admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-04T20:00:29.394433+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-04 20:00:32 +00:00
parent 937cc80b2d
commit c34ac377a8
76 changed files with 3690 additions and 249 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2018/CVE-2018-194xx/CVE-2018-19422.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-19422",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-11-21T21:29:00.313",
"lastModified": "2021-05-26T13:36:54.197",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T18:15:10.417",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -102,6 +102,10 @@
"VDB Entry"
]
},
{
"url": "http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/intelliants/subrion/issues/801",
"source": "cve@mitre.org",

19
CVE-2018/CVE-2018-250xx/CVE-2018-25032.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-25032",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-03-25T09:15:08.187",
"lastModified": "2023-04-27T17:50:02.350",
"lastModified": "2023-08-04T18:48:09.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -737,6 +737,23 @@
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:goto:gotoassist:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.9.18",
"matchCriteriaId": "BB7FB2D7-6D53-4D9C-865A-4DFC8BC82218"
}
]
}
]
}
],
"references": [

65
CVE-2020/CVE-2020-218xx/CVE-2020-21881.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-21881",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T14:15:09.957",
"lastModified": "2023-07-31T14:45:51.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:29:02.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:duxcms_project:duxcms:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5ECDBA01-F06D-4772-AFDB-8F5BAB85246A"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/annyshow/DuxCMS2.1/issues/I183GG",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

74
CVE-2022/CVE-2022-24xx/CVE-2022-2416.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2416",
"sourceIdentifier": "security@octopus.com",
"published": "2023-08-02T06:15:10.140",
"lastModified": "2023-08-02T13:30:34.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:42:44.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@octopus.com",
"type": "Secondary",
@ -34,10 +54,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2019.4.0",
"versionEndExcluding": "2022.4.9997",
"matchCriteriaId": "02B7D13C-12AD-426C-AA37-BD37F6F53BC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.1.4189",
"versionEndExcluding": "2023.1.10235",
"matchCriteriaId": "B9BE8C35-62C6-43A9-9D88-AC27A4BCB7AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.2.2028",
"versionEndExcluding": "2023.2.10545",
"matchCriteriaId": "62D21CB5-F72D-4C81-897E-E2C5164A5CB7"
}
]
}
]
}
],
"references": [
{
"url": "https://advisories.octopus.com/post/2023/sa2023-11/",
"source": "security@octopus.com"
"source": "security@octopus.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2022/CVE-2022-414xx/CVE-2022-41401.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41401",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T17:15:09.583",
"lastModified": "2023-08-04T17:15:09.583",
"vulnStatus": "Received",
"lastModified": "2023-08-04T18:53:28.627",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2022/CVE-2022-437xx/CVE-2022-43712.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2022-43712",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-26T14:15:09.880",
"lastModified": "2023-07-26T19:28:30.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:39:49.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gxsoftware:xperiencentral:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.36.0",
"matchCriteriaId": "6D1516A6-66C5-477C-9363-DF39884BCECC"
}
]
}
]
}
],
"references": [
{
"url": "https://service.gxsoftware.com/hc/en-us/articles/4717373636381-Vulnerability-in-Spring-core-Spring4Shell-",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://service.gxsoftware.com/hc/nl/articles/12208173122461",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

77
CVE-2022/CVE-2022-469xx/CVE-2022-46902.json
View File

@ -2,23 +2,90 @@
"id": "CVE-2022-46902",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T20:15:13.227",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:19:48.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vocera:report_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.8.0.135",
"matchCriteriaId": "61B697DE-2326-4850-B92B-363CA5CEA015"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vocera:voice_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.8.0.135",
"matchCriteriaId": "C24A19CF-9202-43AE-A82C-EF80E4BABAFD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.stryker.com/us/en/about/governance/cyber-security/product-security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-02xx/CVE-2023-0264.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-0264",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-04T18:15:11.090",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability."
}
],
"metrics": {},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-0264",
"source": "secalert@redhat.com"
}
]
}

98
CVE-2023/CVE-2023-06xx/CVE-2023-0632.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0632",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-08-02T00:15:16.163",
"lastModified": "2023-08-02T13:30:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:02:54.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +76,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.2",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "42FDC222-8F8F-43D7-8E8A-0924345E3085"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.2",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "B8B268E0-D27B-46F2-AC29-EAA56BCDC5E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "5866BCA4-7C2D-4808-84FE-310E5D23454F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "F3157827-C742-45E6-B301-AD19559B1990"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "B5F4AA39-7E7A-4BF9-BF67-A7317308314A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "08D3BB71-01AC-47D7-ADD8-9D4EF67E66ED"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/390148",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/1852677",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

77
CVE-2023/CVE-2023-12xx/CVE-2023-1210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1210",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-08-02T00:15:16.430",
"lastModified": "2023-08-02T13:30:34.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:08:22.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +76,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.9",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "C8A2AFFB-9F5E-4AFE-AB72-F6FB839F4D62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "3D0B2324-59E8-4149-A9C4-F3A3BAD537BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "B6919591-CF6C-4E0C-9CD1-54932E43706E"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/394775",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/1884672",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

98
CVE-2023/CVE-2023-21xx/CVE-2023-2164.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2164",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-08-02T00:15:16.683",
"lastModified": "2023-08-02T13:30:34.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:10:09.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +76,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.9",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "FFD938FB-5A38-41C5-AA6E-01AB91BF26A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.9",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "E55AA8A4-B949-4500-B094-4C87970AA259"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "5866BCA4-7C2D-4808-84FE-310E5D23454F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "F3157827-C742-45E6-B301-AD19559B1990"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "B5F4AA39-7E7A-4BF9-BF67-A7317308314A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "08D3BB71-01AC-47D7-ADD8-9D4EF67E66ED"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407783",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/1940598",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

80
CVE-2023/CVE-2023-269xx/CVE-2023-26911.json
View File

@ -2,27 +2,95 @@
"id": "CVE-2023-26911",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-26T14:15:10.283",
"lastModified": "2023-07-26T19:28:23.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:40:21.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-428"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:asus:armoury_crate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.3.4.0",
"matchCriteriaId": "15E195AD-C257-44D8-BF03-35DF7B4E1093"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:asus:setupasusservices:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.5.1",
"matchCriteriaId": "A4B49657-7E92-47A4-BBF5-F56BD3E9E9F5"
}
]
}
]
}
],
"references": [
{
"url": "http://asus.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://setupasusservices.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://irradiate.com.au/blog/CVE-2023-26911",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-27xx/CVE-2023-2796.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2796",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-10T16:15:51.497",
"lastModified": "2023-07-14T17:59:53.733",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T18:15:11.343",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -36,7 +36,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
@ -46,7 +46,7 @@
]
},
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@ -75,6 +75,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173984/WordPress-EventON-Calendar-4.4-Insecure-Direct-Object-Reference.html",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/e9ef793c-e5a3-4c55-beee-56b0909f7a0d",
"source": "contact@wpscan.com",

73
CVE-2023/CVE-2023-326xx/CVE-2023-32637.json
View File

@ -2,27 +2,88 @@
"id": "CVE-2023-32637",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-07-25T06:15:10.893",
"lastModified": "2023-07-25T13:00:59.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:47:56.880",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gbrowse_project:gbrowse:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C23F9A9-BAC9-4D56-BED5-8759D14C43E8"
}
]
}
]
}
],
"references": [
{
"url": "http://gmod.org/wiki/GBrowse",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
},
{
"url": "https://jbrowse.org/jb2/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Not Applicable"
]
},
{
"url": "https://jvn.jp/en/jp/JVN35897618/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-32xx/CVE-2023-3219.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3219",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-10T16:15:55.250",
"lastModified": "2023-07-18T17:52:52.883",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T18:15:16.360",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -36,7 +36,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
@ -46,7 +46,7 @@
]
},
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@ -75,6 +75,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173992/WordPress-EventON-Calendar-4.4-Insecure-Direct-Object-Reference.html",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/72d80887-0270-4987-9739-95b1a178c1fd",
"source": "contact@wpscan.com",

24
CVE-2023/CVE-2023-333xx/CVE-2023-33372.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33372",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:11.883",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication."
}
],
"metrics": {},
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33372",
"source": "cve@mitre.org"
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-333xx/CVE-2023-33373.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33373",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:12.050",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices."
}
],
"metrics": {},
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33373",
"source": "cve@mitre.org"
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-333xx/CVE-2023-33374.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33374",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:12.183",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution."
}
],
"metrics": {},
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33374",
"source": "cve@mitre.org"
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-333xx/CVE-2023-33375.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33375",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:12.343",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices."
}
],
"metrics": {},
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33375",
"source": "cve@mitre.org"
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-333xx/CVE-2023-33376.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33376",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:12.503",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices."
}
],
"metrics": {},
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33376",
"source": "cve@mitre.org"
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-333xx/CVE-2023-33377.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33377",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:12.647",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices."
}
],
"metrics": {},
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33377",
"source": "cve@mitre.org"
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-333xx/CVE-2023-33378.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33378",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:12.783",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices."
}
],
"metrics": {},
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33378",
"source": "cve@mitre.org"
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-333xx/CVE-2023-33379.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33379",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:12.937",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices."
}
],
"metrics": {},
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33379",
"source": "cve@mitre.org"
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-333xx/CVE-2023-33383.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33383",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-02T14:15:10.637",
"lastModified": "2023-08-02T16:55:04.307",
"lastModified": "2023-08-04T18:15:13.120",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/173954/Shelly-PRO-4PM-0.11.0-Authentication-Bypass.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability",
"source": "cve@mitre.org"

98
CVE-2023/CVE-2023-33xx/CVE-2023-3364.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3364",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-08-02T00:15:18.467",
"lastModified": "2023-08-02T13:30:34.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:12:09.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +76,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "8.14",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "96C16180-BCE3-49C6-8802-7B4AAA6438EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "8.14",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "CC5FEFB6-F11C-4BAA-8A53-29B563F0B234"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "5866BCA4-7C2D-4808-84FE-310E5D23454F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "F3157827-C742-45E6-B301-AD19559B1990"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "B5F4AA39-7E7A-4BF9-BF67-A7317308314A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "08D3BB71-01AC-47D7-ADD8-9D4EF67E66ED"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415995",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/1959727",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

98
CVE-2023/CVE-2023-33xx/CVE-2023-3385.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3385",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-08-02T00:15:18.690",
"lastModified": "2023-08-02T13:30:34.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:19:04.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +76,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "8.10",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "464745AD-160C-49DD-926D-50839EAEB751"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "8.10",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "42A815DE-E4CE-471C-9C2F-E75EF5F6E276"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "5866BCA4-7C2D-4808-84FE-310E5D23454F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "F3157827-C742-45E6-B301-AD19559B1990"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "B5F4AA39-7E7A-4BF9-BF67-A7317308314A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "08D3BB71-01AC-47D7-ADD8-9D4EF67E66ED"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416161",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2032730",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

84
CVE-2023/CVE-2023-346xx/CVE-2023-34634.json
View File

@ -2,31 +2,101 @@
"id": "CVE-2023-34634",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T14:15:10.070",
"lastModified": "2023-08-01T15:25:40.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:13:01.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:greenshot:greenshot:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.2.10",
"matchCriteriaId": "1CD90A22-85D2-427A-83C0-282C226F9735"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173825/GreenShot-1.2.10-Arbitrary-Code-Execution.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/greenshot/greenshot/commit/a152e2883fca7f78051b3bd6b1e5cc57355cb44c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://greenshot.atlassian.net/browse/BUG-3061",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/51633",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

77
CVE-2023/CVE-2023-346xx/CVE-2023-34635.json
View File

@ -2,23 +2,90 @@
"id": "CVE-2023-34635",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T14:15:10.273",
"lastModified": "2023-07-31T14:45:51.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:52:54.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wifi-soft:unibox_administration:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53455FE6-C75A-4A74-91C6-46D2112B8EDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wifi-soft:unibox_administration:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "358B7BEA-F624-4679-821E-D300DDAB1449"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173669/Wifi-Soft-Unibox-Administration-3.0-3.1-SQL-Injection.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.exploit-db.com/exploits/51610",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2023/CVE-2023-348xx/CVE-2023-34842.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-34842",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T14:15:10.373",
"lastModified": "2023-07-31T14:45:51.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:49:11.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.7.109",
"matchCriteriaId": "46619FD4-CE48-4B19-83FF-D8B6560DD5F6"
}
]
}
]
}
],
"references": [
{
"url": "http://dedecms.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.dedecms.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

71
CVE-2023/CVE-2023-348xx/CVE-2023-34872.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2023-34872",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T14:15:10.427",
"lastModified": "2023-07-31T14:45:51.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:43:26.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.06.0",
"matchCriteriaId": "D2AEC600-C354-4873-8CC7-17C3337D6E7D"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-350xx/CVE-2023-35067.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35067",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-07-25T07:15:10.770",
"lastModified": "2023-07-25T13:00:59.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:28:02.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +76,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:infodrom:e-invoice_approval_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230701",
"matchCriteriaId": "6C5757C1-23EE-4408-B8B6-B859EE58F62E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0419",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-350xx/CVE-2023-35078.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-35078",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-07-25T07:15:10.897",
"lastModified": "2023-07-25T13:00:59.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:30:34.503",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-07-25",
"cisaActionDue": "2023-08-15",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability",
"descriptions": [
{
"lang": "en",
@ -12,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "support@hackerone.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "support@hackerone.com",
"type": "Secondary",
@ -46,22 +80,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.10",
"matchCriteriaId": "1AADBE71-2697-49C9-8FC1-B77B700980AE"
}
]
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-350xx/CVE-2023-35086.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35086",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-07-21T07:15:10.143",
"lastModified": "2023-07-21T12:52:26.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:28:40.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A1AA3F-0CCF-41B0-B8D7-2D72D82C0261"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:asus:rt-ax56u_v2_firmware:3.0.0.4.386_50460:*:*:*:*:*:*:*",
"matchCriteriaId": "7201F0D9-5111-414B-8756-3B36838193CD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:asus:rt-ax56u_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFFF5EF7-E4EC-4DA0-82B4-9996087B951F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7240-a5f96-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

98
CVE-2023/CVE-2023-35xx/CVE-2023-3500.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3500",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-08-02T01:15:09.520",
"lastModified": "2023-08-02T13:30:34.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:13:10.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +76,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "10.0",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "33EFD75A-D814-4EAE-A197-66A761D713AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "10.0",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "B3CAAD60-BA19-456F-B81D-275DFE3BE09C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "5866BCA4-7C2D-4808-84FE-310E5D23454F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "F3157827-C742-45E6-B301-AD19559B1990"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "B5F4AA39-7E7A-4BF9-BF67-A7317308314A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "08D3BB71-01AC-47D7-ADD8-9D4EF67E66ED"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416902",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2010926",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

12
CVE-2023/CVE-2023-35xx/CVE-2023-3519.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-3519",
"sourceIdentifier": "secure@citrix.com",
"published": "2023-07-19T18:15:11.513",
"lastModified": "2023-07-19T20:29:47.537",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T18:15:17.077",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-07-19",
"cisaActionDue": "2023-08-09",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability",
"descriptions": [
{
"lang": "en",
@ -143,6 +147,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html",
"source": "secure@citrix.com"
},
{
"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
"source": "secure@citrix.com",

56
CVE-2023/CVE-2023-372xx/CVE-2023-37217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37217",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-07-30T11:15:09.787",
"lastModified": "2023-07-31T12:54:52.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:56:57.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@ -46,10 +76,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tadirantele:aeonix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03E1036A-77E1-40C5-8F75-A3676F9A6F82"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
"source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
}
]
}

35
CVE-2023/CVE-2023-372xx/CVE-2023-37292.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37292",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-07-21T05:15:15.393",
"lastModified": "2023-07-21T12:52:26.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:28:00.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hgiga:isherlock:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.5-174",
"matchCriteriaId": "73E6E0F8-55E5-4420-9953-08A90BDAEAFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hgiga:isherlock:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.5-174",
"matchCriteriaId": "A02C6745-CF33-47AC-ADC4-F1F9D5272FFC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7239-8fc29-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-379xx/CVE-2023-37919.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37919",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-25T21:15:10.733",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:59:11.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When activating 2FA on a Cal.com account that is logged in on two or more devices, the account stays logged in on the other device(s) stays logged in without having to verify the account owner's identity. As of time of publication, no known patches or workarounds exist."
},
{
"lang": "es",
"value": "Cal.com es un software de programaci\u00f3n de eventos de c\u00f3digo abierto. Una vulnerabilidad permite que las sesiones activas asociadas a una cuenta permanezcan activas incluso despu\u00e9s de activar 2FA. Al activar 2FA en una cuenta de Cal.com que est\u00e1 conectada en dos o m\u00e1s dispositivos, la cuenta permanece conectada en el otro dispositivo u otros dispositivos sin tener que verificar la identidad del propietario de la cuenta. En el momento de la publicaci\u00f3n, no se conocen parches ni soluciones. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cal:cal.com:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1.4",
"matchCriteriaId": "C023153C-BBF1-4AED-84C4-E27DC1CFD62F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/calcom/cal.com/security/advisories/GHSA-cpf2-q635-xrwx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-379xx/CVE-2023-37979.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37979",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-27T15:15:11.507",
"lastModified": "2023-08-03T13:26:00.007",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T18:15:13.377",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -85,6 +85,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173983/WordPress-Ninja-Forms-3.6.25-Cross-Site-Scripting.html",
"source": "audit@patchstack.com"
},
{
"url": "https://patchstack.com/articles/multiple-high-severity-vulnerabilities-in-ninja-forms-plugin?_s_id=cve",
"source": "audit@patchstack.com",

14
CVE-2023/CVE-2023-380xx/CVE-2023-38057.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38057",
"sourceIdentifier": "security@otrs.com",
"published": "2023-07-24T09:15:09.927",
"lastModified": "2023-08-01T17:34:41.557",
"lastModified": "2023-08-04T18:48:27.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,24 +85,24 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
"criteria": "cpe:2.3:a:otrs:survey:*:*:*:*:community:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.22",
"matchCriteriaId": "B78B02C9-56F4-4804-A6A4-F055D3B29715"
"matchCriteriaId": "2C028891-8D6D-487A-B1A8-F7635C679067"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:a:otrs:survey:*:*:*:*:-:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.32",
"matchCriteriaId": "739A97E5-914C-46EC-BDDE-36264E78AD69"
"matchCriteriaId": "1DA2C542-3BDD-4E5C-870B-C9FE32BE6B70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:*",
"criteria": "cpe:2.3:a:otrs:survey:*:*:*:*:-:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.0.13",
"matchCriteriaId": "C9322399-2DA5-4553-8139-E9E265AB514E"
"matchCriteriaId": "223E24C7-C368-4822-9BDF-BF5403113847"
}
]
}

24
CVE-2023/CVE-2023-383xx/CVE-2023-38332.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38332",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:13.910",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure."
}
],
"metrics": {},
"references": [
{
"url": "https://manageengine.com",
"source": "cve@mitre.org"
},
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38332.html",
"source": "cve@mitre.org"
}
]
}

78
CVE-2023/CVE-2023-383xx/CVE-2023-38357.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-38357",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T15:15:09.703",
"lastModified": "2023-08-01T15:25:40.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:43:48.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-331"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.8.0",
"matchCriteriaId": "E01EFB94-C965-48E4-8576-CF58DF9A9949"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173609/RWS-WorldServer-11.7.3-Session-Token-Enumeration.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/30",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-001/-session-token-enumeration-in-rws-worldserver",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-386xx/CVE-2023-38688.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38688",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T17:15:10.097",
"lastModified": "2023-08-04T17:15:10.097",
"vulnStatus": "Received",
"lastModified": "2023-08-04T18:53:28.627",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-386xx/CVE-2023-38689.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38689",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T17:15:10.563",
"lastModified": "2023-08-04T17:15:10.563",
"vulnStatus": "Received",
"lastModified": "2023-08-04T18:53:28.627",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-386xx/CVE-2023-38690.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38690",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T17:15:10.783",
"lastModified": "2023-08-04T17:15:10.783",
"vulnStatus": "Received",
"lastModified": "2023-08-04T18:53:28.627",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-386xx/CVE-2023-38691.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38691",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T17:15:11.063",
"lastModified": "2023-08-04T17:15:11.063",
"vulnStatus": "Received",
"lastModified": "2023-08-04T18:53:28.627",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-386xx/CVE-2023-38692.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-38692",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T18:15:14.203",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/management-center/backend/src/main/java/com/fit2cloud/controller/ModuleManageController.java",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-7wrc-f42m-9v5w",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-386xx/CVE-2023-38695.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-38695",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T18:15:14.667",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/simonsmith/cypress-image-snapshot/commit/ef49519795daf5183f4fac6f3136e194f20f39f4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/simonsmith/cypress-image-snapshot/issues/15",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/simonsmith/cypress-image-snapshot/releases/tag/8.0.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/simonsmith/cypress-image-snapshot/security/advisories/GHSA-vxjg-hchx-cc4g",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-386xx/CVE-2023-38697.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-38697",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T18:15:15.010",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn't contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://github.com/socketry/protocol-http1/commit/e11fc164fd2b36f7b7e785e69fa8859eb06bcedd",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/socketry/protocol-http1/pull/20",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/socketry/protocol-http1/security/advisories/GHSA-6jwc-qr2q-7xwj",
"source": "security-advisories@github.com"
},
{
"url": "https://www.rfc-editor.org/rfc/rfc9112#name-chunked-transfer-coding",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-386xx/CVE-2023-38698.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-38698",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T18:15:15.637",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22.\n\nIf successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost.\n\nVersion 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-386xx/CVE-2023-38699.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-38699",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T18:15:15.797",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
}
],
"references": [
{
"url": "https://github.com/mindsdb/mindsdb/commit/083afcf6567cf51aa7d89ea892fd97689919053b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mindsdb/mindsdb/releases/tag/v23.7.4.0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-8hx6-qv6f-xgcw",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-387xx/CVE-2023-38700.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-38700",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T19:15:09.697",
"lastModified": "2023-08-04T19:15:09.697",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/matrix-org/matrix-appservice-irc/commit/8bbd2b69a16cbcbeffdd9b5c973fd89d61498d75",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/matrix-org/matrix-appservice-irc/releases/tag/1.0.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c7hh-3v6c-fj4q",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-387xx/CVE-2023-38702.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38702",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T19:15:10.080",
"lastModified": "2023-08-04T19:15:10.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to `/knowageqbeengine/foo.jsp` to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the `knowageqbeengine` directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fc",
"source": "security-advisories@github.com"
}
]
}

15
CVE-2023/CVE-2023-387xx/CVE-2023-38707.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-38707",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T19:15:10.300",
"lastModified": "2023-08-04T19:15:10.300",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** This CVE has been rejected because of [CNA rule 7.4.7](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_7_assignment_rules):\r\n```\r\n7.4.7 CNAs SHOULD NOT assign CVE IDs to vulnerabilities in products that are not publicly available or licensable.\r\n```\r\nThe repository with the vulnerable code is private, and therefore the product is not publicly available."
}
],
"metrics": {},
"references": []
}

28
CVE-2023/CVE-2023-391xx/CVE-2023-39107.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-39107",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:16.263",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks."
}
],
"metrics": {},
"references": [
{
"url": "https://kb.nomachine.com/SU07U00247",
"source": "cve@mitre.org"
},
{
"url": "https://kb.nomachine.com/TR07U10948",
"source": "cve@mitre.org"
},
{
"url": "https://www.ns-echo.com/posts/nomachine_afo.html",
"source": "cve@mitre.org"
}
]
}

64
CVE-2023/CVE-2023-391xx/CVE-2023-39108.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-39108",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T14:15:10.137",
"lastModified": "2023-08-01T15:25:40.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:07:59.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rconfig:rconfig:3.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529174-50B3-491D-BEA0-5A0EC8BF45B6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_path_b.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-391xx/CVE-2023-39109.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-39109",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T14:15:10.193",
"lastModified": "2023-08-01T15:25:40.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:07:54.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rconfig:rconfig:3.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529174-50B3-491D-BEA0-5A0EC8BF45B6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_path_a.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-391xx/CVE-2023-39110.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-39110",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T14:15:10.247",
"lastModified": "2023-08-01T15:25:40.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:07:39.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rconfig:rconfig:3.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529174-50B3-491D-BEA0-5A0EC8BF45B6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_%20ajaxGetFileByPath.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-391xx/CVE-2023-39112.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39112",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T17:15:11.300",
"lastModified": "2023-08-04T17:15:11.300",
"vulnStatus": "Received",
"lastModified": "2023-08-04T18:53:28.627",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-391xx/CVE-2023-39143.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39143",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T17:15:11.510",
"lastModified": "2023-08-04T17:15:11.510",
"vulnStatus": "Received",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-395xx/CVE-2023-39551.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39551",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T19:15:10.390",
"lastModified": "2023-08-04T19:15:10.390",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-395xx/CVE-2023-39552.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39552",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T19:15:10.547",
"lastModified": "2023-08-04T19:15:10.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to Cross-Site Scripting (XSS)."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md",
"source": "cve@mitre.org"
}
]
}

84
CVE-2023/CVE-2023-39xx/CVE-2023-3900.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3900",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-08-02T01:15:09.607",
"lastModified": "2023-08-02T13:30:34.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:20:38.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +76,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "5866BCA4-7C2D-4808-84FE-310E5D23454F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "F3157827-C742-45E6-B301-AD19559B1990"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "B5F4AA39-7E7A-4BF9-BF67-A7317308314A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "08D3BB71-01AC-47D7-ADD8-9D4EF67E66ED"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418770",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2058514",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

93
CVE-2023/CVE-2023-39xx/CVE-2023-3993.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3993",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-08-02T01:15:09.690",
"lastModified": "2023-08-02T13:30:34.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:23:32.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,10 +76,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "14.3",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "B99C90C5-9A45-49BB-83F2-D23633449084"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "14.3",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "FB8EB90A-C474-4EDB-BD23-7E8073647693"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "5866BCA4-7C2D-4808-84FE-310E5D23454F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "F3157827-C742-45E6-B301-AD19559B1990"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "B5F4AA39-7E7A-4BF9-BF67-A7317308314A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "08D3BB71-01AC-47D7-ADD8-9D4EF67E66ED"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409570",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
}
]
}

98
CVE-2023/CVE-2023-39xx/CVE-2023-3994.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3994",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-08-02T01:15:09.773",
"lastModified": "2023-08-02T13:30:34.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:21:59.443",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +76,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "9.3",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "3F7DB54F-5D96-480D-BD9F-DEA5B6DBB088"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "9.3",
"versionEndExcluding": "16.0.8",
"matchCriteriaId": "D855EB5B-6592-4DEB-BA47-B40A808A1616"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "5866BCA4-7C2D-4808-84FE-310E5D23454F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.1.3",
"matchCriteriaId": "F3157827-C742-45E6-B301-AD19559B1990"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "B5F4AA39-7E7A-4BF9-BF67-A7317308314A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "08D3BB71-01AC-47D7-ADD8-9D4EF67E66ED"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416225",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/1963255",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

65
CVE-2023/CVE-2023-40xx/CVE-2023-4011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4011",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-08-02T06:15:11.523",
"lastModified": "2023-08-02T13:30:30.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:45:30.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,10 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.11",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "C638D3E0-9C3B-4F09-8F29-F9458A7969E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.11",
"versionEndExcluding": "16.2.2",
"matchCriteriaId": "83F067C5-B12E-4984-A7FB-74D79CFFAA1D"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409367",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
}
]
}

111
CVE-2023/CVE-2023-40xx/CVE-2023-4048.json
View File

@ -2,35 +2,130 @@
"id": "CVE-2023-4048",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-08-01T15:15:09.967",
"lastModified": "2023-08-04T04:15:19.780",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-04T18:51:34.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0",
"matchCriteriaId": "C6C6420C-0883-4585-A655-4C470029CB85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "102.14",
"matchCriteriaId": "D9B0541D-B079-435B-9357-9E61EF0B5069"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1841368",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5464",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-30/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-31/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-40xx/CVE-2023-4051.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-4051",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-08-01T15:15:10.147",
"lastModified": "2023-08-01T15:25:40.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:57:00.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0",
"matchCriteriaId": "C6C6420C-0883-4585-A655-4C470029CB85"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821884",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-40xx/CVE-2023-4052.json
View File

@ -2,27 +2,96 @@
"id": "CVE-2023-4052",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-08-01T15:15:10.207",
"lastModified": "2023-08-01T15:25:40.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:54:50.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. \n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0",
"matchCriteriaId": "C6C6420C-0883-4585-A655-4C470029CB85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.1",
"matchCriteriaId": "FF490ED7-CADC-4553-8A66-ED8B4EB18034"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1824420",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-31/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-40xx/CVE-2023-4053.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-4053",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-08-01T15:15:10.267",
"lastModified": "2023-08-01T15:25:40.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T19:00:39.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0",
"matchCriteriaId": "C6C6420C-0883-4585-A655-4C470029CB85"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1839079",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

110
CVE-2023/CVE-2023-40xx/CVE-2023-4056.json
View File

@ -2,35 +2,129 @@
"id": "CVE-2023-4056",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-08-01T16:15:10.020",
"lastModified": "2023-08-04T04:15:21.797",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-04T18:47:11.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0",
"matchCriteriaId": "C6C6420C-0883-4585-A655-4C470029CB85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "102.14",
"matchCriteriaId": "D9B0541D-B079-435B-9357-9E61EF0B5069"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5464",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-30/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-31/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-40xx/CVE-2023-4057.json
View File

@ -2,27 +2,96 @@
"id": "CVE-2023-4057",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-08-01T16:15:10.080",
"lastModified": "2023-08-01T16:43:18.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T18:44:39.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0",
"matchCriteriaId": "C6C6420C-0883-4585-A655-4C470029CB85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.1",
"matchCriteriaId": "FF490ED7-CADC-4553-8A66-ED8B4EB18034"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1841682",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-29/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-31/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-41xx/CVE-2023-4157.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4157",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-04T18:15:17.547",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/omeka/omeka-s/commit/8b72619d9731b32dd21ab6dcaa01ccc3bbf0db63",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/abc3521b-1238-4c4e-97f1-2957db670014",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-41xx/CVE-2023-4158.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4158",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-04T18:15:17.873",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/omeka/omeka-s/commit/2a7fb26452167c8a1d95f207ae5328c6b1b0fcf8",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/e0e462ae-d7cb-4a84-b6fe-5f5de20e3d15",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-41xx/CVE-2023-4159.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4159",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-04T18:15:18.077",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/omeka/omeka-s/commit/2a7fb26452167c8a1d95f207ae5328c6b1b0fcf8",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/e2e2365e-6a5f-4ca4-9ef1-297e3ed41f9c",
"source": "security@huntr.dev"
}
]
}

98
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-04T18:00:34.940204+00:00
2023-08-04T20:00:29.394433+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-04T17:58:18.727000+00:00
2023-08-04T19:59:11.307000+00:00
```
### Last Data Feed Release
@ -29,58 +29,68 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
221665
221689
```
### CVEs added in the last Commit
Recently added CVEs: `14`
Recently added CVEs: `24`
* [CVE-2022-41401](CVE-2022/CVE-2022-414xx/CVE-2022-41401.json) (`2023-08-04T17:15:09.583`)
* [CVE-2023-37470](CVE-2023/CVE-2023-374xx/CVE-2023-37470.json) (`2023-08-04T16:15:09.610`)
* [CVE-2023-37896](CVE-2023/CVE-2023-378xx/CVE-2023-37896.json) (`2023-08-04T16:15:09.847`)
* [CVE-2023-38487](CVE-2023/CVE-2023-384xx/CVE-2023-38487.json) (`2023-08-04T16:15:10.030`)
* [CVE-2023-38494](CVE-2023/CVE-2023-384xx/CVE-2023-38494.json) (`2023-08-04T16:15:10.177`)
* [CVE-2023-38497](CVE-2023/CVE-2023-384xx/CVE-2023-38497.json) (`2023-08-04T16:15:10.370`)
* [CVE-2023-38686](CVE-2023/CVE-2023-386xx/CVE-2023-38686.json) (`2023-08-04T16:15:10.550`)
* [CVE-2023-38964](CVE-2023/CVE-2023-389xx/CVE-2023-38964.json) (`2023-08-04T16:15:10.697`)
* [CVE-2023-38688](CVE-2023/CVE-2023-386xx/CVE-2023-38688.json) (`2023-08-04T17:15:10.097`)
* [CVE-2023-38689](CVE-2023/CVE-2023-386xx/CVE-2023-38689.json) (`2023-08-04T17:15:10.563`)
* [CVE-2023-38690](CVE-2023/CVE-2023-386xx/CVE-2023-38690.json) (`2023-08-04T17:15:10.783`)
* [CVE-2023-38691](CVE-2023/CVE-2023-386xx/CVE-2023-38691.json) (`2023-08-04T17:15:11.063`)
* [CVE-2023-39112](CVE-2023/CVE-2023-391xx/CVE-2023-39112.json) (`2023-08-04T17:15:11.300`)
* [CVE-2023-39143](CVE-2023/CVE-2023-391xx/CVE-2023-39143.json) (`2023-08-04T17:15:11.510`)
* [CVE-2023-0264](CVE-2023/CVE-2023-02xx/CVE-2023-0264.json) (`2023-08-04T18:15:11.090`)
* [CVE-2023-33372](CVE-2023/CVE-2023-333xx/CVE-2023-33372.json) (`2023-08-04T18:15:11.883`)
* [CVE-2023-33373](CVE-2023/CVE-2023-333xx/CVE-2023-33373.json) (`2023-08-04T18:15:12.050`)
* [CVE-2023-33374](CVE-2023/CVE-2023-333xx/CVE-2023-33374.json) (`2023-08-04T18:15:12.183`)
* [CVE-2023-33375](CVE-2023/CVE-2023-333xx/CVE-2023-33375.json) (`2023-08-04T18:15:12.343`)
* [CVE-2023-33376](CVE-2023/CVE-2023-333xx/CVE-2023-33376.json) (`2023-08-04T18:15:12.503`)
* [CVE-2023-33377](CVE-2023/CVE-2023-333xx/CVE-2023-33377.json) (`2023-08-04T18:15:12.647`)
* [CVE-2023-33378](CVE-2023/CVE-2023-333xx/CVE-2023-33378.json) (`2023-08-04T18:15:12.783`)
* [CVE-2023-33379](CVE-2023/CVE-2023-333xx/CVE-2023-33379.json) (`2023-08-04T18:15:12.937`)
* [CVE-2023-38332](CVE-2023/CVE-2023-383xx/CVE-2023-38332.json) (`2023-08-04T18:15:13.910`)
* [CVE-2023-38692](CVE-2023/CVE-2023-386xx/CVE-2023-38692.json) (`2023-08-04T18:15:14.203`)
* [CVE-2023-38695](CVE-2023/CVE-2023-386xx/CVE-2023-38695.json) (`2023-08-04T18:15:14.667`)
* [CVE-2023-38697](CVE-2023/CVE-2023-386xx/CVE-2023-38697.json) (`2023-08-04T18:15:15.010`)
* [CVE-2023-38698](CVE-2023/CVE-2023-386xx/CVE-2023-38698.json) (`2023-08-04T18:15:15.637`)
* [CVE-2023-38699](CVE-2023/CVE-2023-386xx/CVE-2023-38699.json) (`2023-08-04T18:15:15.797`)
* [CVE-2023-39107](CVE-2023/CVE-2023-391xx/CVE-2023-39107.json) (`2023-08-04T18:15:16.263`)
* [CVE-2023-4157](CVE-2023/CVE-2023-41xx/CVE-2023-4157.json) (`2023-08-04T18:15:17.547`)
* [CVE-2023-4158](CVE-2023/CVE-2023-41xx/CVE-2023-4158.json) (`2023-08-04T18:15:17.873`)
* [CVE-2023-4159](CVE-2023/CVE-2023-41xx/CVE-2023-4159.json) (`2023-08-04T18:15:18.077`)
* [CVE-2023-38700](CVE-2023/CVE-2023-387xx/CVE-2023-38700.json) (`2023-08-04T19:15:09.697`)
* [CVE-2023-38702](CVE-2023/CVE-2023-387xx/CVE-2023-38702.json) (`2023-08-04T19:15:10.080`)
* [CVE-2023-38707](CVE-2023/CVE-2023-387xx/CVE-2023-38707.json) (`2023-08-04T19:15:10.300`)
* [CVE-2023-39551](CVE-2023/CVE-2023-395xx/CVE-2023-39551.json) (`2023-08-04T19:15:10.390`)
* [CVE-2023-39552](CVE-2023/CVE-2023-395xx/CVE-2023-39552.json) (`2023-08-04T19:15:10.547`)
### CVEs modified in the last Commit
Recently modified CVEs: `79`
Recently modified CVEs: `51`
* [CVE-2023-35016](CVE-2023/CVE-2023-350xx/CVE-2023-35016.json) (`2023-08-04T17:23:18.223`)
* [CVE-2023-35019](CVE-2023/CVE-2023-350xx/CVE-2023-35019.json) (`2023-08-04T17:23:56.413`)
* [CVE-2023-22595](CVE-2023/CVE-2023-225xx/CVE-2023-22595.json) (`2023-08-04T17:25:00.243`)
* [CVE-2023-24971](CVE-2023/CVE-2023-249xx/CVE-2023-24971.json) (`2023-08-04T17:25:17.853`)
* [CVE-2023-3292](CVE-2023/CVE-2023-32xx/CVE-2023-3292.json) (`2023-08-04T17:25:42.997`)
* [CVE-2023-34360](CVE-2023/CVE-2023-343xx/CVE-2023-34360.json) (`2023-08-04T17:27:01.823`)
* [CVE-2023-34359](CVE-2023/CVE-2023-343xx/CVE-2023-34359.json) (`2023-08-04T17:27:09.303`)
* [CVE-2023-34358](CVE-2023/CVE-2023-343xx/CVE-2023-34358.json) (`2023-08-04T17:27:21.567`)
* [CVE-2023-36351](CVE-2023/CVE-2023-363xx/CVE-2023-36351.json) (`2023-08-04T17:28:04.757`)
* [CVE-2023-32302](CVE-2023/CVE-2023-323xx/CVE-2023-32302.json) (`2023-08-04T17:28:35.773`)
* [CVE-2023-36118](CVE-2023/CVE-2023-361xx/CVE-2023-36118.json) (`2023-08-04T17:28:37.420`)
* [CVE-2023-34869](CVE-2023/CVE-2023-348xx/CVE-2023-34869.json) (`2023-08-04T17:28:50.493`)
* [CVE-2023-31429](CVE-2023/CVE-2023-314xx/CVE-2023-31429.json) (`2023-08-04T17:29:03.630`)
* [CVE-2023-31425](CVE-2023/CVE-2023-314xx/CVE-2023-31425.json) (`2023-08-04T17:29:10.477`)
* [CVE-2023-39147](CVE-2023/CVE-2023-391xx/CVE-2023-39147.json) (`2023-08-04T17:30:04.907`)
* [CVE-2023-38560](CVE-2023/CVE-2023-385xx/CVE-2023-38560.json) (`2023-08-04T17:30:26.457`)
* [CVE-2023-31710](CVE-2023/CVE-2023-317xx/CVE-2023-31710.json) (`2023-08-04T17:31:52.350`)
* [CVE-2023-20583](CVE-2023/CVE-2023-205xx/CVE-2023-20583.json) (`2023-08-04T17:31:53.953`)
* [CVE-2023-36210](CVE-2023/CVE-2023-362xx/CVE-2023-36210.json) (`2023-08-04T17:41:31.310`)
* [CVE-2023-26607](CVE-2023/CVE-2023-266xx/CVE-2023-26607.json) (`2023-08-04T17:42:56.953`)
* [CVE-2023-37478](CVE-2023/CVE-2023-374xx/CVE-2023-37478.json) (`2023-08-04T17:44:08.830`)
* [CVE-2023-33493](CVE-2023/CVE-2023-334xx/CVE-2023-33493.json) (`2023-08-04T17:48:37.147`)
* [CVE-2023-4058](CVE-2023/CVE-2023-40xx/CVE-2023-4058.json) (`2023-08-04T17:50:09.910`)
* [CVE-2023-33562](CVE-2023/CVE-2023-335xx/CVE-2023-33562.json) (`2023-08-04T17:55:48.260`)
* [CVE-2023-33561](CVE-2023/CVE-2023-335xx/CVE-2023-33561.json) (`2023-08-04T17:58:18.727`)
* [CVE-2023-34635](CVE-2023/CVE-2023-346xx/CVE-2023-34635.json) (`2023-08-04T18:52:54.603`)
* [CVE-2023-39143](CVE-2023/CVE-2023-391xx/CVE-2023-39143.json) (`2023-08-04T18:53:22.053`)
* [CVE-2023-38688](CVE-2023/CVE-2023-386xx/CVE-2023-38688.json) (`2023-08-04T18:53:28.627`)
* [CVE-2023-38689](CVE-2023/CVE-2023-386xx/CVE-2023-38689.json) (`2023-08-04T18:53:28.627`)
* [CVE-2023-38690](CVE-2023/CVE-2023-386xx/CVE-2023-38690.json) (`2023-08-04T18:53:28.627`)
* [CVE-2023-38691](CVE-2023/CVE-2023-386xx/CVE-2023-38691.json) (`2023-08-04T18:53:28.627`)
* [CVE-2023-39112](CVE-2023/CVE-2023-391xx/CVE-2023-39112.json) (`2023-08-04T18:53:28.627`)
* [CVE-2023-4052](CVE-2023/CVE-2023-40xx/CVE-2023-4052.json) (`2023-08-04T18:54:50.227`)
* [CVE-2023-4051](CVE-2023/CVE-2023-40xx/CVE-2023-4051.json) (`2023-08-04T18:57:00.337`)
* [CVE-2023-4053](CVE-2023/CVE-2023-40xx/CVE-2023-4053.json) (`2023-08-04T19:00:39.263`)
* [CVE-2023-0632](CVE-2023/CVE-2023-06xx/CVE-2023-0632.json) (`2023-08-04T19:02:54.527`)
* [CVE-2023-1210](CVE-2023/CVE-2023-12xx/CVE-2023-1210.json) (`2023-08-04T19:08:22.453`)
* [CVE-2023-2164](CVE-2023/CVE-2023-21xx/CVE-2023-2164.json) (`2023-08-04T19:10:09.870`)
* [CVE-2023-3364](CVE-2023/CVE-2023-33xx/CVE-2023-3364.json) (`2023-08-04T19:12:09.647`)
* [CVE-2023-3500](CVE-2023/CVE-2023-35xx/CVE-2023-3500.json) (`2023-08-04T19:13:10.047`)
* [CVE-2023-3385](CVE-2023/CVE-2023-33xx/CVE-2023-3385.json) (`2023-08-04T19:19:04.697`)
* [CVE-2023-3900](CVE-2023/CVE-2023-39xx/CVE-2023-3900.json) (`2023-08-04T19:20:38.573`)
* [CVE-2023-3994](CVE-2023/CVE-2023-39xx/CVE-2023-3994.json) (`2023-08-04T19:21:59.443`)
* [CVE-2023-3993](CVE-2023/CVE-2023-39xx/CVE-2023-3993.json) (`2023-08-04T19:23:32.567`)
* [CVE-2023-37292](CVE-2023/CVE-2023-372xx/CVE-2023-37292.json) (`2023-08-04T19:28:00.977`)
* [CVE-2023-35086](CVE-2023/CVE-2023-350xx/CVE-2023-35086.json) (`2023-08-04T19:28:40.323`)
* [CVE-2023-26911](CVE-2023/CVE-2023-269xx/CVE-2023-26911.json) (`2023-08-04T19:40:21.580`)
* [CVE-2023-4011](CVE-2023/CVE-2023-40xx/CVE-2023-4011.json) (`2023-08-04T19:45:30.020`)
* [CVE-2023-37217](CVE-2023/CVE-2023-372xx/CVE-2023-37217.json) (`2023-08-04T19:56:57.963`)
* [CVE-2023-37919](CVE-2023/CVE-2023-379xx/CVE-2023-37919.json) (`2023-08-04T19:59:11.307`)
## Download and Usage