admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-14T23:55:24.724313+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-14 23:55:28 +00:00
parent b14e8d702e
commit afde84b18f
20 changed files with 847 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
CVE-2023/CVE-2023-29xx/CVE-2023-2967.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2967",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-10T16:15:51.757",
"lastModified": "2023-07-10T16:27:17.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-14T23:40:58.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tinymce_custom_styles_project:tinymce_custom_styles:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.4",
"matchCriteriaId": "806BF57D-6ED8-4043-A605-7FD457D656A7"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/9afec4aa-1210-4c40-b566-64e37acf2b64",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

18
CVE-2023/CVE-2023-309xx/CVE-2023-30990.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30990",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-07-04T00:15:09.927",
"lastModified": "2023-07-05T13:00:42.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-14T23:15:08.793",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -17,20 +17,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},

79
CVE-2023/CVE-2023-342xx/CVE-2023-34236.json Normal file
View File

@ -0,0 +1,79 @@
{
"id": "CVE-2023-34236",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-14T22:15:09.083",
"lastModified": "2023-07-14T22:15:09.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Weave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This vulnerability stems from Weave GitOps Terraform Runners (`tf-runner`), where sensitive data is inadvertently printed - potentially revealing sensitive user data in their pod logs. In particular, functions `tfexec.ShowPlan`, `tfexec.ShowPlanRaw`, and `tfexec.Output` are implicated when the `tfexec` object set its `Stdout` and `Stderr` to be `os.Stdout` and `os.Stderr`. An unauthorized remote attacker could exploit this vulnerability by accessing these prints of sensitive information, which may contain configurations or tokens that could be used to gain unauthorized control or access to resources managed by the Terraform controller. A successful exploit could allow the attacker to utilize this sensitive data, potentially leading to unauthorized access or control of the system. This vulnerability has been addressed in Weave GitOps Terraform Controller versions `v0.14.4` and `v0.15.0-rc.5`. Users are urged to upgrade to one of these versions to mitigate the vulnerability. As a temporary measure until the patch can be applied, users can add the environment variable `DISABLE_TF_LOGS` to the tf-runners via the runner pod template of the Terraform Custom Resource. This will prevent the logging of sensitive information and mitigate the risk of this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/weaveworks/tf-controller/commit/28282bc644054e157c3b9a3d38f1f9551ce09074",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/weaveworks/tf-controller/commit/6323b355bd7f5d2ce85d0244fe0883af3881df4e",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/weaveworks/tf-controller/commit/9708fda28ccd0466cb0a8fd409854ab4d92f7dca",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/weaveworks/tf-controller/commit/98a0688036e9dbcf43fa84960d9a1ef3e09a69cf",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/weaveworks/tf-controller/issues/637",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/weaveworks/tf-controller/issues/649",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/weaveworks/tf-controller/security/advisories/GHSA-6hvv-j432-23cv",
"source": "security-advisories@github.com"
}
]
}

54
CVE-2023/CVE-2023-35xx/CVE-2023-3554.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3554",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-10T16:15:55.623",
"lastModified": "2023-07-10T16:27:17.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-14T23:23:12.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +93,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gzscripts:gz_forum_script:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2C142F-F79D-4018-9BC7-39C8948B73B9"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.233348",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.233348",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-35xx/CVE-2023-3555.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3555",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-10T16:15:55.683",
"lastModified": "2023-07-10T16:27:17.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-14T23:26:31.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +93,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gzscripts:php_vacation_rental_script:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "377CD916-56A0-49E1-B738-A653C9024C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.233349",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.233349",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-35xx/CVE-2023-3556.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3556",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-10T16:15:55.750",
"lastModified": "2023-07-10T16:27:17.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-14T23:32:04.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +83,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,16 +91,50 @@
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gzscripts:car_listing_script_php:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E5194F3C-21C0-4AEE-B396-D88F64136129"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.233350",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.233350",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2023/CVE-2023-35xx/CVE-2023-3557.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3557",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-10T16:15:55.817",
"lastModified": "2023-07-10T16:27:17.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-14T23:35:37.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +93,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gzscripts:property_listing_script:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0875B06-F152-479F-916A-38182C306140"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.233351",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.233351",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2023/CVE-2023-35xx/CVE-2023-3558.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3558",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-10T16:15:55.887",
"lastModified": "2023-07-10T16:27:17.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-14T23:17:31.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +93,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gzscripts:event_booking_calendar:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2214A7CF-82E1-4E96-83E2-983C015CB669"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.233352",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.233352",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-35xx/CVE-2023-3559.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3559",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-10T16:15:55.950",
"lastModified": "2023-07-10T16:27:17.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-14T23:39:17.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +83,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,16 +91,50 @@
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gzscripts:php_gz_appointment_scheduling_script:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "34C54A9E-0EC9-4878-A6AC-983AADE29415"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.233353",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.233353",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2023/CVE-2023-35xx/CVE-2023-3561.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3561",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-10T16:15:56.077",
"lastModified": "2023-07-10T16:27:17.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-14T23:49:17.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +93,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gzscripts:php_gz_hotel_booking_script:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "68C1FA00-D119-4A83-89F3-8BB583A222A8"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.233355",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.233355",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2023/CVE-2023-35xx/CVE-2023-3563.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3563",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-10T16:15:56.197",
"lastModified": "2023-07-10T16:27:17.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-14T23:53:17.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +93,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gzscripts:gz_e_learning_platform:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5D381433-8DCD-4CA3-808F-22062BAF06CB"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.233357",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.233357",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-364xx/CVE-2023-36466.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36466",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-14T22:15:09.170",
"lastModified": "2023-07-14T22:15:09.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-4hjh-wg43-p932",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-368xx/CVE-2023-36810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36810",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-30T19:15:09.357",
"lastModified": "2023-07-10T16:28:46.123",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-14T23:15:08.883",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -109,6 +109,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00019.html",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-368xx/CVE-2023-36818.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-36818",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-14T22:15:09.243",
"lastModified": "2023-07-14T22:15:09.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/commit/52b003d915761f1581ae2d105f3cbe76df7bf1ff",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-gxqx-3q2p-37gm",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-372xx/CVE-2023-37268.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-37268",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-14T22:15:09.317",
"lastModified": "2023-07-14T22:15:09.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2023/CVE-2023-377xx/CVE-2023-37793.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37793",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-14T23:15:08.970",
"lastModified": "2023-07-14T23:15:08.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow via the component /upgrade_filter.asp."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/PwnYouLin/IOT_vul/blob/main/wayos/2/readme.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-377xx/CVE-2023-37794.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37794",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-14T23:15:09.020",
"lastModified": "2023-07-14T23:15:09.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/PwnYouLin/IOT_vul/tree/main/wayos/1",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-383xx/CVE-2023-38336.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38336",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-14T22:15:09.387",
"lastModified": "2023-07-14T22:15:09.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778."
}
],
"metrics": {},
"references": [
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039689",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-383xx/CVE-2023-38337.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38337",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-14T22:15:09.430",
"lastModified": "2023-07-14T22:15:09.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/rswag/rswag/compare/2.9.0...2.10.1",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/rswag/rswag/issues/653",
"source": "cve@mitre.org"
}
]
}

79
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-14T22:00:24.923439+00:00
2023-07-14T23:55:24.724313+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-14T21:47:05.550000+00:00
2023-07-14T23:53:17.863000+00:00
```
### Last Data Feed Release
@ -29,69 +29,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
220335
220343
```
### CVEs added in the last Commit
Recently added CVEs: `25`
Recently added CVEs: `8`
* [CVE-2023-24896](CVE-2023/CVE-2023-248xx/CVE-2023-24896.json) (`2023-07-14T18:15:09.477`)
* [CVE-2023-32759](CVE-2023/CVE-2023-327xx/CVE-2023-32759.json) (`2023-07-14T18:15:09.700`)
* [CVE-2023-32760](CVE-2023/CVE-2023-327xx/CVE-2023-32760.json) (`2023-07-14T18:15:09.787`)
* [CVE-2023-32761](CVE-2023/CVE-2023-327xx/CVE-2023-32761.json) (`2023-07-14T18:15:09.897`)
* [CVE-2023-36834](CVE-2023/CVE-2023-368xx/CVE-2023-36834.json) (`2023-07-14T18:15:10.057`)
* [CVE-2023-36835](CVE-2023/CVE-2023-368xx/CVE-2023-36835.json) (`2023-07-14T18:15:10.133`)
* [CVE-2023-36836](CVE-2023/CVE-2023-368xx/CVE-2023-36836.json) (`2023-07-14T18:15:10.213`)
* [CVE-2023-36840](CVE-2023/CVE-2023-368xx/CVE-2023-36840.json) (`2023-07-14T18:15:10.290`)
* [CVE-2023-36848](CVE-2023/CVE-2023-368xx/CVE-2023-36848.json) (`2023-07-14T18:15:10.370`)
* [CVE-2023-36849](CVE-2023/CVE-2023-368xx/CVE-2023-36849.json) (`2023-07-14T18:15:10.503`)
* [CVE-2023-36883](CVE-2023/CVE-2023-368xx/CVE-2023-36883.json) (`2023-07-14T18:15:10.627`)
* [CVE-2023-36887](CVE-2023/CVE-2023-368xx/CVE-2023-36887.json) (`2023-07-14T18:15:10.690`)
* [CVE-2023-36888](CVE-2023/CVE-2023-368xx/CVE-2023-36888.json) (`2023-07-14T18:15:10.750`)
* [CVE-2023-37223](CVE-2023/CVE-2023-372xx/CVE-2023-37223.json) (`2023-07-14T18:15:10.847`)
* [CVE-2023-37224](CVE-2023/CVE-2023-372xx/CVE-2023-37224.json) (`2023-07-14T18:15:10.920`)
* [CVE-2023-38252](CVE-2023/CVE-2023-382xx/CVE-2023-38252.json) (`2023-07-14T18:15:10.990`)
* [CVE-2023-38253](CVE-2023/CVE-2023-382xx/CVE-2023-38253.json) (`2023-07-14T18:15:11.047`)
* [CVE-2023-36850](CVE-2023/CVE-2023-368xx/CVE-2023-36850.json) (`2023-07-14T19:15:09.093`)
* [CVE-2023-37474](CVE-2023/CVE-2023-374xx/CVE-2023-37474.json) (`2023-07-14T20:15:09.083`)
* [CVE-2023-38325](CVE-2023/CVE-2023-383xx/CVE-2023-38325.json) (`2023-07-14T20:15:09.157`)
* [CVE-2023-3633](CVE-2023/CVE-2023-36xx/CVE-2023-3633.json) (`2023-07-14T20:15:09.220`)
* [CVE-2023-37462](CVE-2023/CVE-2023-374xx/CVE-2023-37462.json) (`2023-07-14T21:15:08.820`)
* [CVE-2023-37464](CVE-2023/CVE-2023-374xx/CVE-2023-37464.json) (`2023-07-14T21:15:08.903`)
* [CVE-2023-37472](CVE-2023/CVE-2023-374xx/CVE-2023-37472.json) (`2023-07-14T21:15:08.980`)
* [CVE-2023-37473](CVE-2023/CVE-2023-374xx/CVE-2023-37473.json) (`2023-07-14T21:15:09.047`)
* [CVE-2023-34236](CVE-2023/CVE-2023-342xx/CVE-2023-34236.json) (`2023-07-14T22:15:09.083`)
* [CVE-2023-36466](CVE-2023/CVE-2023-364xx/CVE-2023-36466.json) (`2023-07-14T22:15:09.170`)
* [CVE-2023-36818](CVE-2023/CVE-2023-368xx/CVE-2023-36818.json) (`2023-07-14T22:15:09.243`)
* [CVE-2023-37268](CVE-2023/CVE-2023-372xx/CVE-2023-37268.json) (`2023-07-14T22:15:09.317`)
* [CVE-2023-38336](CVE-2023/CVE-2023-383xx/CVE-2023-38336.json) (`2023-07-14T22:15:09.387`)
* [CVE-2023-38337](CVE-2023/CVE-2023-383xx/CVE-2023-38337.json) (`2023-07-14T22:15:09.430`)
* [CVE-2023-37793](CVE-2023/CVE-2023-377xx/CVE-2023-37793.json) (`2023-07-14T23:15:08.970`)
* [CVE-2023-37794](CVE-2023/CVE-2023-377xx/CVE-2023-37794.json) (`2023-07-14T23:15:09.020`)
### CVEs modified in the last Commit
Recently modified CVEs: `79`
Recently modified CVEs: `11`
* [CVE-2023-35338](CVE-2023/CVE-2023-353xx/CVE-2023-35338.json) (`2023-07-14T21:39:22.753`)
* [CVE-2023-35337](CVE-2023/CVE-2023-353xx/CVE-2023-35337.json) (`2023-07-14T21:39:30.837`)
* [CVE-2023-35336](CVE-2023/CVE-2023-353xx/CVE-2023-35336.json) (`2023-07-14T21:39:41.190`)
* [CVE-2023-35335](CVE-2023/CVE-2023-353xx/CVE-2023-35335.json) (`2023-07-14T21:39:50.220`)
* [CVE-2023-35333](CVE-2023/CVE-2023-353xx/CVE-2023-35333.json) (`2023-07-14T21:40:01.480`)
* [CVE-2023-35332](CVE-2023/CVE-2023-353xx/CVE-2023-35332.json) (`2023-07-14T21:40:10.260`)
* [CVE-2023-35331](CVE-2023/CVE-2023-353xx/CVE-2023-35331.json) (`2023-07-14T21:40:16.377`)
* [CVE-2023-35330](CVE-2023/CVE-2023-353xx/CVE-2023-35330.json) (`2023-07-14T21:40:26.077`)
* [CVE-2023-35328](CVE-2023/CVE-2023-353xx/CVE-2023-35328.json) (`2023-07-14T21:40:47.063`)
* [CVE-2023-35329](CVE-2023/CVE-2023-353xx/CVE-2023-35329.json) (`2023-07-14T21:40:57.750`)
* [CVE-2023-35326](CVE-2023/CVE-2023-353xx/CVE-2023-35326.json) (`2023-07-14T21:41:09.940`)
* [CVE-2023-35325](CVE-2023/CVE-2023-353xx/CVE-2023-35325.json) (`2023-07-14T21:41:24.810`)
* [CVE-2023-35324](CVE-2023/CVE-2023-353xx/CVE-2023-35324.json) (`2023-07-14T21:41:35.210`)
* [CVE-2023-35323](CVE-2023/CVE-2023-353xx/CVE-2023-35323.json) (`2023-07-14T21:41:47.193`)
* [CVE-2023-35322](CVE-2023/CVE-2023-353xx/CVE-2023-35322.json) (`2023-07-14T21:41:54.460`)
* [CVE-2023-35321](CVE-2023/CVE-2023-353xx/CVE-2023-35321.json) (`2023-07-14T21:42:13.183`)
* [CVE-2023-35320](CVE-2023/CVE-2023-353xx/CVE-2023-35320.json) (`2023-07-14T21:42:22.277`)
* [CVE-2023-35318](CVE-2023/CVE-2023-353xx/CVE-2023-35318.json) (`2023-07-14T21:42:40.967`)
* [CVE-2023-35319](CVE-2023/CVE-2023-353xx/CVE-2023-35319.json) (`2023-07-14T21:42:45.677`)
* [CVE-2023-35350](CVE-2023/CVE-2023-353xx/CVE-2023-35350.json) (`2023-07-14T21:43:59.697`)
* [CVE-2023-35348](CVE-2023/CVE-2023-353xx/CVE-2023-35348.json) (`2023-07-14T21:46:08.043`)
* [CVE-2023-35347](CVE-2023/CVE-2023-353xx/CVE-2023-35347.json) (`2023-07-14T21:46:19.077`)
* [CVE-2023-35346](CVE-2023/CVE-2023-353xx/CVE-2023-35346.json) (`2023-07-14T21:46:36.847`)
* [CVE-2023-35340](CVE-2023/CVE-2023-353xx/CVE-2023-35340.json) (`2023-07-14T21:46:52.787`)
* [CVE-2023-35341](CVE-2023/CVE-2023-353xx/CVE-2023-35341.json) (`2023-07-14T21:47:05.550`)
* [CVE-2023-30990](CVE-2023/CVE-2023-309xx/CVE-2023-30990.json) (`2023-07-14T23:15:08.793`)
* [CVE-2023-36810](CVE-2023/CVE-2023-368xx/CVE-2023-36810.json) (`2023-07-14T23:15:08.883`)
* [CVE-2023-3558](CVE-2023/CVE-2023-35xx/CVE-2023-3558.json) (`2023-07-14T23:17:31.257`)
* [CVE-2023-3554](CVE-2023/CVE-2023-35xx/CVE-2023-3554.json) (`2023-07-14T23:23:12.583`)
* [CVE-2023-3555](CVE-2023/CVE-2023-35xx/CVE-2023-3555.json) (`2023-07-14T23:26:31.897`)
* [CVE-2023-3556](CVE-2023/CVE-2023-35xx/CVE-2023-3556.json) (`2023-07-14T23:32:04.707`)
* [CVE-2023-3557](CVE-2023/CVE-2023-35xx/CVE-2023-3557.json) (`2023-07-14T23:35:37.410`)
* [CVE-2023-3559](CVE-2023/CVE-2023-35xx/CVE-2023-3559.json) (`2023-07-14T23:39:17.313`)
* [CVE-2023-2967](CVE-2023/CVE-2023-29xx/CVE-2023-2967.json) (`2023-07-14T23:40:58.000`)
* [CVE-2023-3561](CVE-2023/CVE-2023-35xx/CVE-2023-3561.json) (`2023-07-14T23:49:17.533`)
* [CVE-2023-3563](CVE-2023/CVE-2023-35xx/CVE-2023-3563.json) (`2023-07-14T23:53:17.863`)
## Download and Usage