F24B4D9E92"
}
]
}
]
}
],
"references": [
{
"url": "https://checkmk.com/werk/14281",
"source": "security@checkmk.com"
"source": "security@checkmk.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-208xx/CVE-2023-20870.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-20870",
"sourceIdentifier": "security@vmware.com",
"published": "2023-04-25T22:15:09.463",
"lastModified": "2023-05-04T19:57:36.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.0.2",
"matchCriteriaId": "B628132D-043A-4989-9524-9FA53B1DEADC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.0",
"versionEndExcluding": "17.0.2",
"matchCriteriaId": "53930936-892B-421E-B75C-BD2DEC4A09AA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0008.html",
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-20xx/CVE-2023-2007.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-2007",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T23:15:18.877",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:24:30.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -23,10 +56,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0",
"matchCriteriaId": "87B81C9D-7173-4FFB-97BC-9C41AB20A53C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
}
]
}

103
CVE-2023/CVE-2023-227xx/CVE-2023-22728.json Normal file
View File

@ -0,0 +1,103 @@
{
"id": "CVE-2023-22728",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-26T14:15:09.490",
"lastModified": "2023-05-04T19:52:51.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.12.5",
"matchCriteriaId": "12AC8517-3E73-4583-BD9E-E9D129DEDAF8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

563
CVE-2023/CVE-2023-229xx/CVE-2023-22916.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22916",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T17:15:09.767",
"lastModified": "2023-04-24T17:43:16.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T19:35:46.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@ -46,10 +76,537 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.35",
"matchCriteriaId": "D646F135-E86F-44CF-BD04-3041CFBDE7B6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.35",
"matchCriteriaId": "C560A27F-849A-427B-98C3-E9DD4952D01F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.35",
"matchCriteriaId": "7F4C2F76-16B0-4695-922E-A4DFB616DCF7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.35",
"matchCriteriaId": "BFACF97D-CEDF-4CEC-931A-30DDB81FE111"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndIncluding": "5.35",
"matchCriteriaId": "0CD56415-0C96-42EA-B214-149D3FF8CB31"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.35",
"matchCriteriaId": "08997853-52B9-4DF2-A1D0-1C2D81850BA0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.35",
"matchCriteriaId": "74238C9E-D64D-4539-B4BA-FDE47C713EE0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.35",
"matchCriteriaId": "8BA7FE08-56D3-4538-BD83-C721C486796C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.35",
"matchCriteriaId": "D9C932EA-A6CD-4CB6-80AE-2B25351E99DB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.35",
"matchCriteriaId": "313E3559-F68E-4602-8D52-CC41AD1EC9A2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.35",
"matchCriteriaId": "786D44ED-568A-456F-A068-97C03C532CCE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndIncluding": "5.35",
"matchCriteriaId": "9DFC6353-26D9-48B7-B73E-541619A21E2A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndIncluding": "5.35",
"matchCriteriaId": "2B96A47F-C37B-46B2-AAA9-2B9FB1114642"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndIncluding": "5.35",
"matchCriteriaId": "426E4382-81ED-438D-ACAB-78CA8993C226"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndIncluding": "5.35",
"matchCriteriaId": "FB3080DC-B3F0-4494-8CA8-8508F76BE273"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndIncluding": "5.35",
"matchCriteriaId": "DBBF5B18-0977-43D8-9FDD-38E039994615"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndIncluding": "5.35",
"matchCriteriaId": "74E1323C-3010-4E27-9F1C-E0FFF8FED2FC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndIncluding": "5.35",
"matchCriteriaId": "4F0D40B2-5456-4B59-8A60-66DE573C23F2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-22xx/CVE-2023-2294.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2294",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-26T06:15:09.283",
"lastModified": "2023-04-26T06:15:09.283",
"vulnStatus": "Received",
"lastModified": "2023-05-04T18:00:41.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ucms_project:ucms:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED914EC-C479-4D5F-8322-2241E409AECC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yztale/UCMS1.6/blob/main/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.227481",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227481",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-234xx/CVE-2023-23470.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23470",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-04T14:15:08.847",
"lastModified": "2023-05-04T14:15:08.847",
"vulnStatus": "Received",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

116
CVE-2023/CVE-2023-238xx/CVE-2023-23837.json Normal file
View File

@ -0,0 +1,116 @@
{
"id": "CVE-2023-23837",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-04-25T18:15:09.300",
"lastModified": "2023-05-04T19:30:04.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "No exception handling vulnerability which revealed sensitive or excessive information to users."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:database_performance_analyzer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.2",
"matchCriteriaId": "D6A0B85E-0E93-4DA4-989C-B9E131E03019"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm",
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23837",
"source": "psirt@solarwinds.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}
]
}

116
CVE-2023/CVE-2023-238xx/CVE-2023-23838.json Normal file
View File

@ -0,0 +1,116 @@
{
"id": "CVE-2023-23838",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-04-25T18:15:09.370",
"lastModified": "2023-05-04T19:32:26.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.4,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:database_performance_analyzer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.2",
"matchCriteriaId": "D6A0B85E-0E93-4DA4-989C-B9E131E03019"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm",
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23838",
"source": "psirt@solarwinds.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-23xx/CVE-2023-2361.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2361",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-28T08:15:09.340",
"lastModified": "2023-04-28T12:58:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:53:57.203",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.5.21",
"matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
]
}
]
}

59
CVE-2023/CVE-2023-23xx/CVE-2023-2363.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2363",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T11:15:08.847",
"lastModified": "2023-04-28T12:58:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:54:49.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:resort_reservation_system_project:resort_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57B25E14-73A3-436D-900D-0E09E0A423DE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Resort_Reservation_System-SQL-Injection-1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.227639",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227639",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-23xx/CVE-2023-2364.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2364",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T11:15:08.923",
"lastModified": "2023-04-28T12:58:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:55:06.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:resort_reservation_system_project:resort_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57B25E14-73A3-436D-900D-0E09E0A423DE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Resort_Reservation_System-Stored-Cross-Site-Scripting-1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.227640",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227640",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-23xx/CVE-2023-2365.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2365",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T12:15:09.877",
"lastModified": "2023-04-28T12:58:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:55:20.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:faculty_evaluation_system_project:faculty_evaluation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2433CE4C-87DF-4B90-A449-C844403740C8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/oV201/cve_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.227641",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227641",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-23xx/CVE-2023-2366.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2366",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T12:15:09.937",
"lastModified": "2023-04-28T12:58:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:55:31.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:faculty_evaluation_system_project:faculty_evaluation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2433CE4C-87DF-4B90-A449-C844403740C8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/oV201/cve_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-2.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.227642",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227642",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-23xx/CVE-2023-2367.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2367",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T13:15:13.697",
"lastModified": "2023-04-28T14:11:00.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:55:44.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:faculty_evaluation_system_project:faculty_evaluation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2433CE4C-87DF-4B90-A449-C844403740C8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/f0llow/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.227643",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227643",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-23xx/CVE-2023-2368.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2368",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T13:15:13.797",
"lastModified": "2023-04-28T14:11:00.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:55:55.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:faculty_evaluation_system_project:faculty_evaluation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2433CE4C-87DF-4B90-A449-C844403740C8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/f0llow/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-2.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.227644",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227644",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-23xx/CVE-2023-2369.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2369",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T13:15:13.863",
"lastModified": "2023-04-28T14:11:00.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:56:02.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:faculty_evaluation_system_project:faculty_evaluation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2433CE4C-87DF-4B90-A449-C844403740C8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/f0llow/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-3.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.227645",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227645",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-247xx/CVE-2023-24796.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-24796",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T13:15:08.807",
"lastModified": "2023-05-04T19:42:22.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:vinga:wr-ac1200_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "81.102.1.4370",
"matchCriteriaId": "1CEAF5F2-85F9-4DE1-B989-EE66D6B220B5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:vinga:wr-ac1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC887451-A336-4BD3-BDF2-72B44E31D208"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/yinfei6/3664387cb5b66b68c7eff4bfdb51b2d6",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-249xx/CVE-2023-24958.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24958",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-04T14:15:10.173",
"lastModified": "2023-05-04T14:15:10.173",
"vulnStatus": "Received",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

77
CVE-2023/CVE-2023-253xx/CVE-2023-25313.json Normal file
View File

@ -0,0 +1,77 @@
{
"id": "CVE-2023-25313",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T16:15:09.417",
"lastModified": "2023-05-04T19:05:02.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.4",
"matchCriteriaId": "C7827575-CC53-4298-AA70-AFD19408C79A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-pgvh-p3g4-86jw",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-259xx/CVE-2023-25962.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25962",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-04T13:15:18.060",
"lastModified": "2023-05-04T13:15:18.060",
"vulnStatus": "Received",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

84
CVE-2023/CVE-2023-25xx/CVE-2023-2519.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-2519",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-04T17:15:13.753",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. VDB-228010 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.228010",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.228010",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-25xx/CVE-2023-2520.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-2520",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-04T17:15:13.843",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031001) and classified as critical. This issue affects some unknown processing of the file cgi-bin/tools_ping.cgi?action=Command of the component Ping Handler. The manipulation of the argument Destination leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228011. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.228011",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.228011",
"source": "cna@vuldb.com"
},
{
"url": "https://www.youtube.com/watch?v=H1y7CXjJDmU",
"source": "cna@vuldb.com"
}
]
}

84
CVE-2023/CVE-2023-25xx/CVE-2023-2521.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-2521",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-04T17:15:13.917",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input <svg onload=alert(1337)> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228012. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.228012",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.228012",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-25xx/CVE-2023-2522.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-2522",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-04T18:15:09.763",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=access_detect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228013 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/eckert-lcc/cve/blob/main/Flying%20fish%20star.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.228013",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.228013",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-25xx/CVE-2023-2523.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-2523",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-04T18:15:10.063",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/RCEraser/cve/blob/main/Weaver.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.228014",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.228014",
"source": "cna@vuldb.com"
}
]
}

84
CVE-2023/CVE-2023-25xx/CVE-2023-2524.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-2524",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-04T19:15:09.123",
"lastModified": "2023-05-04T19:15:09.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-425"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.228015",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.228015",
"source": "cna@vuldb.com"
}
]
}

4
CVE-2023/CVE-2023-260xx/CVE-2023-26010.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26010",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-04T14:15:10.593",
"lastModified": "2023-05-04T14:15:10.593",
"vulnStatus": "Received",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-260xx/CVE-2023-26012.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26012",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-04T14:15:11.090",
"lastModified": "2023-05-04T14:15:11.090",
"vulnStatus": "Received",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-260xx/CVE-2023-26016.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26016",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-04T13:15:18.633",
"lastModified": "2023-05-04T13:15:18.633",
"vulnStatus": "Received",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-260xx/CVE-2023-26098.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26098",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T12:15:09.427",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:47:35.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,14 +54,49 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:telindus:apsal:3.14.2022.235_b:*:*:*:*:*:*:*",
"matchCriteriaId": "1550EDE4-64F7-4BEE-BEB6-4964143F5E19"
}
]
}
]
}
],
"references": [
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-26098",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.telindus.lu/fr/produits/apsal",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

97
CVE-2023/CVE-2023-271xx/CVE-2023-27105.json
View File

@ -2,23 +2,110 @@
"id": "CVE-2023-27105",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T15:15:08.783",
"lastModified": "2023-04-25T15:57:53.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:59:37.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shanling:eddict_player:2.1.3:*:*:*:*:android:*:*",
"matchCriteriaId": "BED08E66-5FFE-4762-BB89-3BD069D0EC78"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:shanling:mtouch_os:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C12870AC-301D-4F5C-9E5C-81EA23255DD0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:shanling:m2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE7280C-81D1-407E-94D2-E50D2D21105E"
}
]
}
]
}
],
"references": [
{
"url": "https://en.shanling.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://hexavector.github.io/4bf46f12/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-278xx/CVE-2023-27843.json Normal file
View File

@ -0,0 +1,85 @@
{
"id": "CVE-2023-27843",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T00:15:09.267",
"lastModified": "2023-05-04T19:27:59.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ask_for_a_quote_project:ask_for_a_quote:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "5.4.2",
"matchCriteriaId": "3B662915-A5FD-435A-A507-794EF762E756"
}
]
}
]
}
],
"references": [
{
"url": "https://addons.prestashop.com/en/quotes/3725-ask-for-a-quote-convert-to-order-messaging-system.html",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://friends-of-presta.github.io/security-advisories/modules/2023/04/25/askforaquote.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

602
CVE-2023/CVE-2023-287xx/CVE-2023-28771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28771",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-25T02:15:08.743",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:46:01.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@ -46,10 +76,576 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "558978AD-8153-4C1F-A6DE-CCFBF69F754D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.35",
"matchCriteriaId": "B150462B-6A4A-4B8C-800D-A83E24C79819"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "A32A52F5-5406-4A44-A5C1-42FCDC8C6B22"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "320FC232-D76C-4D8A-8003-7C9A7A287A4C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "2360F0CC-6958-47B6-87A9-B03D52DEBAF8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "6C4EE067-E0F0-49B7-8698-8B1AD8E346F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "D96CB09A-9AB3-4360-ACFC-A917E7EEC460"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "F0226DAD-492B-493D-B15E-90AA593BAAAB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "030F29C9-5435-4EA5-B009-895BB2259C19"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "3CF08551-BA8E-47BC-985D-D5ED76A46793"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "62ACD903-AC40-451C-B2AB-6F843B3C8897"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "BE7B066A-5AF0-42AF-A341-A91802F588F1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "04A828C5-B71C-43EE-8132-C14C58A52360"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "42F4D9F3-BCBF-4990-B270-3592D69FCC22"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "E136FA9E-48A2-428C-9F0A-CD9DB7F91581"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "5DCFD02F-5884-4A96-957D-4CEEDB3826BE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "5.36",
"matchCriteriaId": "9C6AFD50-926C-4579-A951-4EFDCBA512F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zywall_usg_310_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "4.73",
"matchCriteriaId": "D84D915E-8075-4DFC-8C83-D7E6A65D7AFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zywall_usg_310_firmware:4.73:-:*:*:*:*:*:*",
"matchCriteriaId": "34699536-4CA4-4F87-8E69-A16F2C88A1E8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:zywall_usg_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A983A8D5-1B1E-4DE5-93FE-DED5B2DDCB83"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zywall_usg_100_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.60",
"versionEndExcluding": "4.73",
"matchCriteriaId": "81F20DFB-ED71-4D6F-9B15-4F86341550A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zywall_usg_100_firmware:4.73:-:*:*:*:*:*:*",
"matchCriteriaId": "5D5DCBFB-AB12-4525-ADD4-F85059E59177"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:zywall_usg_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB902356-D134-434B-8BAF-2CB366F32050"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

142
CVE-2023/CVE-2023-288xx/CVE-2023-28847.json Normal file
View File

@ -0,0 +1,142 @@
{
"id": "CVE-2023-28847",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-25T17:15:08.963",
"lastModified": "2023-05-04T19:19:34.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attacker is not restricted in verifying passwords of share links so they can just start brute forcing the password. Nextcloud Server 24.0.11 and 25.0.5 and Nextcloud Enterprise Server 23.0.12.6, 24.0.11, and 25.0.5 contain a fix for this issue. No known workarounds are available."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.0.12.6",
"matchCriteriaId": "CE1029E7-ACE9-4547-A18D-10300912A87B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.0.11",
"matchCriteriaId": "F826F841-9E60-44B7-81F0-77E552CC2BAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.0.11",
"matchCriteriaId": "6A5FB4F4-16FC-4B98-897C-4DA109899A28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.5",
"matchCriteriaId": "8B9FE0C2-3437-42C6-9F9E-84DB8AC4D3B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.5",
"matchCriteriaId": "88FDB61B-A9D8-4762-B6DD-A6FFF347E0B7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r5wf-xj97-3w7w",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/35057",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://hackerone.com/reports/1894653",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-288xx/CVE-2023-28882.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-28882",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-28T04:15:38.017",
"lastModified": "2023-04-28T12:58:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:53:59.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.5",
"versionEndExcluding": "3.0.9",
"matchCriteriaId": "E45908C1-75D7-49A7-86EE-07B4305BDA04"
}
]
}
]
}
],
"references": [
{
"url": "https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

125
CVE-2023/CVE-2023-292xx/CVE-2023-29200.json Normal file
View File

@ -0,0 +1,125 @@
{
"id": "CVE-2023-29200",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-25T18:15:09.510",
"lastModified": "2023-05-04T19:35:45.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "4.9.40",
"matchCriteriaId": "899AC8E3-897E-4949-937A-DC2BE6C83064"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10.0",
"versionEndExcluding": "4.13.21",
"matchCriteriaId": "374F1348-15EC-4952-B6B7-3E19BE0950DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.1.4",
"matchCriteriaId": "F47206DC-DFB3-43F7-BD46-67C4893F1A37"
}
]
}
]
}
],
"references": [
{
"url": "https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

225
CVE-2023/CVE-2023-292xx/CVE-2023-29257.json Normal file
View File

@ -0,0 +1,225 @@
{
"id": "CVE-2023-29257",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-04-26T13:15:08.853",
"lastModified": "2023-05-04T19:39:08.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.1",
"versionEndExcluding": "11.1.4",
"matchCriteriaId": "421BBE95-3D5B-421A-9DC1-8B08D019B2A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.5",
"versionEndExcluding": "11.5.8",
"matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
"matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*",
"matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
"matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
"matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
"matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
"matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
"matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
"matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
"matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
"matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
"matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
"matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
"matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
"matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
"matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
"matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
"matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
"matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252011",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/6985691",
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

198
CVE-2023/CVE-2023-295xx/CVE-2023-29552.json Normal file
View File

@ -0,0 +1,198 @@
{
"id": "CVE-2023-29552",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T16:15:09.537",
"lastModified": "2023-05-04T19:07:23.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:suse:manager_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E8CE0B-23E7-45BF-AAFB-AD12DC7EB0F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
"matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
"matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:sap:*:*",
"matchCriteriaId": "5D18AA86-88AF-481B-A24F-429BF79264AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:-:*:*",
"matchCriteriaId": "B1B7847D-6C17-4817-B71E-C034894B70A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*",
"matchCriteriaId": "C665A768-DBDA-4197-9159-A2791E98A84F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:vmware:esxi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"matchCriteriaId": "D223DD19-0441-4EBD-9F51-5E9012434517"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:service_location_protocol_project:service_location_protocol:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64E7C090-F632-4975-9C4C-E89100088BF4"
}
]
}
]
}
],
"references": [
{
"url": "https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc2608",
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
},
{
"url": "https://github.com/curesec/slpload",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230426-0001/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.suse.com/support/kb/doc/?id=000021051",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-298xx/CVE-2023-29827.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29827",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T14:15:11.363",
"lastModified": "2023-05-04T14:15:11.363",
"vulnStatus": "Received",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-299xx/CVE-2023-29994.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-29994",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T17:15:13.577",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/emqx/nanomq/issues/1042",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-299xx/CVE-2023-29995.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-29995",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T17:15:13.643",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/emqx/nanomq/issues/1043",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-299xx/CVE-2023-29996.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-29996",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T17:15:13.690",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/emqx/nanomq/issues/1038",
"source": "cve@mitre.org"
}
]
}

89
CVE-2023/CVE-2023-301xx/CVE-2023-30106.json Normal file
View File

@ -0,0 +1,89 @@
{
"id": "CVE-2023-30106",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T00:15:09.310",
"lastModified": "2023-05-04T19:28:56.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:medicine_tracker_system_project:medicine_tracker_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "313F1413-ACA3-49E9-9315-856D212D7DB5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Rajeshwar40/CVE/blob/main/2023-30106",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts_0.zip",
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

82
CVE-2023/CVE-2023-301xx/CVE-2023-30111.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2023-30111",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T00:15:09.347",
"lastModified": "2023-05-04T18:02:09.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:medicine_tracker_system_project:medicine_tracker_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "313F1413-ACA3-49E9-9315-856D212D7DB5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Rajeshwar40/CVE/blob/main/2023-30111",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts_0.zip",
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

82
CVE-2023/CVE-2023-301xx/CVE-2023-30112.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2023-30112",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T14:15:09.660",
"lastModified": "2023-05-04T19:52:11.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:medicine_tracker_system_project:medicine_tracker_system:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12D8990C-56A8-424F-A615-0E5350924342"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Rajeshwar40/CVE/blob/main/CVE-2023-30112",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts_0.zip",
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

75
CVE-2023/CVE-2023-301xx/CVE-2023-30177.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2023-30177",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T18:15:09.627",
"lastModified": "2023-05-04T19:36:10.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:craftcms:craft_cms:3.7.59:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3C0EB0-BC83-4827-A8FA-8C0F9A3FC159"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/craftcms/cms/commit/00fb253d5318e10204433e5d93934108e574005e",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

20
CVE-2023/CVE-2023-301xx/CVE-2023-30184.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-30184",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T17:15:14.047",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/typecho/typecho/issues/1546",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-302xx/CVE-2023-30203.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-30203",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T17:15:14.093",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/judging-management-system/SQLi-2.md",
"source": "cve@mitre.org"
}
]
}

76
CVE-2023/CVE-2023-302xx/CVE-2023-30265.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2023-30265",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T14:15:09.697",
"lastModified": "2023-05-04T19:15:15.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CLTPHP <=6.0 is vulnerable to Directory Traversal."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cltphp:cltphp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0",
"matchCriteriaId": "15CDA35B-3FCD-4AAA-B686-95A08504F7FD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Path%20Traversal.md",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

76
CVE-2023/CVE-2023-302xx/CVE-2023-30266.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2023-30266",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T14:15:09.737",
"lastModified": "2023-05-04T19:14:22.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cltphp:cltphp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0",
"matchCriteriaId": "15CDA35B-3FCD-4AAA-B686-95A08504F7FD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type%201.md",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

76
CVE-2023/CVE-2023-302xx/CVE-2023-30267.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2023-30267",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T14:15:09.777",
"lastModified": "2023-05-04T18:43:05.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cltphp:cltphp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0",
"matchCriteriaId": "15CDA35B-3FCD-4AAA-B686-95A08504F7FD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Reflected%20cross-site%20scripting(XSS).md",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

76
CVE-2023/CVE-2023-302xx/CVE-2023-30269.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2023-30269",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T14:15:09.813",
"lastModified": "2023-05-04T19:08:50.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cltphp:cltphp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0",
"matchCriteriaId": "15CDA35B-3FCD-4AAA-B686-95A08504F7FD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Improper%20Input%20Validation%201.md",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

77
CVE-2023/CVE-2023-304xx/CVE-2023-30402.json Normal file
View File

@ -0,0 +1,77 @@
{
"id": "CVE-2023-30402",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T16:15:09.590",
"lastModified": "2023-05-04T19:13:06.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yasm_project:yasm:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6556F7-3880-452A-ABA9-1A8A14BA41F3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yasm/yasm/issues/206",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

117
CVE-2023/CVE-2023-305xx/CVE-2023-30545.json Normal file
View File

@ -0,0 +1,117 @@
{
"id": "CVE-2023-30545",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-25T18:15:09.677",
"lastModified": "2023-05-04T19:38:07.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.8.9",
"matchCriteriaId": "38174A16-34A0-4E08-8485-B413ADC32907"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.0.4",
"matchCriteriaId": "B84AB40A-755F-4AD7-AD86-D2FD642C710D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/cddac4198a47c602878a787280d813f60c6c0630",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/d900806e1841a31f26ff0a1843a6888fc1bb7f81",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8r4m-5p6p-52rp",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-305xx/CVE-2023-30550.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-30550",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-04T18:15:10.150",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://github.com/metersphere/metersphere/releases/tag/v2.9.0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-j5cq-cpw2-gp2q",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-306xx/CVE-2023-30619.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30619",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-04T14:15:11.663",
"lastModified": "2023-05-04T14:15:11.663",
"vulnStatus": "Received",
"lastModified": "2023-05-04T18:45:32.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2023/CVE-2023-306xx/CVE-2023-30629.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30629",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T22:15:10.030",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T18:22:10.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,26 +66,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vyper_project:vyper:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.3.1",
"versionEndExcluding": "0.3.8",
"matchCriteriaId": "AAB49684-EB30-49CD-9385-AD790BEB56F9"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/lidofinance/gate-seals/pull/5/files",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-312xx/CVE-2023-31223.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31223",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T23:15:09.090",
"lastModified": "2023-04-25T23:15:09.090",
"vulnStatus": "Received",
"lastModified": "2023-05-04T19:47:24.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +54,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dradisframework:dradis:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.0",
"matchCriteriaId": "8988FEBD-6558-4753-B319-095CF5504732"
}
]
}
]
}
],
"references": [
{
"url": "https://dradisframework.com/ce/security_reports.html#fixed-4.8.0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

85
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-04T18:00:29.167574+00:00
2023-05-04T20:00:25.177435+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-04T16:06:52.953000+00:00
2023-05-04T19:57:36.087000+00:00
```
### Last Data Feed Release
@ -29,20 +29,93 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
214055
214067
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `4`
* [CVE-2023-2522](CVE-2023/CVE-2023-25xx/CVE-2023-2522.json) (`2023-05-04T18:15:09.763`)
* [CVE-2023-2523](CVE-2023/CVE-2023-25xx/CVE-2023-2523.json) (`2023-05-04T18:15:10.063`)
* [CVE-2023-2524](CVE-2023/CVE-2023-25xx/CVE-2023-2524.json) (`2023-05-04T19:15:09.123`)
* [CVE-2023-30550](CVE-2023/CVE-2023-305xx/CVE-2023-30550.json) (`2023-05-04T18:15:10.150`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `70`
* [CVE-2023-29469](CVE-2023/CVE-2023-294xx/CVE-2023-29469.json) (`2023-05-04T16:06:52.953`)
* [CVE-2021-38363](CVE-2021/CVE-2021-383xx/CVE-2021-38363.json) (`2023-05-04T18:29:57.960`)
* [CVE-2021-38364](CVE-2021/CVE-2021-383xx/CVE-2021-38364.json) (`2023-05-04T18:28:18.383`)
* [CVE-2022-23721](CVE-2022/CVE-2022-237xx/CVE-2022-23721.json) (`2023-05-04T19:39:23.267`)
* [CVE-2022-24035](CVE-2022/CVE-2022-240xx/CVE-2022-24035.json) (`2023-05-04T18:27:25.390`)
* [CVE-2022-27978](CVE-2022/CVE-2022-279xx/CVE-2022-27978.json) (`2023-05-04T18:47:32.747`)
* [CVE-2022-27979](CVE-2022/CVE-2022-279xx/CVE-2022-27979.json) (`2023-05-04T18:34:40.333`)
* [CVE-2022-31244](CVE-2022/CVE-2022-312xx/CVE-2022-31244.json) (`2023-05-04T19:02:43.130`)
* [CVE-2022-39989](CVE-2022/CVE-2022-399xx/CVE-2022-39989.json) (`2023-05-04T19:49:24.510`)
* [CVE-2022-40482](CVE-2022/CVE-2022-404xx/CVE-2022-40482.json) (`2023-05-04T19:40:31.363`)
* [CVE-2022-40722](CVE-2022/CVE-2022-407xx/CVE-2022-40722.json) (`2023-05-04T19:46:42.447`)
* [CVE-2022-40723](CVE-2022/CVE-2022-407xx/CVE-2022-40723.json) (`2023-05-04T19:48:57.540`)
* [CVE-2022-40724](CVE-2022/CVE-2022-407xx/CVE-2022-40724.json) (`2023-05-04T19:49:32.557`)
* [CVE-2022-40725](CVE-2022/CVE-2022-407xx/CVE-2022-40725.json) (`2023-05-04T19:52:10.610`)
* [CVE-2022-45291](CVE-2022/CVE-2022-452xx/CVE-2022-45291.json) (`2023-05-04T19:57:26.577`)
* [CVE-2022-45818](CVE-2022/CVE-2022-458xx/CVE-2022-45818.json) (`2023-05-04T18:45:32.047`)
* [CVE-2022-46302](CVE-2022/CVE-2022-463xx/CVE-2022-46302.json) (`2023-05-04T18:32:15.130`)
* [CVE-2023-2007](CVE-2023/CVE-2023-20xx/CVE-2023-2007.json) (`2023-05-04T18:24:30.803`)
* [CVE-2023-20870](CVE-2023/CVE-2023-208xx/CVE-2023-20870.json) (`2023-05-04T19:57:36.087`)
* [CVE-2023-22728](CVE-2023/CVE-2023-227xx/CVE-2023-22728.json) (`2023-05-04T19:52:51.293`)
* [CVE-2023-22916](CVE-2023/CVE-2023-229xx/CVE-2023-22916.json) (`2023-05-04T19:35:46.887`)
* [CVE-2023-2294](CVE-2023/CVE-2023-22xx/CVE-2023-2294.json) (`2023-05-04T18:00:41.803`)
* [CVE-2023-23470](CVE-2023/CVE-2023-234xx/CVE-2023-23470.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-2361](CVE-2023/CVE-2023-23xx/CVE-2023-2361.json) (`2023-05-04T18:53:57.203`)
* [CVE-2023-2363](CVE-2023/CVE-2023-23xx/CVE-2023-2363.json) (`2023-05-04T18:54:49.473`)
* [CVE-2023-2364](CVE-2023/CVE-2023-23xx/CVE-2023-2364.json) (`2023-05-04T18:55:06.683`)
* [CVE-2023-2365](CVE-2023/CVE-2023-23xx/CVE-2023-2365.json) (`2023-05-04T18:55:20.170`)
* [CVE-2023-2366](CVE-2023/CVE-2023-23xx/CVE-2023-2366.json) (`2023-05-04T18:55:31.070`)
* [CVE-2023-2367](CVE-2023/CVE-2023-23xx/CVE-2023-2367.json) (`2023-05-04T18:55:44.637`)
* [CVE-2023-2368](CVE-2023/CVE-2023-23xx/CVE-2023-2368.json) (`2023-05-04T18:55:55.883`)
* [CVE-2023-2369](CVE-2023/CVE-2023-23xx/CVE-2023-2369.json) (`2023-05-04T18:56:02.097`)
* [CVE-2023-23837](CVE-2023/CVE-2023-238xx/CVE-2023-23837.json) (`2023-05-04T19:30:04.907`)
* [CVE-2023-23838](CVE-2023/CVE-2023-238xx/CVE-2023-23838.json) (`2023-05-04T19:32:26.440`)
* [CVE-2023-24796](CVE-2023/CVE-2023-247xx/CVE-2023-24796.json) (`2023-05-04T19:42:22.003`)
* [CVE-2023-24958](CVE-2023/CVE-2023-249xx/CVE-2023-24958.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-2519](CVE-2023/CVE-2023-25xx/CVE-2023-2519.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-2520](CVE-2023/CVE-2023-25xx/CVE-2023-2520.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-2521](CVE-2023/CVE-2023-25xx/CVE-2023-2521.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-25313](CVE-2023/CVE-2023-253xx/CVE-2023-25313.json) (`2023-05-04T19:05:02.003`)
* [CVE-2023-25962](CVE-2023/CVE-2023-259xx/CVE-2023-25962.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-26010](CVE-2023/CVE-2023-260xx/CVE-2023-26010.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-26012](CVE-2023/CVE-2023-260xx/CVE-2023-26012.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-26016](CVE-2023/CVE-2023-260xx/CVE-2023-26016.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-26098](CVE-2023/CVE-2023-260xx/CVE-2023-26098.json) (`2023-05-04T18:47:35.130`)
* [CVE-2023-27105](CVE-2023/CVE-2023-271xx/CVE-2023-27105.json) (`2023-05-04T18:59:37.013`)
* [CVE-2023-27843](CVE-2023/CVE-2023-278xx/CVE-2023-27843.json) (`2023-05-04T19:27:59.923`)
* [CVE-2023-28771](CVE-2023/CVE-2023-287xx/CVE-2023-28771.json) (`2023-05-04T18:46:01.730`)
* [CVE-2023-28847](CVE-2023/CVE-2023-288xx/CVE-2023-28847.json) (`2023-05-04T19:19:34.863`)
* [CVE-2023-28882](CVE-2023/CVE-2023-288xx/CVE-2023-28882.json) (`2023-05-04T18:53:59.980`)
* [CVE-2023-29200](CVE-2023/CVE-2023-292xx/CVE-2023-29200.json) (`2023-05-04T19:35:45.310`)
* [CVE-2023-29257](CVE-2023/CVE-2023-292xx/CVE-2023-29257.json) (`2023-05-04T19:39:08.163`)
* [CVE-2023-29552](CVE-2023/CVE-2023-295xx/CVE-2023-29552.json) (`2023-05-04T19:07:23.597`)
* [CVE-2023-29827](CVE-2023/CVE-2023-298xx/CVE-2023-29827.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-29994](CVE-2023/CVE-2023-299xx/CVE-2023-29994.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-29995](CVE-2023/CVE-2023-299xx/CVE-2023-29995.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-29996](CVE-2023/CVE-2023-299xx/CVE-2023-29996.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-30106](CVE-2023/CVE-2023-301xx/CVE-2023-30106.json) (`2023-05-04T19:28:56.020`)
* [CVE-2023-30111](CVE-2023/CVE-2023-301xx/CVE-2023-30111.json) (`2023-05-04T18:02:09.460`)
* [CVE-2023-30112](CVE-2023/CVE-2023-301xx/CVE-2023-30112.json) (`2023-05-04T19:52:11.437`)
* [CVE-2023-30177](CVE-2023/CVE-2023-301xx/CVE-2023-30177.json) (`2023-05-04T19:36:10.787`)
* [CVE-2023-30184](CVE-2023/CVE-2023-301xx/CVE-2023-30184.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-30203](CVE-2023/CVE-2023-302xx/CVE-2023-30203.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-30265](CVE-2023/CVE-2023-302xx/CVE-2023-30265.json) (`2023-05-04T19:15:15.477`)
* [CVE-2023-30266](CVE-2023/CVE-2023-302xx/CVE-2023-30266.json) (`2023-05-04T19:14:22.830`)
* [CVE-2023-30267](CVE-2023/CVE-2023-302xx/CVE-2023-30267.json) (`2023-05-04T18:43:05.367`)
* [CVE-2023-30269](CVE-2023/CVE-2023-302xx/CVE-2023-30269.json) (`2023-05-04T19:08:50.027`)
* [CVE-2023-30402](CVE-2023/CVE-2023-304xx/CVE-2023-30402.json) (`2023-05-04T19:13:06.880`)
* [CVE-2023-30545](CVE-2023/CVE-2023-305xx/CVE-2023-30545.json) (`2023-05-04T19:38:07.270`)
* [CVE-2023-30619](CVE-2023/CVE-2023-306xx/CVE-2023-30619.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-30629](CVE-2023/CVE-2023-306xx/CVE-2023-30629.json) (`2023-05-04T18:22:10.567`)
* [CVE-2023-31223](CVE-2023/CVE-2023-312xx/CVE-2023-31223.json) (`2023-05-04T19:47:24.003`)
## Download and Usage