admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-03T22:00:29.636831+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-03 22:00:33 +00:00
parent 44a9794988
commit c09d2fef1a
45 changed files with 1120 additions and 247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2020/CVE-2020-216xx/CVE-2020-21662.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2020-21662",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T14:15:09.900",
"lastModified": "2023-07-31T14:45:51.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T20:25:54.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yunyecms:yunyecms:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55713C33-8B3A-461F-B466-BB7149CB4B9B"
}
]
}
]
}
],
"references": [
{
"url": "http://note.youdao.com/noteshare?id=5c3b984ee36dfd1da690e0b5963926bc",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2021/CVE-2021-23xx/CVE-2021-2369.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-2369",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2021-07-21T15:15:31.057",
"lastModified": "2022-09-23T14:00:37.233",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T20:15:09.717",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -138,6 +138,10 @@
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982879",
"source": "secalert_us@oracle.com"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html",
"source": "secalert_us@oracle.com",

63
CVE-2021/CVE-2021-316xx/CVE-2021-31651.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2021-31651",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T14:15:10.027",
"lastModified": "2023-07-31T14:45:51.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T20:10:34.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:neofr:neofrag:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F270FBF4-F7F5-4EF3-BCEE-E5D3A6258B51"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/NeoFrag/NeoFrag/issues/92",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2021/CVE-2021-352xx/CVE-2021-35226.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-35226",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2022-10-10T23:15:14.193",
"lastModified": "2023-08-03T17:15:10.397",
"lastModified": "2023-08-03T21:15:10.437",
"vulnStatus": "Modified",
"descriptions": [
{
@ -75,7 +75,7 @@
"description": [
{
"lang": "en",
"value": "CWE-89"
"value": "CWE-326"
}
]
}

8
CVE-2021/CVE-2021-352xx/CVE-2021-35232.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-35232",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2021-12-27T19:15:08.290",
"lastModified": "2022-01-12T15:31:10.680",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:11.197",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database."
"value": "Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.\n\n"
},
{
"lang": "es",
@ -100,7 +100,7 @@
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "CWE-798"
}
]
}

8
CVE-2021/CVE-2021-352xx/CVE-2021-35234.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-35234",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2021-12-20T21:15:08.057",
"lastModified": "2022-10-07T20:46:09.517",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:11.387",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information."
"value": "Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.\n\n"
},
{
"lang": "es",
@ -100,7 +100,7 @@
"description": [
{
"lang": "en",
"value": "CWE-749"
"value": "CWE-89"
}
]
}

8
CVE-2021/CVE-2021-352xx/CVE-2021-35237.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-35237",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2021-10-29T14:15:07.607",
"lastModified": "2023-07-07T19:27:36.727",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:11.590",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server."
"value": "A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server.\n\n"
},
{
"lang": "es",
@ -100,7 +100,7 @@
"description": [
{
"lang": "en",
"value": "CWE-693"
"value": "CWE-1021"
}
]
}

6
CVE-2021/CVE-2021-352xx/CVE-2021-35246.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-35246",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2022-11-23T17:15:09.943",
"lastModified": "2023-07-07T19:16:36.970",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:11.773",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -71,7 +71,7 @@
"description": [
{
"lang": "en",
"value": "CWE-838"
"value": "CWE-319"
}
]
}

8
CVE-2021/CVE-2021-352xx/CVE-2021-35248.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-35248",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2021-12-20T21:15:08.157",
"lastModified": "2022-07-14T18:04:01.903",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:11.923",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings."
"value": "It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.\n\n"
},
{
"lang": "es",
@ -100,7 +100,7 @@
"description": [
{
"lang": "en",
"value": "CWE-284"
"value": "CWE-732"
}
]
}

8
CVE-2021/CVE-2021-352xx/CVE-2021-35250.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-35250",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2022-04-25T20:15:41.787",
"lastModified": "2022-05-05T19:40:25.843",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:12.083",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1."
"value": "A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.\n\n"
},
{
"lang": "es",
@ -100,7 +100,7 @@
"description": [
{
"lang": "en",
"value": "CWE-538"
"value": "CWE-22"
}
]
}

10
CVE-2022/CVE-2022-369xx/CVE-2022-36960.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-36960",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2022-11-29T21:15:10.693",
"lastModified": "2023-06-27T20:07:35.373",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:12.260",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges."
"value": "SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.\n\n"
}
],
"metrics": {
@ -73,6 +73,10 @@
"source": "psirt@solarwinds.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-287"

8
CVE-2022/CVE-2022-381xx/CVE-2022-38114.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38114",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2022-11-23T17:15:10.167",
"lastModified": "2023-08-03T18:15:10.917",
"lastModified": "2023-08-03T21:15:12.417",
"vulnStatus": "Modified",
"descriptions": [
{
@ -75,7 +75,11 @@
"description": [
{
"lang": "en",
"value": "CWE-603"
"value": "CWE-444"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}

66
CVE-2022/CVE-2022-438xx/CVE-2022-43831.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-43831",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-07-31T01:15:09.550",
"lastModified": "2023-07-31T12:54:46.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T20:26:02.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -38,14 +58,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.2.1",
"versionEndIncluding": "5.1.6.1",
"matchCriteriaId": "CB1EBBB8-736D-4B28-A007-6DE4100A602B"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238941",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7015067",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2022/CVE-2022-475xx/CVE-2022-47503.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-47503",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-02-15T19:15:11.883",
"lastModified": "2023-02-24T18:43:12.177",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T20:15:10.577",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands."
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.\n\n"
}
],
"metrics": {
@ -37,19 +37,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]

14
CVE-2022/CVE-2022-475xx/CVE-2022-47504.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-47504",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-02-15T19:15:11.963",
"lastModified": "2023-02-24T18:43:35.110",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T20:15:11.023",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands."
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.\n\n"
}
],
"metrics": {
@ -37,19 +37,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]

8
CVE-2022/CVE-2022-475xx/CVE-2022-47505.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-47505",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-04-21T20:15:07.173",
"lastModified": "2023-05-02T17:10:35.553",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:12.567",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges."
"value": "The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.\n\n"
}
],
"metrics": {
@ -71,7 +71,7 @@
"description": [
{
"lang": "en",
"value": "CWE-59"
"value": "CWE-269"
}
]
}

14
CVE-2022/CVE-2022-475xx/CVE-2022-47506.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-47506",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-02-15T19:15:12.050",
"lastModified": "2023-02-24T18:44:02.073",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:12.730",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands."
"value": "SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.\n\n"
}
],
"metrics": {
@ -37,8 +37,8 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
@ -46,10 +46,10 @@
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]

14
CVE-2022/CVE-2022-475xx/CVE-2022-47507.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-47507",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-02-15T19:15:12.133",
"lastModified": "2023-02-24T18:45:07.510",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:12.867",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands."
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.\n\n"
}
],
"metrics": {
@ -37,19 +37,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]

16
CVE-2022/CVE-2022-475xx/CVE-2022-47509.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-47509",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-04-21T20:15:07.247",
"lastModified": "2023-05-02T20:11:21.690",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:12.990",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML."
"value": "The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.\n\n"
}
],
"metrics": {
@ -37,20 +37,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
"impactScore": 2.7
}
]
},

18
CVE-2022/CVE-2022-475xx/CVE-2022-47512.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-47512",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2022-12-19T16:15:11.260",
"lastModified": "2022-12-27T19:54:42.817",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:13.127",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected"
"value": "Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected\n\n"
}
],
"metrics": {
@ -37,20 +37,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},

53
CVE-2023/CVE-2023-06xx/CVE-2023-0602.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-0602",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-31T10:15:10.333",
"lastModified": "2023-07-31T12:54:46.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T20:35:13.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:johnniejodelljr:twittee_text_tweet:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.8",
"matchCriteriaId": "942F715B-4924-4AEE-897C-2D0BBD509EC3"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/c357f93d-4f21-4cd9-9378-d97756c75255",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-238xx/CVE-2023-23836.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-23836",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-02-15T19:15:13.007",
"lastModified": "2023-02-24T15:31:29.103",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:13.297",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands."
"value": "SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.\n\n"
}
],
"metrics": {
@ -37,19 +37,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]

20
CVE-2023/CVE-2023-238xx/CVE-2023-23837.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-23837",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-04-25T18:15:09.300",
"lastModified": "2023-05-04T19:30:04.907",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:13.427",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "No exception handling vulnerability which revealed sensitive or excessive information to users."
"value": "No exception handling vulnerability which revealed sensitive or excessive information to users.\n\n"
}
],
"metrics": {
@ -37,20 +37,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

20
CVE-2023/CVE-2023-238xx/CVE-2023-23838.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-23838",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-04-25T18:15:09.370",
"lastModified": "2023-05-04T19:32:26.440",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:13.577",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server."
"value": "Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.\n\n"
}
],
"metrics": {
@ -37,19 +37,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.4,
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]

18
CVE-2023/CVE-2023-238xx/CVE-2023-23839.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-23839",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-04-25T21:15:10.117",
"lastModified": "2023-05-04T21:19:44.067",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:13.687",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information."
"value": "The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.\n\n"
}
],
"metrics": {
@ -37,20 +37,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},

16
CVE-2023/CVE-2023-238xx/CVE-2023-23841.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23841",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-06-15T22:15:09.227",
"lastModified": "2023-07-07T23:15:09.253",
"lastModified": "2023-08-03T21:15:13.827",
"vulnStatus": "Modified",
"descriptions": [
{
@ -41,19 +41,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]

14
CVE-2023/CVE-2023-238xx/CVE-2023-23843.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23843",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-07-26T14:15:10.070",
"lastModified": "2023-08-02T20:50:45.300",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:13.960",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -37,8 +37,8 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
@ -46,10 +46,10 @@
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.9,
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]

14
CVE-2023/CVE-2023-238xx/CVE-2023-23844.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23844",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-07-26T14:15:10.150",
"lastModified": "2023-08-01T20:29:41.527",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:14.107",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -37,8 +37,8 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
@ -46,10 +46,10 @@
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.9,
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]

53
CVE-2023/CVE-2023-31xx/CVE-2023-3130.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3130",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-31T10:15:10.420",
"lastModified": "2023-07-31T12:54:46.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T21:24:30.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kaizencoders:short_url:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6.5",
"matchCriteriaId": "A05A21BD-07F2-4C72-AFB8-9493A92A4DDB"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/6e167864-c304-402e-8b2d-d47b5a3767d1",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-31xx/CVE-2023-3134.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3134",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-31T10:15:10.500",
"lastModified": "2023-07-31T12:54:46.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T21:00:41.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.24.4",
"matchCriteriaId": "6B0F6EFE-F535-4A28-9FF6-37A9C858C1EE"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/6d50d3cc-7563-42c4-977b-f834fee711da",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-322xx/CVE-2023-32225.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32225",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-07-30T08:15:46.760",
"lastModified": "2023-07-31T12:54:52.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T20:46:02.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@ -46,10 +76,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sysaid:sysaid_on-premises:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.2.14",
"matchCriteriaId": "2D585591-92E3-480D-992B-6314168F2AC2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
"source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-322xx/CVE-2023-32226.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32226",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-07-30T08:15:47.160",
"lastModified": "2023-07-31T12:54:52.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T20:49:39.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@ -46,10 +76,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sysaid:sysaid_on-premises:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.2.14",
"matchCriteriaId": "2D585591-92E3-480D-992B-6314168F2AC2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
"source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-322xx/CVE-2023-32227.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32227",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-07-30T09:15:09.570",
"lastModified": "2023-07-31T12:54:52.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T20:54:18.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@ -46,10 +76,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synel:synergy\\/a_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3015.1",
"matchCriteriaId": "7C3431BE-8E85-40A8-91D9-A3C03C81BF7A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synel:synergy\\/a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CEB5432-74EB-4A98-AA18-897CABE4AF26"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
"source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-332xx/CVE-2023-33224.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33224",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-07-26T14:15:10.340",
"lastModified": "2023-08-02T20:52:12.910",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:14.230",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -37,8 +37,8 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
@ -46,10 +46,10 @@
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.9,
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]

16
CVE-2023/CVE-2023-332xx/CVE-2023-33231.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33231",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-07-18T17:15:11.397",
"lastModified": "2023-07-27T03:56:11.813",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-03T21:15:14.363",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -37,20 +37,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
"impactScore": 2.7
}
]
},

24
CVE-2023/CVE-2023-336xx/CVE-2023-33666.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33666",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T20:15:11.337",
"lastModified": "2023-08-03T20:15:11.337",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php."
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/08/03/aioptimizedcombinations.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.boutique.ai-dev.fr/en/ergonomie/59-optimized-combinations.html",
"source": "cve@mitre.org"
}
]
}

53
CVE-2023/CVE-2023-33xx/CVE-2023-3345.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3345",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-31T10:15:10.653",
"lastModified": "2023-07-31T12:54:46.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T20:30:11.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:masteriyo:masteriyo:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6.8",
"matchCriteriaId": "68D5B983-C89A-4BE7-884D-3DB7D09BB2F1"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0d07423e-98d2-43a3-824d-562747a3d65a",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-35xx/CVE-2023-3507.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3507",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-31T10:15:10.847",
"lastModified": "2023-07-31T12:54:46.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T20:06:15.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre-orders:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.3",
"matchCriteriaId": "96141F7F-A70D-4F84-BFD8-462E327688F4"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/e72bbe9b-e51d-40ab-820d-404e0cb86ee6",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-35xx/CVE-2023-3508.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3508",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-31T10:15:10.923",
"lastModified": "2023-07-31T12:54:46.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T20:03:41.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woocommerce:woocommerce_pre-orders:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.3",
"matchCriteriaId": "96141F7F-A70D-4F84-BFD8-462E327688F4"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/064c7acb-db57-4537-8a6d-32f7ea31c738",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-372xx/CVE-2023-37213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37213",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-07-30T09:15:10.133",
"lastModified": "2023-07-31T12:54:52.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T21:21:59.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@ -46,10 +76,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:synel:synergy\\/a_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3015.1",
"matchCriteriaId": "7C3431BE-8E85-40A8-91D9-A3C03C81BF7A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:synel:synergy\\/a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CEB5432-74EB-4A98-AA18-897CABE4AF26"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
"source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-37xx/CVE-2023-3749.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3749",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2023-08-03T20:15:11.883",
"lastModified": "2023-08-03T20:15:11.883",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productsecurity@jci.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "productsecurity@jci.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-349"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-04",
"source": "productsecurity@jci.com"
},
{
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"source": "productsecurity@jci.com"
}
]
}

24
CVE-2023/CVE-2023-391xx/CVE-2023-39121.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39121",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T20:15:11.623",
"lastModified": "2023-08-03T20:15:11.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/safe-b/CVE/issues/1",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/safe-b/CVE/issues/1#issue-1817133689",
"source": "cve@mitre.org"
}
]
}

54
CVE-2023/CVE-2023-40xx/CVE-2023-4005.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4005",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-07-31T01:15:09.840",
"lastModified": "2023-07-31T12:54:46.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T20:40:43.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.5.5",
"matchCriteriaId": "5064D6F1-C513-447E-9D1F-2523C10A0FB2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
]
}
]
}

54
CVE-2023/CVE-2023-40xx/CVE-2023-4006.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4006",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-07-31T01:15:09.937",
"lastModified": "2023-07-31T12:54:46.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T20:39:51.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.16",
"matchCriteriaId": "EF9F1132-3D27-4D51-AF94-75A8C3DDE21F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
]
}
]
}

70
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-03T20:00:27.907454+00:00
2023-08-03T22:00:29.636831+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-03T19:57:55.053000+00:00
2023-08-03T21:24:30.280000+00:00
```
### Last Data Feed Release
@ -29,51 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
221597
221600
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `3`
* [CVE-2022-42986](CVE-2022/CVE-2022-429xx/CVE-2022-42986.json) (`2023-08-03T18:15:11.113`)
* [CVE-2023-32764](CVE-2023/CVE-2023-327xx/CVE-2023-32764.json) (`2023-08-03T18:15:11.230`)
* [CVE-2023-35081](CVE-2023/CVE-2023-350xx/CVE-2023-35081.json) (`2023-08-03T18:15:11.303`)
* [CVE-2023-36217](CVE-2023/CVE-2023-362xx/CVE-2023-36217.json) (`2023-08-03T18:15:11.397`)
* [CVE-2023-39075](CVE-2023/CVE-2023-390xx/CVE-2023-39075.json) (`2023-08-03T18:15:11.477`)
* [CVE-2023-0956](CVE-2023/CVE-2023-09xx/CVE-2023-0956.json) (`2023-08-03T19:15:10.323`)
* [CVE-2023-38942](CVE-2023/CVE-2023-389xx/CVE-2023-38942.json) (`2023-08-03T19:15:10.600`)
* [CVE-2023-33666](CVE-2023/CVE-2023-336xx/CVE-2023-33666.json) (`2023-08-03T20:15:11.337`)
* [CVE-2023-39121](CVE-2023/CVE-2023-391xx/CVE-2023-39121.json) (`2023-08-03T20:15:11.623`)
* [CVE-2023-3749](CVE-2023/CVE-2023-37xx/CVE-2023-3749.json) (`2023-08-03T20:15:11.883`)
### CVEs modified in the last Commit
Recently modified CVEs: `32`
Recently modified CVEs: `41`
* [CVE-2022-2502](CVE-2022/CVE-2022-25xx/CVE-2022-2502.json) (`2023-08-03T19:26:16.343`)
* [CVE-2023-39020](CVE-2023/CVE-2023-390xx/CVE-2023-39020.json) (`2023-08-03T18:01:31.200`)
* [CVE-2023-39018](CVE-2023/CVE-2023-390xx/CVE-2023-39018.json) (`2023-08-03T18:04:07.150`)
* [CVE-2023-39017](CVE-2023/CVE-2023-390xx/CVE-2023-39017.json) (`2023-08-03T18:05:20.460`)
* [CVE-2023-39016](CVE-2023/CVE-2023-390xx/CVE-2023-39016.json) (`2023-08-03T18:07:14.903`)
* [CVE-2023-38609](CVE-2023/CVE-2023-386xx/CVE-2023-38609.json) (`2023-08-03T18:09:27.580`)
* [CVE-2023-39015](CVE-2023/CVE-2023-390xx/CVE-2023-39015.json) (`2023-08-03T18:09:48.280`)
* [CVE-2023-39013](CVE-2023/CVE-2023-390xx/CVE-2023-39013.json) (`2023-08-03T18:10:07.200`)
* [CVE-2023-39010](CVE-2023/CVE-2023-390xx/CVE-2023-39010.json) (`2023-08-03T18:10:42.550`)
* [CVE-2023-38992](CVE-2023/CVE-2023-389xx/CVE-2023-38992.json) (`2023-08-03T18:10:52.757`)
* [CVE-2023-37754](CVE-2023/CVE-2023-377xx/CVE-2023-37754.json) (`2023-08-03T18:11:04.527`)
* [CVE-2023-39122](CVE-2023/CVE-2023-391xx/CVE-2023-39122.json) (`2023-08-03T18:15:11.547`)
* [CVE-2023-32443](CVE-2023/CVE-2023-324xx/CVE-2023-32443.json) (`2023-08-03T18:16:54.600`)
* [CVE-2023-32468](CVE-2023/CVE-2023-324xx/CVE-2023-32468.json) (`2023-08-03T18:23:50.197`)
* [CVE-2023-3977](CVE-2023/CVE-2023-39xx/CVE-2023-3977.json) (`2023-08-03T18:29:30.730`)
* [CVE-2023-37467](CVE-2023/CVE-2023-374xx/CVE-2023-37467.json) (`2023-08-03T18:34:44.600`)
* [CVE-2023-2860](CVE-2023/CVE-2023-28xx/CVE-2023-2860.json) (`2023-08-03T18:39:50.520`)
* [CVE-2023-35087](CVE-2023/CVE-2023-350xx/CVE-2023-35087.json) (`2023-08-03T18:43:53.560`)
* [CVE-2023-3670](CVE-2023/CVE-2023-36xx/CVE-2023-3670.json) (`2023-08-03T18:44:39.050`)
* [CVE-2023-3773](CVE-2023/CVE-2023-37xx/CVE-2023-3773.json) (`2023-08-03T18:51:44.460`)
* [CVE-2023-38988](CVE-2023/CVE-2023-389xx/CVE-2023-38988.json) (`2023-08-03T18:54:14.513`)
* [CVE-2023-36542](CVE-2023/CVE-2023-365xx/CVE-2023-36542.json) (`2023-08-03T19:09:29.110`)
* [CVE-2023-37216](CVE-2023/CVE-2023-372xx/CVE-2023-37216.json) (`2023-08-03T19:14:49.727`)
* [CVE-2023-4007](CVE-2023/CVE-2023-40xx/CVE-2023-4007.json) (`2023-08-03T19:16:00.417`)
* [CVE-2023-38572](CVE-2023/CVE-2023-385xx/CVE-2023-38572.json) (`2023-08-03T19:57:55.053`)
* [CVE-2022-47506](CVE-2022/CVE-2022-475xx/CVE-2022-47506.json) (`2023-08-03T21:15:12.730`)
* [CVE-2022-47507](CVE-2022/CVE-2022-475xx/CVE-2022-47507.json) (`2023-08-03T21:15:12.867`)
* [CVE-2022-47509](CVE-2022/CVE-2022-475xx/CVE-2022-47509.json) (`2023-08-03T21:15:12.990`)
* [CVE-2022-47512](CVE-2022/CVE-2022-475xx/CVE-2022-47512.json) (`2023-08-03T21:15:13.127`)
* [CVE-2023-3508](CVE-2023/CVE-2023-35xx/CVE-2023-3508.json) (`2023-08-03T20:03:41.923`)
* [CVE-2023-3507](CVE-2023/CVE-2023-35xx/CVE-2023-3507.json) (`2023-08-03T20:06:15.517`)
* [CVE-2023-3345](CVE-2023/CVE-2023-33xx/CVE-2023-3345.json) (`2023-08-03T20:30:11.853`)
* [CVE-2023-0602](CVE-2023/CVE-2023-06xx/CVE-2023-0602.json) (`2023-08-03T20:35:13.990`)
* [CVE-2023-4006](CVE-2023/CVE-2023-40xx/CVE-2023-4006.json) (`2023-08-03T20:39:51.860`)
* [CVE-2023-4005](CVE-2023/CVE-2023-40xx/CVE-2023-4005.json) (`2023-08-03T20:40:43.133`)
* [CVE-2023-32225](CVE-2023/CVE-2023-322xx/CVE-2023-32225.json) (`2023-08-03T20:46:02.310`)
* [CVE-2023-32226](CVE-2023/CVE-2023-322xx/CVE-2023-32226.json) (`2023-08-03T20:49:39.170`)
* [CVE-2023-32227](CVE-2023/CVE-2023-322xx/CVE-2023-32227.json) (`2023-08-03T20:54:18.493`)
* [CVE-2023-3134](CVE-2023/CVE-2023-31xx/CVE-2023-3134.json) (`2023-08-03T21:00:41.997`)
* [CVE-2023-23836](CVE-2023/CVE-2023-238xx/CVE-2023-23836.json) (`2023-08-03T21:15:13.297`)
* [CVE-2023-23837](CVE-2023/CVE-2023-238xx/CVE-2023-23837.json) (`2023-08-03T21:15:13.427`)
* [CVE-2023-23838](CVE-2023/CVE-2023-238xx/CVE-2023-23838.json) (`2023-08-03T21:15:13.577`)
* [CVE-2023-23839](CVE-2023/CVE-2023-238xx/CVE-2023-23839.json) (`2023-08-03T21:15:13.687`)
* [CVE-2023-23841](CVE-2023/CVE-2023-238xx/CVE-2023-23841.json) (`2023-08-03T21:15:13.827`)
* [CVE-2023-23843](CVE-2023/CVE-2023-238xx/CVE-2023-23843.json) (`2023-08-03T21:15:13.960`)
* [CVE-2023-23844](CVE-2023/CVE-2023-238xx/CVE-2023-23844.json) (`2023-08-03T21:15:14.107`)
* [CVE-2023-33224](CVE-2023/CVE-2023-332xx/CVE-2023-33224.json) (`2023-08-03T21:15:14.230`)
* [CVE-2023-33231](CVE-2023/CVE-2023-332xx/CVE-2023-33231.json) (`2023-08-03T21:15:14.363`)
* [CVE-2023-37213](CVE-2023/CVE-2023-372xx/CVE-2023-37213.json) (`2023-08-03T21:21:59.040`)
* [CVE-2023-3130](CVE-2023/CVE-2023-31xx/CVE-2023-3130.json) (`2023-08-03T21:24:30.280`)
## Download and Usage