admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-20T02:00:25.925487+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-20 02:00:29 +00:00
parent 122d94c705
commit b6286f02e1
19 changed files with 820 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2020/CVE-2020-240xx/CVE-2020-24089.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-24089",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T00:15:09.847",
"lastModified": "2023-09-20T00:15:09.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS)."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/rjt-gupta/CVE-2020-24089",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-255xx/CVE-2023-25525.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25525",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:51.370",
"lastModified": "2023-09-20T01:15:51.370",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5480",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-255xx/CVE-2023-25526.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25526",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:52.497",
"lastModified": "2023-09-20T01:15:52.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-248"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5480",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-255xx/CVE-2023-25527.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25527",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:52.920",
"lastModified": "2023-09-20T01:15:52.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-255xx/CVE-2023-25528.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25528",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:53.253",
"lastModified": "2023-09-20T01:15:53.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-255xx/CVE-2023-25529.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25529",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:53.497",
"lastModified": "2023-09-20T01:15:53.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user\u2019s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-208"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-255xx/CVE-2023-25530.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25530",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:53.857",
"lastModified": "2023-09-20T01:15:53.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-255xx/CVE-2023-25531.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25531",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:54.297",
"lastModified": "2023-09-20T01:15:54.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-255xx/CVE-2023-25532.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25532",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:54.523",
"lastModified": "2023-09-20T01:15:54.523",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-255xx/CVE-2023-25533.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25533",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:54.900",
"lastModified": "2023-09-20T01:15:54.900",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-255xx/CVE-2023-25534.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25534",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:55.260",
"lastModified": "2023-09-20T01:15:55.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31008.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31008",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:55.453",
"lastModified": "2023-09-20T01:15:55.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31009.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31009",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-09-20T01:15:55.823",
"lastModified": "2023-09-20T01:15:55.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473",
"source": "psirt@nvidia.com"
}
]
}

24
CVE-2023/CVE-2023-363xx/CVE-2023-36319.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-36319",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T00:15:10.980",
"lastModified": "2023-09-20T00:15:10.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Lowalu/CVE-2023-36319",
"source": "cve@mitre.org"
},
{
"url": "https://openupload.sourceforge.net/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-388xx/CVE-2023-38886.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38886",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T01:15:56.153",
"lastModified": "2023-09-20T01:15:56.153",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script."
}
],
"metrics": {},
"references": [
{
"url": "http://dolibarr.com",
"source": "cve@mitre.org"
},
{
"url": "https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-388xx/CVE-2023-38887.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38887",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T01:15:56.327",
"lastModified": "2023-09-20T01:15:56.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions."
}
],
"metrics": {},
"references": [
{
"url": "http://dolibarr.com",
"source": "cve@mitre.org"
},
{
"url": "https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38887_Dolibarr_AFU.pdf",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-388xx/CVE-2023-38888.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38888",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T01:15:56.580",
"lastModified": "2023-09-20T01:15:56.580",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject."
}
],
"metrics": {},
"references": [
{
"url": "http://dolibarr.com",
"source": "cve@mitre.org"
},
{
"url": "https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38888_Dolibarr_XSS.pdf",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-395xx/CVE-2023-39575.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39575",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T00:15:11.120",
"lastModified": "2023-09-20T00:15:11.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
}
],
"metrics": {},
"references": [
{
"url": "https://evait.medium.com/discovery-of-a-reflective-xss-vulnerability-in-arp-guard-software-1734b5113e1c",
"source": "cve@mitre.org"
}
]
}

52
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-09-19T23:55:25.195838+00:00 2023-09-20T02:00:25.925487+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-09-19T23:15:10.677000+00:00 2023-09-20T01:15:56.580000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -23,47 +23,43 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain ```plain
2023-09-19T00:00:13.565774+00:00 2023-09-20T00:00:13.548080+00:00
``` ```
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
225843 225861
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `4` Recently added CVEs: `18`
* [CVE-2023-40931](CVE-2023/CVE-2023-409xx/CVE-2023-40931.json) (`2023-09-19T23:15:09.153`) * [CVE-2020-24089](CVE-2020/CVE-2020-240xx/CVE-2020-24089.json) (`2023-09-20T00:15:09.847`)
* [CVE-2023-40932](CVE-2023/CVE-2023-409xx/CVE-2023-40932.json) (`2023-09-19T23:15:10.237`) * [CVE-2023-36319](CVE-2023/CVE-2023-363xx/CVE-2023-36319.json) (`2023-09-20T00:15:10.980`)
* [CVE-2023-40933](CVE-2023/CVE-2023-409xx/CVE-2023-40933.json) (`2023-09-19T23:15:10.533`) * [CVE-2023-39575](CVE-2023/CVE-2023-395xx/CVE-2023-39575.json) (`2023-09-20T00:15:11.120`)
* [CVE-2023-40934](CVE-2023/CVE-2023-409xx/CVE-2023-40934.json) (`2023-09-19T23:15:10.677`) * [CVE-2023-25525](CVE-2023/CVE-2023-255xx/CVE-2023-25525.json) (`2023-09-20T01:15:51.370`)
* [CVE-2023-25526](CVE-2023/CVE-2023-255xx/CVE-2023-25526.json) (`2023-09-20T01:15:52.497`)
* [CVE-2023-25527](CVE-2023/CVE-2023-255xx/CVE-2023-25527.json) (`2023-09-20T01:15:52.920`)
* [CVE-2023-25528](CVE-2023/CVE-2023-255xx/CVE-2023-25528.json) (`2023-09-20T01:15:53.253`)
* [CVE-2023-25529](CVE-2023/CVE-2023-255xx/CVE-2023-25529.json) (`2023-09-20T01:15:53.497`)
* [CVE-2023-25530](CVE-2023/CVE-2023-255xx/CVE-2023-25530.json) (`2023-09-20T01:15:53.857`)
* [CVE-2023-25531](CVE-2023/CVE-2023-255xx/CVE-2023-25531.json) (`2023-09-20T01:15:54.297`)
* [CVE-2023-25532](CVE-2023/CVE-2023-255xx/CVE-2023-25532.json) (`2023-09-20T01:15:54.523`)
* [CVE-2023-25533](CVE-2023/CVE-2023-255xx/CVE-2023-25533.json) (`2023-09-20T01:15:54.900`)
* [CVE-2023-25534](CVE-2023/CVE-2023-255xx/CVE-2023-25534.json) (`2023-09-20T01:15:55.260`)
* [CVE-2023-31008](CVE-2023/CVE-2023-310xx/CVE-2023-31008.json) (`2023-09-20T01:15:55.453`)
* [CVE-2023-31009](CVE-2023/CVE-2023-310xx/CVE-2023-31009.json) (`2023-09-20T01:15:55.823`)
* [CVE-2023-38886](CVE-2023/CVE-2023-388xx/CVE-2023-38886.json) (`2023-09-20T01:15:56.153`)
* [CVE-2023-38887](CVE-2023/CVE-2023-388xx/CVE-2023-38887.json) (`2023-09-20T01:15:56.327`)
* [CVE-2023-38888](CVE-2023/CVE-2023-388xx/CVE-2023-38888.json) (`2023-09-20T01:15:56.580`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `18` Recently modified CVEs: `0`
* [CVE-2019-20391](CVE-2019/CVE-2019-203xx/CVE-2019-20391.json) (`2023-09-19T22:15:09.720`)
* [CVE-2019-20392](CVE-2019/CVE-2019-203xx/CVE-2019-20392.json) (`2023-09-19T22:15:10.183`)
* [CVE-2019-20393](CVE-2019/CVE-2019-203xx/CVE-2019-20393.json) (`2023-09-19T22:15:10.290`)
* [CVE-2019-20394](CVE-2019/CVE-2019-203xx/CVE-2019-20394.json) (`2023-09-19T22:15:10.397`)
* [CVE-2019-20395](CVE-2019/CVE-2019-203xx/CVE-2019-20395.json) (`2023-09-19T22:15:10.490`)
* [CVE-2019-20396](CVE-2019/CVE-2019-203xx/CVE-2019-20396.json) (`2023-09-19T22:15:10.597`)
* [CVE-2019-20397](CVE-2019/CVE-2019-203xx/CVE-2019-20397.json) (`2023-09-19T22:15:10.693`)
* [CVE-2019-20398](CVE-2019/CVE-2019-203xx/CVE-2019-20398.json) (`2023-09-19T22:15:10.780`)
* [CVE-2022-36440](CVE-2022/CVE-2022-364xx/CVE-2022-36440.json) (`2023-09-19T22:15:10.907`)
* [CVE-2022-40302](CVE-2022/CVE-2022-403xx/CVE-2022-40302.json) (`2023-09-19T22:15:11.020`)
* [CVE-2022-40318](CVE-2022/CVE-2022-403xx/CVE-2022-40318.json) (`2023-09-19T22:15:11.123`)
* [CVE-2022-43681](CVE-2022/CVE-2022-436xx/CVE-2022-43681.json) (`2023-09-19T22:15:11.200`)
* [CVE-2023-31490](CVE-2023/CVE-2023-314xx/CVE-2023-31490.json) (`2023-09-19T22:15:11.297`)
* [CVE-2023-38802](CVE-2023/CVE-2023-388xx/CVE-2023-38802.json) (`2023-09-19T22:15:11.407`)
* [CVE-2023-41358](CVE-2023/CVE-2023-413xx/CVE-2023-41358.json) (`2023-09-19T22:15:11.507`)
* [CVE-2023-41360](CVE-2023/CVE-2023-413xx/CVE-2023-41360.json) (`2023-09-19T22:15:11.603`)
* [CVE-2023-41361](CVE-2023/CVE-2023-413xx/CVE-2023-41361.json) (`2023-09-19T22:15:11.693`)
* [CVE-2023-41909](CVE-2023/CVE-2023-419xx/CVE-2023-41909.json) (`2023-09-19T22:15:11.777`)
## Download and Usage ## Download and Usage