admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-09T12:00:30.167809+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-09 12:00:33 +00:00
parent 3045f69666
commit c4dcf29469
9 changed files with 285 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
CVE-2021/CVE-2021-346xx/CVE-2021-34600.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-34600",
"sourceIdentifier": "info@cert.vde.com",
"published": "2022-01-20T12:15:08.240",
"lastModified": "2023-07-07T19:14:06.390",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-09T11:15:09.560",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation."
"value": "Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.\n\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -37,24 +37,24 @@
"impactScore": 3.6
},
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
"impactScore": 3.6
}
],
"cvssMetricV2": [
@ -85,7 +85,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
@ -95,12 +95,12 @@
]
},
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-338"
"value": "CWE-335"
}
]
}

12
CVE-2022/CVE-2022-225xx/CVE-2022-22521.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-22521",
"sourceIdentifier": "info@cert.vde.com",
"published": "2022-04-27T16:15:11.737",
"lastModified": "2023-06-27T19:00:38.817",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-09T11:15:09.867",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin."
"value": "In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.\n\n"
},
{
"lang": "es",
@ -85,7 +85,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
@ -95,12 +95,12 @@
]
},
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
"value": "CWE-732"
}
]
}

12
CVE-2022/CVE-2022-42xx/CVE-2022-4224.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-4224",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-03-23T12:15:12.990",
"lastModified": "2023-07-06T14:37:16.910",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-09T11:15:10.067",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
"value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u00a0could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
}
],
"metrics": {
@ -36,7 +36,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
@ -46,12 +46,12 @@
]
},
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-668"
"value": "CWE-1188"
}
]
}

55
CVE-2023/CVE-2023-239xx/CVE-2023-23903.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23903",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T10:15:09.687",
"lastModified": "2023-08-09T10:15:09.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.\n\nThe whole application in rendered unusable until a console intervention.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.nozominetworks.com/NN-2023:7-01",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2023/CVE-2023-240xx/CVE-2023-24015.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24015",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T10:15:09.890",
"lastModified": "2023-08-09T10:15:09.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.\n\nThe reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.nozominetworks.com/NN-2023:6-01",
"source": "prodsec@nozominetworks.com"
}
]
}

14
CVE-2023/CVE-2023-27xx/CVE-2023-2760.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2760",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-07-17T07:15:08.953",
"lastModified": "2023-07-27T04:09:37.207",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-09T11:15:10.280",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -13,7 +13,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -33,7 +33,7 @@
"impactScore": 4.7
},
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
@ -66,12 +66,12 @@
]
},
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
"value": "CWE-89"
}
]
}

70
CVE-2023/CVE-2023-333xx/CVE-2023-33365.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-33365",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T16:15:11.870",
"lastModified": "2023-08-03T16:56:53.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T11:34:28.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.9.1",
"matchCriteriaId": "EB816219-172E-445F-9175-938D9B8A4602"
}
]
}
]
}
],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33365",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://kb.supremainc.com/knowledge/doku.php?id=en:release_note_291",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-333xx/CVE-2023-33366.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-33366",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T16:15:11.937",
"lastModified": "2023-08-03T16:56:53.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-09T11:53:38.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.9.1",
"matchCriteriaId": "EB816219-172E-445F-9175-938D9B8A4602"
}
]
}
]
}
],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33366",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://kb.supremainc.com/knowledge/doku.php?id=en:release_note_291",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

34
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-09T10:00:31.779394+00:00
2023-08-09T12:00:30.167809+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-09T09:15:14.297000+00:00
2023-08-09T11:53:38.847000+00:00
```
### Last Data Feed Release
@ -29,37 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
222147
222149
```
### CVEs added in the last Commit
Recently added CVEs: `12`
Recently added CVEs: `2`
* [CVE-2023-24477](CVE-2023/CVE-2023-244xx/CVE-2023-24477.json) (`2023-08-09T08:15:09.280`)
* [CVE-2023-38207](CVE-2023/CVE-2023-382xx/CVE-2023-38207.json) (`2023-08-09T08:15:09.443`)
* [CVE-2023-38208](CVE-2023/CVE-2023-382xx/CVE-2023-38208.json) (`2023-08-09T08:15:09.563`)
* [CVE-2023-38209](CVE-2023/CVE-2023-382xx/CVE-2023-38209.json) (`2023-08-09T08:15:09.660`)
* [CVE-2023-22378](CVE-2023/CVE-2023-223xx/CVE-2023-22378.json) (`2023-08-09T09:15:13.507`)
* [CVE-2023-22843](CVE-2023/CVE-2023-228xx/CVE-2023-22843.json) (`2023-08-09T09:15:13.667`)
* [CVE-2023-23574](CVE-2023/CVE-2023-235xx/CVE-2023-23574.json) (`2023-08-09T09:15:13.767`)
* [CVE-2023-24471](CVE-2023/CVE-2023-244xx/CVE-2023-24471.json) (`2023-08-09T09:15:13.860`)
* [CVE-2023-38211](CVE-2023/CVE-2023-382xx/CVE-2023-38211.json) (`2023-08-09T09:15:13.957`)
* [CVE-2023-38212](CVE-2023/CVE-2023-382xx/CVE-2023-38212.json) (`2023-08-09T09:15:14.077`)
* [CVE-2023-38213](CVE-2023/CVE-2023-382xx/CVE-2023-38213.json) (`2023-08-09T09:15:14.183`)
* [CVE-2023-3632](CVE-2023/CVE-2023-36xx/CVE-2023-3632.json) (`2023-08-09T09:15:14.297`)
* [CVE-2023-23903](CVE-2023/CVE-2023-239xx/CVE-2023-23903.json) (`2023-08-09T10:15:09.687`)
* [CVE-2023-24015](CVE-2023/CVE-2023-240xx/CVE-2023-24015.json) (`2023-08-09T10:15:09.890`)
### CVEs modified in the last Commit
Recently modified CVEs: `6`
* [CVE-2018-11206](CVE-2018/CVE-2018-112xx/CVE-2018-11206.json) (`2023-08-09T09:15:12.113`)
* [CVE-2018-17233](CVE-2018/CVE-2018-172xx/CVE-2018-17233.json) (`2023-08-09T09:15:12.920`)
* [CVE-2018-17234](CVE-2018/CVE-2018-172xx/CVE-2018-17234.json) (`2023-08-09T09:15:13.037`)
* [CVE-2018-17237](CVE-2018/CVE-2018-172xx/CVE-2018-17237.json) (`2023-08-09T09:15:13.130`)
* [CVE-2018-17434](CVE-2018/CVE-2018-174xx/CVE-2018-17434.json) (`2023-08-09T09:15:13.223`)
* [CVE-2018-17437](CVE-2018/CVE-2018-174xx/CVE-2018-17437.json) (`2023-08-09T09:15:13.330`)
* [CVE-2021-34600](CVE-2021/CVE-2021-346xx/CVE-2021-34600.json) (`2023-08-09T11:15:09.560`)
* [CVE-2022-22521](CVE-2022/CVE-2022-225xx/CVE-2022-22521.json) (`2023-08-09T11:15:09.867`)
* [CVE-2022-4224](CVE-2022/CVE-2022-42xx/CVE-2022-4224.json) (`2023-08-09T11:15:10.067`)
* [CVE-2023-2760](CVE-2023/CVE-2023-27xx/CVE-2023-2760.json) (`2023-08-09T11:15:10.280`)
* [CVE-2023-33365](CVE-2023/CVE-2023-333xx/CVE-2023-33365.json) (`2023-08-09T11:34:28.953`)
* [CVE-2023-33366](CVE-2023/CVE-2023-333xx/CVE-2023-33366.json) (`2023-08-09T11:53:38.847`)
## Download and Usage