admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-08T16:00:24.679684+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-08 18:00:27 +02:00
parent 457b8432e5
commit b7ba42f7fe
77 changed files with 3819 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2020/CVE-2020-181xx/CVE-2020-18131.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-18131",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.000",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bluethrust/clanscripts",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bluethrust/clanscripts/issues/27",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-181xx/CVE-2020-18132.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-18132",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.067",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sansanyun/mipcms",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sansanyun/mipcms/issues/4",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-182xx/CVE-2020-18282.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-18282",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.147",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/nangge/noneCms",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/nangge/noneCms/issues/23",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-196xx/CVE-2020-19660.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-19660",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.217",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/pandao/editor.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/pandao/editor.md/issues/697",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-210xx/CVE-2020-21038.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-21038",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.283",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/typecho/typecho",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/typecho/typecho/issues/952",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-223xx/CVE-2020-22334.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-22334",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.357",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/source-trace/beescms",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/source-trace/beescms/issues/5",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-227xx/CVE-2020-22755.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-22755",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.423",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ming-soft/MCMS",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ming-soft/MCMS/issues/42",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-239xx/CVE-2020-23966.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-23966",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.493",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/VictorAlagwu/CMSsite/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/VictorAlagwu/CMSsite/issues/15",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-360xx/CVE-2020-36065.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-36065",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.563",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sunkaifei/FlyCms",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sunkaifei/FlyCms/issues/8",
"source": "cve@mitre.org"
}
]
}

24
CVE-2021/CVE-2021-272xx/CVE-2021-27280.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2021-27280",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.640",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/langhsu/mblog/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/langhsu/mblog/issues/44",
"source": "cve@mitre.org"
}
]
}

24
CVE-2021/CVE-2021-289xx/CVE-2021-28998.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2021-28998",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.707",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/file_upload_RCE/File_upload_to_RCE.md",
"source": "cve@mitre.org"
},
{
"url": "https://seclists.org/fulldisclosure/2021/Mar/50",
"source": "cve@mitre.org"
}
]
}

24
CVE-2021/CVE-2021-289xx/CVE-2021-28999.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2021-28999",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.770",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/sqli_order_by/CMS-MS-SQLi-report.md",
"source": "cve@mitre.org"
},
{
"url": "https://seclists.org/fulldisclosure/2021/Mar/49",
"source": "cve@mitre.org"
}
]
}

32
CVE-2022/CVE-2022-41xx/CVE-2022-4118.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-4118",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:10.883",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/2839ff82-7d37-4392-8fa3-d490680d42c4",
"source": "contact@wpscan.com"
}
]
}

55
CVE-2022/CVE-2022-450xx/CVE-2022-45065.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45065",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-08T15:15:09.580",
"lastModified": "2023-05-08T15:15:09.580",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <=\u00a012.1.20 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/squirrly-seo/wordpress-squirrly-seo-peaks-plugin-12-1-20-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-474xx/CVE-2022-47437.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47437",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-08T15:15:09.650",
"lastModified": "2023-05-08T15:15:09.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <=\u00a01.1.8 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wsb-brands/wordpress-wsb-brands-plugin-1-1-8-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-474xx/CVE-2022-47439.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47439",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-08T15:15:09.723",
"lastModified": "2023-05-08T15:15:09.723",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <=\u00a01.6.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/open-graphite/wordpress-open-graphite-plugin-1-5-1-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-02xx/CVE-2023-0267.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0267",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:10.967",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/7ba7849d-e07b-465a-bfb7-10c8186be140",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-02xx/CVE-2023-0268.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0268",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:11.057",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/99389641-ad1e-45c1-a42f-2a010ee22d76",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-02xx/CVE-2023-0280.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0280",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:11.147",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/cb7ed9e6-0fa0-4ebb-9109-8f33defc8b32",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-04xx/CVE-2023-0421.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0421",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:11.233",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/a356fea0-f143-4736-b2b2-c545c525335c",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-05xx/CVE-2023-0514.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0514",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:11.330",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/c6cc400a-9bfb-417d-9206-5582a49d0f05",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-05xx/CVE-2023-0522.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0522",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:11.417",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/c7984bfb-86a3-4530-90ae-17ab39af1c54",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-05xx/CVE-2023-0526.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0526",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:11.507",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0ec58310-243d-40c8-9fa6-8753947bfa89",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-05xx/CVE-2023-0536.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0536",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:11.597",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/7b19d792-8083-4c0c-a45e-a99c1f5f0df0",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-05xx/CVE-2023-0537.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0537",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:11.677",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d7369f1d-d1a0-4576-a676-c70525a6c743",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-05xx/CVE-2023-0542.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0542",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:11.777",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/17de2f77-3e6c-4c22-9196-6e5577ee7fcf",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-05xx/CVE-2023-0544.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0544",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:11.887",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8ef9585f-67d7-4651-977a-fcad113882bd",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-06xx/CVE-2023-0603.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-0603",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:11.967",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/1c93ea8f-4e68-4da1-994e-35a5873278ba",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-07xx/CVE-2023-0768.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0768",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:12.067",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Avirato hotels online booking engine WordPress plugin through 5.0.5 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/03d061b4-1b71-44f5-b3dc-f82a5fcd92eb",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-08xx/CVE-2023-0894.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0894",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:12.157",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d42eff41-096f-401d-bbfb-dcd6e08faca5",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-09xx/CVE-2023-0948.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0948",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:12.277",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/a78d75b2-85a0-41eb-9720-c726ca2e8718",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-10xx/CVE-2023-1011.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-1011",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:12.367",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d1784446-b3da-4175-9dac-20b030f19984",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-13xx/CVE-2023-1347.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1347",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:12.457",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/356a5977-c90c-4fc6-98ed-032d5b27f272",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-14xx/CVE-2023-1408.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1408",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:12.577",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/baf7ef4d-b2ba-48e0-9c17-74fa27e0c15b",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-16xx/CVE-2023-1649.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1649",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:12.670",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ea806115-14ab-4bc4-a272-2141cb14454a",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-16xx/CVE-2023-1650.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1650",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:12.747",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/7d7fe498-0aa3-4fa7-b560-610b42b2abed",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-16xx/CVE-2023-1651.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-1651",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:12.867",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/c88b22ba-4fc2-49ad-a457-224157521bad",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-16xx/CVE-2023-1660.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-1660",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:13.173",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/1a5cbcfc-fa55-433a-a76b-3881b6c4bea2",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-18xx/CVE-2023-1806.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1806",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:13.310",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/38d99c7d-2d10-4910-b95a-1cb545b813c4",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-19xx/CVE-2023-1905.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1905",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:13.417",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-24003"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/b6ac3e15-6f39-4514-a50d-cca7b9457736",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-21xx/CVE-2023-2114.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-2114",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:13.507",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/SchmidAlex/nex-forms_SQL-Injection",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/3d8ab3a5-1bf8-4216-91fa-e89541e5c43d",
"source": "contact@wpscan.com"
}
]
}

43
CVE-2023/CVE-2023-227xx/CVE-2023-22779.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22779",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:09.817",
"lastModified": "2023-05-08T15:15:09.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba's access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-227xx/CVE-2023-22780.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22780",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:09.880",
"lastModified": "2023-05-08T15:15:09.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba's access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-227xx/CVE-2023-22781.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22781",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:09.943",
"lastModified": "2023-05-08T15:15:09.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba's access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-227xx/CVE-2023-22782.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22782",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:10.010",
"lastModified": "2023-05-08T15:15:10.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba's access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-227xx/CVE-2023-22783.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22783",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:10.100",
"lastModified": "2023-05-08T15:15:10.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba's access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-227xx/CVE-2023-22784.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22784",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:10.167",
"lastModified": "2023-05-08T15:15:10.167",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba's access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-227xx/CVE-2023-22785.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22785",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:10.233",
"lastModified": "2023-05-08T15:15:10.233",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba's access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-227xx/CVE-2023-22786.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22786",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:10.303",
"lastModified": "2023-05-08T15:15:10.303",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba's access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-227xx/CVE-2023-22787.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22787",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:10.367",
"lastModified": "2023-05-08T15:15:10.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided\u00a0by Aruba InstantOS and ArubaOS 10. Successful exploitation of\u00a0this vulnerability results in the ability to interrupt the\u00a0normal operation of the affected access point."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-227xx/CVE-2023-22788.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22788",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:10.440",
"lastModified": "2023-05-08T15:15:10.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-227xx/CVE-2023-22789.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22789",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:10.503",
"lastModified": "2023-05-08T15:15:10.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-227xx/CVE-2023-22790.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22790",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:10.573",
"lastModified": "2023-05-08T15:15:10.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-227xx/CVE-2023-22791.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22791",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:10.647",
"lastModified": "2023-05-08T15:15:10.647",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Aruba InstantOS and ArubaOS 10\u00a0where an edge-case combination of network configuration, a\u00a0specific WLAN environment and an attacker already possessing\u00a0valid user credentials on that WLAN can lead to sensitive\u00a0information being disclosed via the WLAN. The scenarios in\u00a0which this disclosure of potentially sensitive information\u00a0can occur are complex and depend on factors that are beyond\u00a0the control of the attacker."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
}
]
}

156
CVE-2023/CVE-2023-23xx/CVE-2023-2374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2374",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T15:15:10.847",
"lastModified": "2023-04-28T17:06:22.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-08T14:04:08.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,142 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*",
"matchCriteriaId": "9DB3EE14-A555-4DCA-9C16-F3D72489F10C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "2844D28C-FAD9-498A-93FF-7A4A217210A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "FF7E7155-EFDC-42E0-A851-8FD2C58A2076"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
"matchCriteriaId": "C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
"matchCriteriaId": "93A4BC03-E96D-42A9-9034-7017DA6EA389"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91B9AD72-BF39-4731-85B9-26036F7C425B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "34DA36D8-F0BD-4E98-A74C-5D50AD0980C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*",
"matchCriteriaId": "906F4A72-7C6D-45FD-875F-2D2791CE9F4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "B919E33F-AC70-432C-A3F8-29FDFC710BB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
"matchCriteriaId": "101616F2-CA1A-4BF0-9025-F20EDA26F235"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
"matchCriteriaId": "47ABA9C8-67E4-4DE2-822A-3E17639F745E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/6",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.227650",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227650",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

161
CVE-2023/CVE-2023-23xx/CVE-2023-2375.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2375",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T15:15:10.903",
"lastModified": "2023-04-28T17:06:22.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-08T14:06:37.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,147 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*",
"matchCriteriaId": "9DB3EE14-A555-4DCA-9C16-F3D72489F10C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "2844D28C-FAD9-498A-93FF-7A4A217210A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "FF7E7155-EFDC-42E0-A851-8FD2C58A2076"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
"matchCriteriaId": "C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
"matchCriteriaId": "93A4BC03-E96D-42A9-9034-7017DA6EA389"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91B9AD72-BF39-4731-85B9-26036F7C425B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "34DA36D8-F0BD-4E98-A74C-5D50AD0980C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*",
"matchCriteriaId": "906F4A72-7C6D-45FD-875F-2D2791CE9F4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "B919E33F-AC70-432C-A3F8-29FDFC710BB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "F4191452-071A-4BF1-B312-C4F9C28A5205"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
"matchCriteriaId": "101616F2-CA1A-4BF0-9025-F20EDA26F235"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
"matchCriteriaId": "47ABA9C8-67E4-4DE2-822A-3E17639F745E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/7",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.227651",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227651",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

160
CVE-2023/CVE-2023-23xx/CVE-2023-2376.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2376",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T16:15:09.933",
"lastModified": "2023-04-28T17:06:22.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-08T14:06:02.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,146 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*",
"matchCriteriaId": "9DB3EE14-A555-4DCA-9C16-F3D72489F10C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "2844D28C-FAD9-498A-93FF-7A4A217210A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "FF7E7155-EFDC-42E0-A851-8FD2C58A2076"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
"matchCriteriaId": "C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
"matchCriteriaId": "93A4BC03-E96D-42A9-9034-7017DA6EA389"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91B9AD72-BF39-4731-85B9-26036F7C425B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "34DA36D8-F0BD-4E98-A74C-5D50AD0980C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*",
"matchCriteriaId": "906F4A72-7C6D-45FD-875F-2D2791CE9F4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "B919E33F-AC70-432C-A3F8-29FDFC710BB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "F4191452-071A-4BF1-B312-C4F9C28A5205"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
"matchCriteriaId": "101616F2-CA1A-4BF0-9025-F20EDA26F235"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
"matchCriteriaId": "47ABA9C8-67E4-4DE2-822A-3E17639F745E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/8",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.227652",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227652",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

155
CVE-2023/CVE-2023-23xx/CVE-2023-2377.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2377",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T16:15:10.003",
"lastModified": "2023-04-28T17:06:22.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-08T14:05:14.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,141 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*",
"matchCriteriaId": "9DB3EE14-A555-4DCA-9C16-F3D72489F10C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "2844D28C-FAD9-498A-93FF-7A4A217210A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
"matchCriteriaId": "C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
"matchCriteriaId": "93A4BC03-E96D-42A9-9034-7017DA6EA389"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91B9AD72-BF39-4731-85B9-26036F7C425B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "34DA36D8-F0BD-4E98-A74C-5D50AD0980C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*",
"matchCriteriaId": "906F4A72-7C6D-45FD-875F-2D2791CE9F4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "B919E33F-AC70-432C-A3F8-29FDFC710BB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "F4191452-071A-4BF1-B312-C4F9C28A5205"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
"matchCriteriaId": "101616F2-CA1A-4BF0-9025-F20EDA26F235"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
"matchCriteriaId": "47ABA9C8-67E4-4DE2-822A-3E17639F745E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/9",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.227653",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227653",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

160
CVE-2023/CVE-2023-23xx/CVE-2023-2378.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2378",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T16:15:10.063",
"lastModified": "2023-04-28T17:06:22.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-08T14:09:36.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,146 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*",
"matchCriteriaId": "9DB3EE14-A555-4DCA-9C16-F3D72489F10C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "2844D28C-FAD9-498A-93FF-7A4A217210A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "FF7E7155-EFDC-42E0-A851-8FD2C58A2076"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
"matchCriteriaId": "C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
"matchCriteriaId": "93A4BC03-E96D-42A9-9034-7017DA6EA389"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91B9AD72-BF39-4731-85B9-26036F7C425B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "34DA36D8-F0BD-4E98-A74C-5D50AD0980C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*",
"matchCriteriaId": "906F4A72-7C6D-45FD-875F-2D2791CE9F4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "B919E33F-AC70-432C-A3F8-29FDFC710BB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "F4191452-071A-4BF1-B312-C4F9C28A5205"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
"matchCriteriaId": "101616F2-CA1A-4BF0-9025-F20EDA26F235"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
"matchCriteriaId": "47ABA9C8-67E4-4DE2-822A-3E17639F745E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.227654",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227654",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

172
CVE-2023/CVE-2023-23xx/CVE-2023-2379.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2379",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T17:15:43.067",
"lastModified": "2023-04-28T17:43:00.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-08T14:03:43.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +83,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +91,158 @@
"value": "CWE-404"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*",
"matchCriteriaId": "9DB3EE14-A555-4DCA-9C16-F3D72489F10C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "2844D28C-FAD9-498A-93FF-7A4A217210A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "FF7E7155-EFDC-42E0-A851-8FD2C58A2076"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
"matchCriteriaId": "C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
"matchCriteriaId": "93A4BC03-E96D-42A9-9034-7017DA6EA389"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91B9AD72-BF39-4731-85B9-26036F7C425B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "34DA36D8-F0BD-4E98-A74C-5D50AD0980C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*",
"matchCriteriaId": "906F4A72-7C6D-45FD-875F-2D2791CE9F4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "B919E33F-AC70-432C-A3F8-29FDFC710BB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "F4191452-071A-4BF1-B312-C4F9C28A5205"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
"matchCriteriaId": "101616F2-CA1A-4BF0-9025-F20EDA26F235"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
"matchCriteriaId": "47ABA9C8-67E4-4DE2-822A-3E17639F745E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.227655",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227655",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-244xx/CVE-2023-24408.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24408",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-08T15:15:10.730",
"lastModified": "2023-05-08T15:15:10.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <=\u00a06.11.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ecwid-shopping-cart/wordpress-ecwid-ecommerce-shopping-cart-plugin-6-11-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

6
CVE-2023/CVE-2023-257xx/CVE-2023-25754.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25754",
"sourceIdentifier": "security@apache.org",
"published": "2023-05-08T12:15:09.613",
"lastModified": "2023-05-08T12:50:24.320",
"lastModified": "2023-05-08T15:15:10.830",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -24,6 +24,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/05/08/2",
"source": "security@apache.org"
},
{
"url": "https://github.com/apache/airflow/pull/29506",
"source": "security@apache.org"

108
CVE-2023/CVE-2023-262xx/CVE-2023-26243.json Normal file
View File

@ -0,0 +1,108 @@
{
"id": "CVE-2023-26243",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-27T01:15:08.330",
"lastModified": "2023-05-08T14:14:58.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hyundai:gen5w_l_in-vehicle_infotainment_system_firmware:5w.xxx.s5w_l.001.001.221129:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1D75CC-4D29-4918-BBE4-84316697F0C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hyundai:gen5w_l_in-vehicle_infotainment_system_firmware:ae_e_pe_eur.s5w_l001.001.211214:*:*:*:*:*:*:*",
"matchCriteriaId": "E140A27C-DEAE-4DAA-9E91-448A32B1D055"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hyundai:gen5w_l_in-vehicle_infotainment_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "875AC44B-6F21-4286-A29A-9E72EFB0F3F3"
}
]
}
]
}
],
"references": [
{
"url": "https://sowhat.iit.cnr.it",
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

108
CVE-2023/CVE-2023-262xx/CVE-2023-26244.json Normal file
View File

@ -0,0 +1,108 @@
{
"id": "CVE-2023-26244",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-27T01:15:08.370",
"lastModified": "2023-05-08T14:15:15.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hyundai:gen5w_l_in-vehicle_infotainment_system_firmware:5w.xxx.s5w_l.001.001.221129:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1D75CC-4D29-4918-BBE4-84316697F0C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hyundai:gen5w_l_in-vehicle_infotainment_system_firmware:ae_e_pe_eur.s5w_l001.001.211214:*:*:*:*:*:*:*",
"matchCriteriaId": "E140A27C-DEAE-4DAA-9E91-448A32B1D055"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hyundai:gen5w_l_in-vehicle_infotainment_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "875AC44B-6F21-4286-A29A-9E72EFB0F3F3"
}
]
}
]
}
],
"references": [
{
"url": "https://sowhat.iit.cnr.it",
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

108
CVE-2023/CVE-2023-262xx/CVE-2023-26245.json Normal file
View File

@ -0,0 +1,108 @@
{
"id": "CVE-2023-26245",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-27T01:15:08.413",
"lastModified": "2023-05-08T14:15:48.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hyundai:gen5w_l_in-vehicle_infotainment_system_firmware:5w.xxx.s5w_l.001.001.221129:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1D75CC-4D29-4918-BBE4-84316697F0C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hyundai:gen5w_l_in-vehicle_infotainment_system_firmware:ae_e_pe_eur.s5w_l001.001.211214:*:*:*:*:*:*:*",
"matchCriteriaId": "E140A27C-DEAE-4DAA-9E91-448A32B1D055"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hyundai:gen5w_l_in-vehicle_infotainment_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "875AC44B-6F21-4286-A29A-9E72EFB0F3F3"
}
]
}
]
}
],
"references": [
{
"url": "https://sowhat.iit.cnr.it",
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

108
CVE-2023/CVE-2023-262xx/CVE-2023-26246.json Normal file
View File

@ -0,0 +1,108 @@
{
"id": "CVE-2023-26246",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-27T01:15:08.463",
"lastModified": "2023-05-08T14:15:42.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hyundai:gen5w_l_in-vehicle_infotainment_system_firmware:5w.xxx.s5w_l.001.001.221129:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1D75CC-4D29-4918-BBE4-84316697F0C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hyundai:gen5w_l_in-vehicle_infotainment_system_firmware:ae_e_pe_eur.s5w_l001.001.211214:*:*:*:*:*:*:*",
"matchCriteriaId": "E140A27C-DEAE-4DAA-9E91-448A32B1D055"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hyundai:gen5w_l_in-vehicle_infotainment_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "875AC44B-6F21-4286-A29A-9E72EFB0F3F3"
}
]
}
]
}
],
"references": [
{
"url": "https://sowhat.iit.cnr.it",
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-265xx/CVE-2023-26560.json Normal file
View File

@ -0,0 +1,85 @@
{
"id": "CVE-2023-26560",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T00:15:09.187",
"lastModified": "2023-05-08T14:16:07.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndExcluding": "3.21.1",
"matchCriteriaId": "2EF7B864-82F8-438D-A76F-6BFF97DEC09F"
}
]
}
]
}
],
"references": [
{
"url": "https://cfengine.com/blog/2023/cve-2023-26560/",
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://northern.tech",
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

86
CVE-2023/CVE-2023-267xx/CVE-2023-26735.json
View File

@ -2,39 +2,95 @@
"id": "CVE-2023-26735",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T00:15:09.227",
"lastModified": "2023-04-28T13:15:13.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-08T14:26:16.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** DISPUTED ** blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prometheus:blackbox_exporter:0.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF41B4A7-0D76-435B-BD57-3CC09A4900C0"
}
]
}
]
}
],
"references": [
{
"url": "http://blackboxexporter.com",
"source": "cve@mitre.org"
},
{
"url": "http://prometheus.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/prometheus/blackbox_exporter#tls-and-basic-authentication",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/prometheus/blackbox_exporter/issues/1024",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/prometheus/blackbox_exporter/issues/1025",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/prometheus/blackbox_exporter/issues/1026",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
}
]
}

55
CVE-2023/CVE-2023-284xx/CVE-2023-28493.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28493",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-08T15:15:10.910",
"lastModified": "2023-05-08T15:15:10.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <=\u00a02.4.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/newsmag/wordpress-newsmag-theme-2-4-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2023/CVE-2023-296xx/CVE-2023-29693.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-29693",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T15:15:10.983",
"lastModified": "2023-05-08T15:15:10.983",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Stevenbaga/fengsha/blob/main/H3C/GR-1200W/SetTftpUpgrad.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-296xx/CVE-2023-29696.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-29696",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T15:15:11.033",
"lastModified": "2023-05-08T15:15:11.033",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_set."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Stevenbaga/fengsha/blob/main/H3C/GR-1200W/aVersionSet.md",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-300xx/CVE-2023-30019.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-30019",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T15:15:11.087",
"lastModified": "2023-05-08T15:15:11.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "imgproxy <= 3.6.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://breakandpray.com/cve-2023-30019-ssrf-in-imgproxy/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/imgproxy/imgproxy",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-300xx/CVE-2023-30092.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-30092",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T15:15:11.137",
"lastModified": "2023-05-08T15:15:11.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/nawed20002/CVE-2023-30092",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html",
"source": "cve@mitre.org"
}
]
}

80
CVE-2023/CVE-2023-304xx/CVE-2023-30404.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-30404",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T00:15:09.387",
"lastModified": "2023-04-26T00:15:09.387",
"vulnStatus": "Received",
"lastModified": "2023-05-08T14:01:58.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aigital:wireless-n_repeater_mini_router_firmware:0.131229:*:*:*:*:*:*:*",
"matchCriteriaId": "98062FCB-6507-4EDF-8445-6331EB735BBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:aigital:wireless-n_repeater_mini_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80F57200-B5E5-482B-908F-B715109893B1"
}
]
}
]
}
],
"references": [
{
"url": "http://aigital.com",
"source": "cve@mitre.org"
},
{
"url": "https://mandomat.github.io/2023-04-13-testing-a-cheap-wifi-repeater/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-304xx/CVE-2023-30405.json
View File

@ -2,19 +2,88 @@
"id": "CVE-2023-30405",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-28T21:15:09.083",
"lastModified": "2023-04-28T22:22:40.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-08T14:04:49.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wl_ssid parameter at /boafrm/formHomeWlanSetup."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aigital:wireless-n_repeater_mini_router_firmware:0.131229:*:*:*:*:*:*:*",
"matchCriteriaId": "98062FCB-6507-4EDF-8445-6331EB735BBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:aigital:wireless-n_repeater_mini_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80F57200-B5E5-482B-908F-B715109893B1"
}
]
}
]
}
],
"references": [
{
"url": "https://packetstormsecurity.com/files/172057/Aigital-Wireless-N-Repeater-Mini_Router.0.131229-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

6
CVE-2023/CVE-2023-310xx/CVE-2023-31039.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31039",
"sourceIdentifier": "security@apache.org",
"published": "2023-05-08T09:15:09.637",
"lastModified": "2023-05-08T12:50:24.320",
"lastModified": "2023-05-08T15:15:11.183",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -24,6 +24,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/05/08/1",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/jqpttrqbc38yhckgp67xk399hqxnz7jn",
"source": "security@apache.org"

135
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-08T14:00:23.757161+00:00
2023-05-08T16:00:24.679684+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-08T13:58:25.660000+00:00
2023-05-08T15:15:11.183000+00:00
```
### Last Data Feed Release
@ -29,68 +29,95 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
214207
214267
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `60`
* [CVE-2022-45812](CVE-2022/CVE-2022-458xx/CVE-2022-45812.json) (`2023-05-08T13:15:09.443`)
* [CVE-2022-46799](CVE-2022/CVE-2022-467xx/CVE-2022-46799.json) (`2023-05-08T12:15:09.313`)
* [CVE-2023-23668](CVE-2023/CVE-2023-236xx/CVE-2023-23668.json) (`2023-05-08T12:15:09.440`)
* [CVE-2023-25021](CVE-2023/CVE-2023-250xx/CVE-2023-25021.json) (`2023-05-08T12:15:09.527`)
* [CVE-2023-25052](CVE-2023/CVE-2023-250xx/CVE-2023-25052.json) (`2023-05-08T13:15:09.537`)
* [CVE-2023-25452](CVE-2023/CVE-2023-254xx/CVE-2023-25452.json) (`2023-05-08T13:15:09.593`)
* [CVE-2023-2573](CVE-2023/CVE-2023-25xx/CVE-2023-2573.json) (`2023-05-08T13:15:09.710`)
* [CVE-2023-2574](CVE-2023/CVE-2023-25xx/CVE-2023-2574.json) (`2023-05-08T13:15:09.790`)
* [CVE-2023-2575](CVE-2023/CVE-2023-25xx/CVE-2023-2575.json) (`2023-05-08T13:15:09.847`)
* [CVE-2023-25754](CVE-2023/CVE-2023-257xx/CVE-2023-25754.json) (`2023-05-08T12:15:09.613`)
* [CVE-2023-28169](CVE-2023/CVE-2023-281xx/CVE-2023-28169.json) (`2023-05-08T13:15:09.650`)
* [CVE-2020-18131](CVE-2020/CVE-2020-181xx/CVE-2020-18131.json) (`2023-05-08T14:15:10.000`)
* [CVE-2020-18132](CVE-2020/CVE-2020-181xx/CVE-2020-18132.json) (`2023-05-08T14:15:10.067`)
* [CVE-2020-18282](CVE-2020/CVE-2020-182xx/CVE-2020-18282.json) (`2023-05-08T14:15:10.147`)
* [CVE-2020-19660](CVE-2020/CVE-2020-196xx/CVE-2020-19660.json) (`2023-05-08T14:15:10.217`)
* [CVE-2020-21038](CVE-2020/CVE-2020-210xx/CVE-2020-21038.json) (`2023-05-08T14:15:10.283`)
* [CVE-2020-22334](CVE-2020/CVE-2020-223xx/CVE-2020-22334.json) (`2023-05-08T14:15:10.357`)
* [CVE-2020-22755](CVE-2020/CVE-2020-227xx/CVE-2020-22755.json) (`2023-05-08T14:15:10.423`)
* [CVE-2020-23966](CVE-2020/CVE-2020-239xx/CVE-2020-23966.json) (`2023-05-08T14:15:10.493`)
* [CVE-2020-36065](CVE-2020/CVE-2020-360xx/CVE-2020-36065.json) (`2023-05-08T14:15:10.563`)
* [CVE-2021-27280](CVE-2021/CVE-2021-272xx/CVE-2021-27280.json) (`2023-05-08T14:15:10.640`)
* [CVE-2021-28998](CVE-2021/CVE-2021-289xx/CVE-2021-28998.json) (`2023-05-08T14:15:10.707`)
* [CVE-2021-28999](CVE-2021/CVE-2021-289xx/CVE-2021-28999.json) (`2023-05-08T14:15:10.770`)
* [CVE-2022-4118](CVE-2022/CVE-2022-41xx/CVE-2022-4118.json) (`2023-05-08T14:15:10.883`)
* [CVE-2022-45065](CVE-2022/CVE-2022-450xx/CVE-2022-45065.json) (`2023-05-08T15:15:09.580`)
* [CVE-2022-47437](CVE-2022/CVE-2022-474xx/CVE-2022-47437.json) (`2023-05-08T15:15:09.650`)
* [CVE-2022-47439](CVE-2022/CVE-2022-474xx/CVE-2022-47439.json) (`2023-05-08T15:15:09.723`)
* [CVE-2023-0267](CVE-2023/CVE-2023-02xx/CVE-2023-0267.json) (`2023-05-08T14:15:10.967`)
* [CVE-2023-0268](CVE-2023/CVE-2023-02xx/CVE-2023-0268.json) (`2023-05-08T14:15:11.057`)
* [CVE-2023-0280](CVE-2023/CVE-2023-02xx/CVE-2023-0280.json) (`2023-05-08T14:15:11.147`)
* [CVE-2023-0421](CVE-2023/CVE-2023-04xx/CVE-2023-0421.json) (`2023-05-08T14:15:11.233`)
* [CVE-2023-0514](CVE-2023/CVE-2023-05xx/CVE-2023-0514.json) (`2023-05-08T14:15:11.330`)
* [CVE-2023-0522](CVE-2023/CVE-2023-05xx/CVE-2023-0522.json) (`2023-05-08T14:15:11.417`)
* [CVE-2023-0526](CVE-2023/CVE-2023-05xx/CVE-2023-0526.json) (`2023-05-08T14:15:11.507`)
* [CVE-2023-0536](CVE-2023/CVE-2023-05xx/CVE-2023-0536.json) (`2023-05-08T14:15:11.597`)
* [CVE-2023-0537](CVE-2023/CVE-2023-05xx/CVE-2023-0537.json) (`2023-05-08T14:15:11.677`)
* [CVE-2023-0542](CVE-2023/CVE-2023-05xx/CVE-2023-0542.json) (`2023-05-08T14:15:11.777`)
* [CVE-2023-0544](CVE-2023/CVE-2023-05xx/CVE-2023-0544.json) (`2023-05-08T14:15:11.887`)
* [CVE-2023-0603](CVE-2023/CVE-2023-06xx/CVE-2023-0603.json) (`2023-05-08T14:15:11.967`)
* [CVE-2023-0768](CVE-2023/CVE-2023-07xx/CVE-2023-0768.json) (`2023-05-08T14:15:12.067`)
* [CVE-2023-0894](CVE-2023/CVE-2023-08xx/CVE-2023-0894.json) (`2023-05-08T14:15:12.157`)
* [CVE-2023-0948](CVE-2023/CVE-2023-09xx/CVE-2023-0948.json) (`2023-05-08T14:15:12.277`)
* [CVE-2023-1011](CVE-2023/CVE-2023-10xx/CVE-2023-1011.json) (`2023-05-08T14:15:12.367`)
* [CVE-2023-1347](CVE-2023/CVE-2023-13xx/CVE-2023-1347.json) (`2023-05-08T14:15:12.457`)
* [CVE-2023-1408](CVE-2023/CVE-2023-14xx/CVE-2023-1408.json) (`2023-05-08T14:15:12.577`)
* [CVE-2023-1649](CVE-2023/CVE-2023-16xx/CVE-2023-1649.json) (`2023-05-08T14:15:12.670`)
* [CVE-2023-1650](CVE-2023/CVE-2023-16xx/CVE-2023-1650.json) (`2023-05-08T14:15:12.747`)
* [CVE-2023-1651](CVE-2023/CVE-2023-16xx/CVE-2023-1651.json) (`2023-05-08T14:15:12.867`)
* [CVE-2023-1660](CVE-2023/CVE-2023-16xx/CVE-2023-1660.json) (`2023-05-08T14:15:13.173`)
* [CVE-2023-1806](CVE-2023/CVE-2023-18xx/CVE-2023-1806.json) (`2023-05-08T14:15:13.310`)
* [CVE-2023-1905](CVE-2023/CVE-2023-19xx/CVE-2023-1905.json) (`2023-05-08T14:15:13.417`)
* [CVE-2023-2114](CVE-2023/CVE-2023-21xx/CVE-2023-2114.json) (`2023-05-08T14:15:13.507`)
* [CVE-2023-22779](CVE-2023/CVE-2023-227xx/CVE-2023-22779.json) (`2023-05-08T15:15:09.817`)
* [CVE-2023-22780](CVE-2023/CVE-2023-227xx/CVE-2023-22780.json) (`2023-05-08T15:15:09.880`)
* [CVE-2023-22781](CVE-2023/CVE-2023-227xx/CVE-2023-22781.json) (`2023-05-08T15:15:09.943`)
* [CVE-2023-22782](CVE-2023/CVE-2023-227xx/CVE-2023-22782.json) (`2023-05-08T15:15:10.010`)
* [CVE-2023-22783](CVE-2023/CVE-2023-227xx/CVE-2023-22783.json) (`2023-05-08T15:15:10.100`)
* [CVE-2023-22784](CVE-2023/CVE-2023-227xx/CVE-2023-22784.json) (`2023-05-08T15:15:10.167`)
* [CVE-2023-22785](CVE-2023/CVE-2023-227xx/CVE-2023-22785.json) (`2023-05-08T15:15:10.233`)
* [CVE-2023-22786](CVE-2023/CVE-2023-227xx/CVE-2023-22786.json) (`2023-05-08T15:15:10.303`)
* [CVE-2023-22787](CVE-2023/CVE-2023-227xx/CVE-2023-22787.json) (`2023-05-08T15:15:10.367`)
* [CVE-2023-22788](CVE-2023/CVE-2023-227xx/CVE-2023-22788.json) (`2023-05-08T15:15:10.440`)
* [CVE-2023-22789](CVE-2023/CVE-2023-227xx/CVE-2023-22789.json) (`2023-05-08T15:15:10.503`)
* [CVE-2023-22790](CVE-2023/CVE-2023-227xx/CVE-2023-22790.json) (`2023-05-08T15:15:10.573`)
* [CVE-2023-22791](CVE-2023/CVE-2023-227xx/CVE-2023-22791.json) (`2023-05-08T15:15:10.647`)
* [CVE-2023-24408](CVE-2023/CVE-2023-244xx/CVE-2023-24408.json) (`2023-05-08T15:15:10.730`)
* [CVE-2023-28493](CVE-2023/CVE-2023-284xx/CVE-2023-28493.json) (`2023-05-08T15:15:10.910`)
* [CVE-2023-29693](CVE-2023/CVE-2023-296xx/CVE-2023-29693.json) (`2023-05-08T15:15:10.983`)
* [CVE-2023-29696](CVE-2023/CVE-2023-296xx/CVE-2023-29696.json) (`2023-05-08T15:15:11.033`)
* [CVE-2023-30019](CVE-2023/CVE-2023-300xx/CVE-2023-30019.json) (`2023-05-08T15:15:11.087`)
* [CVE-2023-30092](CVE-2023/CVE-2023-300xx/CVE-2023-30092.json) (`2023-05-08T15:15:11.137`)
### CVEs modified in the last Commit
Recently modified CVEs: `38`
Recently modified CVEs: `16`
* [CVE-2012-5873](CVE-2012/CVE-2012-58xx/CVE-2012-5873.json) (`2023-05-08T13:37:47.017`)
* [CVE-2015-5122](CVE-2015/CVE-2015-51xx/CVE-2015-5122.json) (`2023-05-08T13:29:02.290`)
* [CVE-2015-8652](CVE-2015/CVE-2015-86xx/CVE-2015-8652.json) (`2023-05-08T13:29:02.290`)
* [CVE-2015-8653](CVE-2015/CVE-2015-86xx/CVE-2015-8653.json) (`2023-05-08T13:29:02.290`)
* [CVE-2015-8654](CVE-2015/CVE-2015-86xx/CVE-2015-8654.json) (`2023-05-08T13:29:02.290`)
* [CVE-2015-8655](CVE-2015/CVE-2015-86xx/CVE-2015-8655.json) (`2023-05-08T13:29:02.290`)
* [CVE-2015-8656](CVE-2015/CVE-2015-86xx/CVE-2015-8656.json) (`2023-05-08T13:29:02.290`)
* [CVE-2015-8657](CVE-2015/CVE-2015-86xx/CVE-2015-8657.json) (`2023-05-08T13:29:02.290`)
* [CVE-2015-8658](CVE-2015/CVE-2015-86xx/CVE-2015-8658.json) (`2023-05-08T13:29:02.290`)
* [CVE-2015-8820](CVE-2015/CVE-2015-88xx/CVE-2015-8820.json) (`2023-05-08T13:29:02.290`)
* [CVE-2015-8821](CVE-2015/CVE-2015-88xx/CVE-2015-8821.json) (`2023-05-08T13:29:02.290`)
* [CVE-2015-8822](CVE-2015/CVE-2015-88xx/CVE-2015-8822.json) (`2023-05-08T13:29:02.290`)
* [CVE-2016-0959](CVE-2016/CVE-2016-09xx/CVE-2016-0959.json) (`2023-05-08T13:29:02.290`)
* [CVE-2020-7808](CVE-2020/CVE-2020-78xx/CVE-2020-7808.json) (`2023-05-08T13:29:02.290`)
* [CVE-2022-45818](CVE-2022/CVE-2022-458xx/CVE-2022-45818.json) (`2023-05-08T13:39:29.693`)
* [CVE-2023-2248](CVE-2023/CVE-2023-22xx/CVE-2023-2248.json) (`2023-05-08T12:15:10.367`)
* [CVE-2023-23723](CVE-2023/CVE-2023-237xx/CVE-2023-23723.json) (`2023-05-08T13:40:17.417`)
* [CVE-2023-23808](CVE-2023/CVE-2023-238xx/CVE-2023-23808.json) (`2023-05-08T13:45:40.917`)
* [CVE-2023-23809](CVE-2023/CVE-2023-238xx/CVE-2023-23809.json) (`2023-05-08T13:45:31.337`)
* [CVE-2023-23830](CVE-2023/CVE-2023-238xx/CVE-2023-23830.json) (`2023-05-08T13:41:15.720`)
* [CVE-2023-23875](CVE-2023/CVE-2023-238xx/CVE-2023-23875.json) (`2023-05-08T13:30:47.220`)
* [CVE-2023-23881](CVE-2023/CVE-2023-238xx/CVE-2023-23881.json) (`2023-05-08T13:37:37.803`)
* [CVE-2023-2534](CVE-2023/CVE-2023-25xx/CVE-2023-2534.json) (`2023-05-08T12:50:24.320`)
* [CVE-2023-25458](CVE-2023/CVE-2023-254xx/CVE-2023-25458.json) (`2023-05-08T13:38:48.890`)
* [CVE-2023-2566](CVE-2023/CVE-2023-25xx/CVE-2023-2566.json) (`2023-05-08T12:50:24.320`)
* [CVE-2023-25961](CVE-2023/CVE-2023-259xx/CVE-2023-25961.json) (`2023-05-08T13:30:06.533`)
* [CVE-2023-25967](CVE-2023/CVE-2023-259xx/CVE-2023-25967.json) (`2023-05-08T13:44:41.297`)
* [CVE-2023-25977](CVE-2023/CVE-2023-259xx/CVE-2023-25977.json) (`2023-05-08T13:29:20.623`)
* [CVE-2023-25982](CVE-2023/CVE-2023-259xx/CVE-2023-25982.json) (`2023-05-08T13:32:45.317`)
* [CVE-2023-26017](CVE-2023/CVE-2023-260xx/CVE-2023-26017.json) (`2023-05-08T13:44:04.073`)
* [CVE-2023-27999](CVE-2023/CVE-2023-279xx/CVE-2023-27999.json) (`2023-05-08T13:50:59.043`)
* [CVE-2023-28261](CVE-2023/CVE-2023-282xx/CVE-2023-28261.json) (`2023-05-08T13:58:25.660`)
* [CVE-2023-28286](CVE-2023/CVE-2023-282xx/CVE-2023-28286.json) (`2023-05-08T13:54:28.333`)
* [CVE-2023-29247](CVE-2023/CVE-2023-292xx/CVE-2023-29247.json) (`2023-05-08T12:50:24.320`)
* [CVE-2023-29334](CVE-2023/CVE-2023-293xx/CVE-2023-29334.json) (`2023-05-08T13:40:30.013`)
* [CVE-2023-30018](CVE-2023/CVE-2023-300xx/CVE-2023-30018.json) (`2023-05-08T12:50:24.320`)
* [CVE-2023-31038](CVE-2023/CVE-2023-310xx/CVE-2023-31038.json) (`2023-05-08T12:50:24.320`)
* [CVE-2023-31039](CVE-2023/CVE-2023-310xx/CVE-2023-31039.json) (`2023-05-08T12:50:24.320`)
* [CVE-2023-2374](CVE-2023/CVE-2023-23xx/CVE-2023-2374.json) (`2023-05-08T14:04:08.280`)
* [CVE-2023-2375](CVE-2023/CVE-2023-23xx/CVE-2023-2375.json) (`2023-05-08T14:06:37.457`)
* [CVE-2023-2376](CVE-2023/CVE-2023-23xx/CVE-2023-2376.json) (`2023-05-08T14:06:02.730`)
* [CVE-2023-2377](CVE-2023/CVE-2023-23xx/CVE-2023-2377.json) (`2023-05-08T14:05:14.903`)
* [CVE-2023-2378](CVE-2023/CVE-2023-23xx/CVE-2023-2378.json) (`2023-05-08T14:09:36.283`)
* [CVE-2023-2379](CVE-2023/CVE-2023-23xx/CVE-2023-2379.json) (`2023-05-08T14:03:43.337`)
* [CVE-2023-25754](CVE-2023/CVE-2023-257xx/CVE-2023-25754.json) (`2023-05-08T15:15:10.830`)
* [CVE-2023-26243](CVE-2023/CVE-2023-262xx/CVE-2023-26243.json) (`2023-05-08T14:14:58.957`)
* [CVE-2023-26244](CVE-2023/CVE-2023-262xx/CVE-2023-26244.json) (`2023-05-08T14:15:15.390`)
* [CVE-2023-26245](CVE-2023/CVE-2023-262xx/CVE-2023-26245.json) (`2023-05-08T14:15:48.107`)
* [CVE-2023-26246](CVE-2023/CVE-2023-262xx/CVE-2023-26246.json) (`2023-05-08T14:15:42.497`)
* [CVE-2023-26560](CVE-2023/CVE-2023-265xx/CVE-2023-26560.json) (`2023-05-08T14:16:07.847`)
* [CVE-2023-26735](CVE-2023/CVE-2023-267xx/CVE-2023-26735.json) (`2023-05-08T14:26:16.970`)
* [CVE-2023-30404](CVE-2023/CVE-2023-304xx/CVE-2023-30404.json) (`2023-05-08T14:01:58.300`)
* [CVE-2023-30405](CVE-2023/CVE-2023-304xx/CVE-2023-30405.json) (`2023-05-08T14:04:49.080`)
* [CVE-2023-31039](CVE-2023/CVE-2023-310xx/CVE-2023-31039.json) (`2023-05-08T15:15:11.183`)
## Download and Usage