admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-03T20:00:24.416909+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-03 22:00:27 +02:00
parent ece8887578
commit c0a5ebc91b
28 changed files with 1311 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
CVE-2022/CVE-2022-283xx/CVE-2022-28354.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2022-28354",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T21:15:09.110",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T19:30:39.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mybb:active_threads:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D236019-CC31-453B-BC6C-527265A2AF5F"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/171402/MyBB-Active-Threads-1.3.0-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://community.mybb.com/mods.php?action=view&pid=1336",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2022/CVE-2022-296xx/CVE-2022-29607.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2022-29607",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-20T13:15:07.507",
"lastModified": "2023-04-20T13:15:13.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T19:57:57.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-670"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414"
}
]
}
]
}
],
"references": [
{
"url": "https://wiki.onosproject.org/display/ONOS/Intent+Framework",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

70
CVE-2022/CVE-2022-296xx/CVE-2022-29608.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2022-29608",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-20T13:15:07.567",
"lastModified": "2023-04-20T13:15:13.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T18:02:12.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414"
}
]
}
]
}
],
"references": [
{
"url": "https://wiki.onosproject.org/display/ONOS/Intent+Framework",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-02xx/CVE-2023-0276.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-0276",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.653",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T19:26:53.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:weavertheme:weaver_xtreme_theme_support:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.2.7",
"matchCriteriaId": "288F3D81-06CD-4F7D-B32C-00BEFC031575"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d00824a3-7df5-4b52-a31b-5fdfb19c970f",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-03xx/CVE-2023-0388.json
View File

@ -2,18 +2,41 @@
"id": "CVE-2023-0388",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.723",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T19:26:23.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -21,12 +44,44 @@
"value": "CWE-89"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:random_text_project:random_text:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.3.0",
"matchCriteriaId": "CC148352-A7A5-45BB-8D9D-E1CCF294D3D5"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/77861a2e-879a-4bd0-b4c0-cd19481ace5d",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-04xx/CVE-2023-0418.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-0418",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.803",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T19:17:58.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:video_central_project:video_central:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.0",
"matchCriteriaId": "FA4FDE3D-67AA-42BB-9557-6625B867BAD7"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/821751bb-feaf-45b8-91a9-e173cb0c05fc",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-04xx/CVE-2023-0420.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-0420",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.870",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T19:08:13.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -27,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:custom_post_type_and_taxonomy_gui_manager_project:custom_post_type_and_taxonomy_gui_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1",
"matchCriteriaId": "896EFA68-539A-4195-9EC4-5EB4D0277760"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/266e417f-ece7-4ff5-a724-4d9c8e2f3faa",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-04xx/CVE-2023-0424.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-0424",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.953",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T19:08:32.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ms-reviews_project:ms-reviews:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5",
"matchCriteriaId": "094E8370-C46A-4D44-BC1F-41F7A2937333"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/b0f8713f-54b2-4ab2-a475-60a1692a50e9",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-14xx/CVE-2023-1414.json
View File

@ -2,18 +2,41 @@
"id": "CVE-2023-1414",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.410",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T19:06:04.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -25,12 +48,48 @@
"value": "CWE-862"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coderex:wp_vr:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "8.3.0",
"matchCriteriaId": "D84A7457-6D0D-4308-9E7B-B79E18178857"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d61d4be7-9251-4c62-8fb7-8a456aa6969e",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-16xx/CVE-2023-1623.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-1623",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.627",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T19:10:02.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webdevstudios:custom_post_type_ui:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.13.5",
"matchCriteriaId": "3D8E6F26-11C1-463E-987A-CECC08755E4D"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/a04d3808-f4fc-4d77-a1bd-be623cd7053e",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-22xx/CVE-2023-2260.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2260",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-24T21:15:09.613",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T19:52:26.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -36,8 +58,18 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +78,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alf:alf:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0-m4-2304",
"matchCriteriaId": "DB945ACA-B596-417D-9832-1137D9B9C640"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/alfio-event/alf.io/commit/c9a16ab93d42b2beb06d529b57890121f85be6ef",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/649badc8-c935-4a84-8aa8-d3269ac54377",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit"
]
}
]
}

4
CVE-2023/CVE-2023-238xx/CVE-2023-23830.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23830",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-03T16:15:09.717",
"lastModified": "2023-05-03T16:15:09.717",
"vulnStatus": "Received",
"lastModified": "2023-05-03T19:07:24.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-238xx/CVE-2023-23875.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23875",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-03T16:15:10.130",
"lastModified": "2023-05-03T16:15:10.130",
"vulnStatus": "Received",
"lastModified": "2023-05-03T19:07:24.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-238xx/CVE-2023-23881.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23881",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-03T16:15:10.237",
"lastModified": "2023-05-03T16:15:10.237",
"vulnStatus": "Received",
"lastModified": "2023-05-03T19:07:24.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

58
CVE-2023/CVE-2023-248xx/CVE-2023-24821.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24821",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T16:15:07.623",
"lastModified": "2023-04-24T16:52:40.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T18:16:36.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2022.10",
"matchCriteriaId": "2A1B64C3-901D-4D06-AD22-FA94E65D5024"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/9728f727e75d7d78dbfb5918e0de1b938b7b6d2c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/bd31010231f5340e21410595dd95afc86bbfd341",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-2fpr-82xr-p887",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-248xx/CVE-2023-24822.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24822",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T16:15:07.690",
"lastModified": "2023-04-24T16:52:40.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T18:37:31.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +66,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2022.10",
"matchCriteriaId": "2A1B64C3-901D-4D06-AD22-FA94E65D5024"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/639c04325de4ceb9d444955f4927bfae95843a39",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/7253e261556f252816f4a3b7c4f96fc10d642485",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-8x69-5fhj-72wh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-248xx/CVE-2023-24823.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24823",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T16:15:07.767",
"lastModified": "2023-04-24T16:52:40.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T18:41:20.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2022.10",
"matchCriteriaId": "2A1B64C3-901D-4D06-AD22-FA94E65D5024"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/4a081f86616cb5c9dd0b5d7b286da03285d1652a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/dafc397fdc3655aeb5c7b9963a43f1604c6a2062",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-jwmv-47p2-hgq2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-24xx/CVE-2023-2417.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2417",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-29T01:15:08.867",
"lastModified": "2023-05-01T10:39:42.517",
"lastModified": "2023-05-03T18:15:48.950",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -72,6 +72,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172105/Advanced-Host-Monitor-12.56-Unquoted-Service-Path.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.227714",
"source": "cna@vuldb.com"

59
CVE-2023/CVE-2023-258xx/CVE-2023-25826.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-25826",
"sourceIdentifier": "disclosure@synopsys.com",
"published": "2023-05-03T19:15:08.963",
"lastModified": "2023-05-03T19:36:47.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDue to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosure@synopsys.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "disclosure@synopsys.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/OpenTSDB/opentsdb/pull/2275",
"source": "disclosure@synopsys.com"
},
{
"url": "https://www.synopsys.com/blogs/software-security/opentsdb/",
"source": "disclosure@synopsys.com"
}
]
}

59
CVE-2023/CVE-2023-258xx/CVE-2023-25827.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-25827",
"sourceIdentifier": "disclosure@synopsys.com",
"published": "2023-05-03T19:15:10.297",
"lastModified": "2023-05-03T19:36:47.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDue to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosure@synopsys.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "disclosure@synopsys.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/OpenTSDB/opentsdb/pull/2274",
"source": "disclosure@synopsys.com"
},
{
"url": "https://www.synopsys.com/blogs/software-security/opentsdb/",
"source": "disclosure@synopsys.com"
}
]
}

4
CVE-2023/CVE-2023-259xx/CVE-2023-25967.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25967",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-03T16:15:10.480",
"lastModified": "2023-05-03T16:15:10.480",
"vulnStatus": "Received",
"lastModified": "2023-05-03T19:07:24.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-260xx/CVE-2023-26017.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26017",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-03T16:15:10.747",
"lastModified": "2023-05-03T16:15:10.747",
"vulnStatus": "Received",
"lastModified": "2023-05-03T19:07:24.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

68
CVE-2023/CVE-2023-264xx/CVE-2023-26494.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26494",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T17:15:10.693",
"lastModified": "2023-04-24T17:43:16.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T18:59:28.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,26 +66,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thethingsnetwork:lorawan-stack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.24.1",
"matchCriteriaId": "5085A9E1-E8DC-4888-BE64-BE80842C8336"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/TheThingsNetwork/lorawan-stack/blob/ecdef730f176c02f7c9afce98b0457ae64de5bfc/pkg/webui/account/views/login/index.js#L90-L90",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/TheThingsNetwork/lorawan-stack/blob/ecdef730f176c02f7c9afce98b0457ae64de5bfc/pkg/webui/account/views/token-login/index.js#L74-L74",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/TheThingsNetwork/lorawan-stack/commit/f06776028bdb3994847fc6067613dc61a2b3559e",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/TheThingsNetwork/lorawan-stack/releases/tag/v3.24.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2022-138_lorawan-stack/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-278xx/CVE-2023-27849.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-27849",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T18:15:09.400",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T18:49:02.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rails-routes-to-json_project:rails-routes-to-json:1.0.0:*:*:*:*:node.js:*:*",
"matchCriteriaId": "D0797752-2B7F-447A-806A-8241D5CA64A1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/omnitaint/Vulnerability-Reports/blob/2211ea4712f24d20b7f223fb737910fdfb041edb/reports/rails-routes-to-json/report.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.npmjs.com/package/rails-routes-to-json",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

101
CVE-2023/CVE-2023-291xx/CVE-2023-29197.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29197",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-17T22:15:09.947",
"lastModified": "2023-04-29T05:15:46.467",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-05-03T18:12:55.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,30 +66,95 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:guzzlephp:psr-7:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.1",
"matchCriteriaId": "704750B5-E610-4CDF-AE19-64DA9B537919"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:guzzlephp:psr-7:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.4.5",
"matchCriteriaId": "DB62DA3C-0E8C-4240-9238-67D584A839D3"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24775",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJANWDXJZE5BGLN4MQ4FEHV5LJ6CMKQF/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O35UN4IK6VS2LXSRWUDFWY7NI73RKY2U/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Technical Description"
]
}
]
}

89
CVE-2023/CVE-2023-295xx/CVE-2023-29566.json
View File

@ -2,31 +2,106 @@
"id": "CVE-2023-29566",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T18:15:09.550",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T19:45:48.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dawnsparks-node-tesseract_project:dawnsparks-node-tesseract:0.4.0:*:*:*:*:node.js:*:*",
"matchCriteriaId": "7CCBE808-82D3-47FB-9E5D-BC12CC953C8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dawnsparks-node-tesseract_project:dawnsparks-node-tesseract:0.4.1:*:*:*:*:node.js:*:*",
"matchCriteriaId": "05DD4114-19F6-4EBC-90F3-6E91284C0169"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:huedawn-tesseract_project:huedawn-tesseract:0.3.0:*:*:*:*:node.js:*:*",
"matchCriteriaId": "0B4DC31D-6842-476F-A204-2DBCA82C19D1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/omnitaint/Vulnerability-Reports/blob/ec3645003c7f8996459b5b24c722474adc2d599f/reports/dawnsparks-node-tesseract/report.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/rona-dinihari/dawnsparks-node-tesseract",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/rona-dinihari/dawnsparks-node-tesseract/commit/81d1664f0b9fe521534acfae1d5b9c40127b36c1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://www.npmjs.com/package/dawnsparks-node-tesseract",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-305xx/CVE-2023-30544.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30544",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T17:15:10.777",
"lastModified": "2023-04-24T17:43:16.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T18:52:51.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,18 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kiwitcms:kiwi_tcms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.2",
"matchCriteriaId": "54963FF5-B772-4EC5-A2A1-3E98D68369C8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7x6q-3v3m-cwjg",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://huntr.dev/bounties/1714df73-e639-4d64-ab25-ced82dad9f85/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/04/23/kiwi-tcms-122/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
}
]
}

72
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-03T18:00:24.489755+00:00
2023-05-03T20:00:24.416909+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-03T17:55:53+00:00
2023-05-03T19:57:57.030000+00:00
```
### Last Data Feed Release
@ -29,54 +29,46 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
214003
214005
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `2`
* [CVE-2023-23830](CVE-2023/CVE-2023-238xx/CVE-2023-23830.json) (`2023-05-03T16:15:09.717`)
* [CVE-2023-23875](CVE-2023/CVE-2023-238xx/CVE-2023-23875.json) (`2023-05-03T16:15:10.130`)
* [CVE-2023-23881](CVE-2023/CVE-2023-238xx/CVE-2023-23881.json) (`2023-05-03T16:15:10.237`)
* [CVE-2023-25967](CVE-2023/CVE-2023-259xx/CVE-2023-25967.json) (`2023-05-03T16:15:10.480`)
* [CVE-2023-26017](CVE-2023/CVE-2023-260xx/CVE-2023-26017.json) (`2023-05-03T16:15:10.747`)
* [CVE-2023-25826](CVE-2023/CVE-2023-258xx/CVE-2023-25826.json) (`2023-05-03T19:15:08.963`)
* [CVE-2023-25827](CVE-2023/CVE-2023-258xx/CVE-2023-25827.json) (`2023-05-03T19:15:10.297`)
### CVEs modified in the last Commit
Recently modified CVEs: `30`
Recently modified CVEs: `25`
* [CVE-2012-10013](CVE-2012/CVE-2012-100xx/CVE-2012-10013.json) (`2023-05-03T17:03:26.333`)
* [CVE-2012-10014](CVE-2012/CVE-2012-100xx/CVE-2012-10014.json) (`2023-05-03T17:00:58.130`)
* [CVE-2022-24249](CVE-2022/CVE-2022-242xx/CVE-2022-24249.json) (`2023-05-03T16:48:21.923`)
* [CVE-2022-27145](CVE-2022/CVE-2022-271xx/CVE-2022-27145.json) (`2023-05-03T16:48:11.460`)
* [CVE-2022-29609](CVE-2022/CVE-2022-296xx/CVE-2022-29609.json) (`2023-05-03T17:55:53.000`)
* [CVE-2022-29944](CVE-2022/CVE-2022-299xx/CVE-2022-29944.json) (`2023-05-03T17:27:22.773`)
* [CVE-2023-2251](CVE-2023/CVE-2023-22xx/CVE-2023-2251.json) (`2023-05-03T17:26:16.587`)
* [CVE-2023-22918](CVE-2023/CVE-2023-229xx/CVE-2023-22918.json) (`2023-05-03T16:58:15.893`)
* [CVE-2023-2307](CVE-2023/CVE-2023-23xx/CVE-2023-2307.json) (`2023-05-03T16:41:14.190`)
* [CVE-2023-2345](CVE-2023/CVE-2023-23xx/CVE-2023-2345.json) (`2023-05-03T16:59:03.360`)
* [CVE-2023-2346](CVE-2023/CVE-2023-23xx/CVE-2023-2346.json) (`2023-05-03T16:58:35.860`)
* [CVE-2023-2347](CVE-2023/CVE-2023-23xx/CVE-2023-2347.json) (`2023-05-03T16:58:18.770`)
* [CVE-2023-2348](CVE-2023/CVE-2023-23xx/CVE-2023-2348.json) (`2023-05-03T16:57:42.023`)
* [CVE-2023-24819](CVE-2023/CVE-2023-248xx/CVE-2023-24819.json) (`2023-05-03T16:12:07.527`)
* [CVE-2023-24820](CVE-2023/CVE-2023-248xx/CVE-2023-24820.json) (`2023-05-03T16:27:55.537`)
* [CVE-2023-26059](CVE-2023/CVE-2023-260xx/CVE-2023-26059.json) (`2023-05-03T16:06:54.337`)
* [CVE-2023-26930](CVE-2023/CVE-2023-269xx/CVE-2023-26930.json) (`2023-05-03T16:49:07.453`)
* [CVE-2023-26931](CVE-2023/CVE-2023-269xx/CVE-2023-26931.json) (`2023-05-03T16:48:11.660`)
* [CVE-2023-26934](CVE-2023/CVE-2023-269xx/CVE-2023-26934.json) (`2023-05-03T16:47:27.773`)
* [CVE-2023-26935](CVE-2023/CVE-2023-269xx/CVE-2023-26935.json) (`2023-05-03T16:46:40.757`)
* [CVE-2023-26936](CVE-2023/CVE-2023-269xx/CVE-2023-26936.json) (`2023-05-03T16:46:25.367`)
* [CVE-2023-26937](CVE-2023/CVE-2023-269xx/CVE-2023-26937.json) (`2023-05-03T16:45:53.083`)
* [CVE-2023-26938](CVE-2023/CVE-2023-269xx/CVE-2023-26938.json) (`2023-05-03T16:45:10.690`)
* [CVE-2023-29479](CVE-2023/CVE-2023-294xx/CVE-2023-29479.json) (`2023-05-03T16:56:35.370`)
* [CVE-2023-29480](CVE-2023/CVE-2023-294xx/CVE-2023-29480.json) (`2023-05-03T17:11:10.983`)
* [CVE-2023-30210](CVE-2023/CVE-2023-302xx/CVE-2023-30210.json) (`2023-05-03T16:41:53.360`)
* [CVE-2023-30211](CVE-2023/CVE-2023-302xx/CVE-2023-30211.json) (`2023-05-03T16:41:39.160`)
* [CVE-2023-30212](CVE-2023/CVE-2023-302xx/CVE-2023-30212.json) (`2023-05-03T16:38:41.690`)
* [CVE-2023-30338](CVE-2023/CVE-2023-303xx/CVE-2023-30338.json) (`2023-05-03T16:57:02.093`)
* [CVE-2023-30613](CVE-2023/CVE-2023-306xx/CVE-2023-30613.json) (`2023-05-03T17:24:05.977`)
* [CVE-2022-28354](CVE-2022/CVE-2022-283xx/CVE-2022-28354.json) (`2023-05-03T19:30:39.513`)
* [CVE-2022-29607](CVE-2022/CVE-2022-296xx/CVE-2022-29607.json) (`2023-05-03T19:57:57.030`)
* [CVE-2022-29608](CVE-2022/CVE-2022-296xx/CVE-2022-29608.json) (`2023-05-03T18:02:12.230`)
* [CVE-2023-0276](CVE-2023/CVE-2023-02xx/CVE-2023-0276.json) (`2023-05-03T19:26:53.357`)
* [CVE-2023-0388](CVE-2023/CVE-2023-03xx/CVE-2023-0388.json) (`2023-05-03T19:26:23.583`)
* [CVE-2023-0418](CVE-2023/CVE-2023-04xx/CVE-2023-0418.json) (`2023-05-03T19:17:58.380`)
* [CVE-2023-0420](CVE-2023/CVE-2023-04xx/CVE-2023-0420.json) (`2023-05-03T19:08:13.010`)
* [CVE-2023-0424](CVE-2023/CVE-2023-04xx/CVE-2023-0424.json) (`2023-05-03T19:08:32.230`)
* [CVE-2023-1414](CVE-2023/CVE-2023-14xx/CVE-2023-1414.json) (`2023-05-03T19:06:04.720`)
* [CVE-2023-1623](CVE-2023/CVE-2023-16xx/CVE-2023-1623.json) (`2023-05-03T19:10:02.387`)
* [CVE-2023-2260](CVE-2023/CVE-2023-22xx/CVE-2023-2260.json) (`2023-05-03T19:52:26.697`)
* [CVE-2023-23830](CVE-2023/CVE-2023-238xx/CVE-2023-23830.json) (`2023-05-03T19:07:24.620`)
* [CVE-2023-23875](CVE-2023/CVE-2023-238xx/CVE-2023-23875.json) (`2023-05-03T19:07:24.620`)
* [CVE-2023-23881](CVE-2023/CVE-2023-238xx/CVE-2023-23881.json) (`2023-05-03T19:07:24.620`)
* [CVE-2023-2417](CVE-2023/CVE-2023-24xx/CVE-2023-2417.json) (`2023-05-03T18:15:48.950`)
* [CVE-2023-24821](CVE-2023/CVE-2023-248xx/CVE-2023-24821.json) (`2023-05-03T18:16:36.500`)
* [CVE-2023-24822](CVE-2023/CVE-2023-248xx/CVE-2023-24822.json) (`2023-05-03T18:37:31.537`)
* [CVE-2023-24823](CVE-2023/CVE-2023-248xx/CVE-2023-24823.json) (`2023-05-03T18:41:20.233`)
* [CVE-2023-25967](CVE-2023/CVE-2023-259xx/CVE-2023-25967.json) (`2023-05-03T19:07:24.620`)
* [CVE-2023-26017](CVE-2023/CVE-2023-260xx/CVE-2023-26017.json) (`2023-05-03T19:07:24.620`)
* [CVE-2023-26494](CVE-2023/CVE-2023-264xx/CVE-2023-26494.json) (`2023-05-03T18:59:28.997`)
* [CVE-2023-27849](CVE-2023/CVE-2023-278xx/CVE-2023-27849.json) (`2023-05-03T18:49:02.067`)
* [CVE-2023-29197](CVE-2023/CVE-2023-291xx/CVE-2023-29197.json) (`2023-05-03T18:12:55.620`)
* [CVE-2023-29566](CVE-2023/CVE-2023-295xx/CVE-2023-29566.json) (`2023-05-03T19:45:48.853`)
* [CVE-2023-30544](CVE-2023/CVE-2023-305xx/CVE-2023-30544.json) (`2023-05-03T18:52:51.757`)
## Download and Usage