admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-04-25T08:17:18.210847+00:00

Browse Source
This commit is contained in:
René Helmke 2023-04-25 10:17:25 +02:00
parent 24a667ac8b
commit c6fffe89eb
169 changed files with 48693 additions and 514 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
CVE-2012/CVE-2012-100xx/CVE-2012-10013.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2012-10013",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-24T18:15:08.783",
"lastModified": "2023-04-24T18:15:08.783",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/kau-boys-backend-localization/commit/43dc96defd7944da12ff116476a6890acd7dd24b",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.227231",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.227231",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2012/CVE-2012-100xx/CVE-2012-10014.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2012-10014",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-24T18:15:08.867",
"lastModified": "2023-04-24T18:15:08.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_localization.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 36f457ee16dd114e510fd91a3ea9fbb3c1f87184. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227232."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/kau-boys-backend-localization/commit/36f457ee16dd114e510fd91a3ea9fbb3c1f87184",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0.1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.227232",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.227232",
"source": "cna@vuldb.com"
}
]
}

12
CVE-2014/CVE-2014-40xx/CVE-2014-4024.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2014-4024",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-03-19T21:29:00.737",
"lastModified": "2019-06-06T15:11:36.437",
"lastModified": "2023-04-24T16:52:01.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -184,9 +184,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"versionStartExcluding": "10.0.0",
"versionStartIncluding": "10.0.0",
"versionEndIncluding": "10.2.4",
"matchCriteriaId": "FA244DF5-C4CD-42E9-ADEB-6DD65DEE49C9"
"matchCriteriaId": "667D3780-3949-41AC-83DE-5BCB8B36C382"
},
{
"vulnerable": true,

6
CVE-2020/CVE-2020-158xx/CVE-2020-15858.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-15858",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-08-21T21:15:11.777",
"lastModified": "2023-04-24T11:15:06.920",
"lastModified": "2023-04-24T17:15:09.323",
"vulnStatus": "Modified",
"descriptions": [
{
@ -350,6 +350,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/171978/Telit-Cinterion-IoT-Traversal-Escalation-Bypass-Heap-Overflow.html",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Apr/11",
"source": "cve@mitre.org"

80
CVE-2021/CVE-2021-468xx/CVE-2021-46880.json
View File

@ -2,27 +2,95 @@
"id": "CVE-2021-46880",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-15T00:15:07.410",
"lastModified": "2023-04-15T02:25:57.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T18:42:45.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.2",
"matchCriteriaId": "FAD1B673-A6C5-4673-8ACC-FF31DA3A0531"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"matchCriteriaId": "450E9581-FED9-4CFC-B636-170E52A5071F"
}
]
}
]
}
],
"references": [
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/006_x509.patch.sig",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

772
CVE-2022/CVE-2022-257xx/CVE-2022-25730.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25730",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-04-13T07:15:11.667",
"lastModified": "2023-04-13T12:52:26.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T16:56:39.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
@ -34,10 +54,756 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3BA789-3EC2-474D-BD5F-AD67BAE64413"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm8207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5954E2E1-3A62-4601-8D7F-21B7B2D02370"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CFD9663-D78A-45C0-A0E7-A4D5B98C9BF8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38C02461-5207-401D-B97A-3E25E23C9B2B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A960B86A-C397-4ACB-AEE6-55F316D32949"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B8959-3D1E-4B48-9181-D75FE90AAF98"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F30E5379-0AA7-44C4-99E7-99B63A6B49EC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3676B953-5BC5-4AFF-A600-3DBFF01B31AD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB39496-8699-4DAF-BD7B-AE69260B20CB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca4004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CFBC24-5F15-40DE-806E-62C1EE808992"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca4010_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04F1CE4C-CAF8-4AB9-B44D-ADC2F2E7CF4C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca4010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30C10881-C26D-452D-A2D1-8617C2709D60"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D4B026-2118-448D-A48D-36864DE715B8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qts110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED10480-E005-452C-A03C-D669CE94ABE4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_ar2_gen_1_platform_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1AB7D4-FB11-4020-A4A0-8F40D98C07F1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_ar2_gen_1_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6053F0-5E34-458A-B084-078E4D4F4021"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_wear_1100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73CF3EE2-8933-43F6-945F-B5B01FF68DF1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_wear_1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "392986E3-9FB2-46F7-8420-6B0DC40E9912"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_wear_1200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDAADDF-3C85-4AA2-BDA9-23B6183E193C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_wear_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB85D1A-6586-4185-B56C-5C08C0A338AF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_wear_1300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8571A7EB-7BF1-4613-8CCB-667995115FC0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_wear_1300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE7E6EB-E3E7-45FB-AA7B-29937C21D116"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "312A5688-2508-4609-835F-F0957C511AE8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_x5_lte_modem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD6DFCE-2D24-4A68-8B46-FB47ABEC6694"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A146E52D-4AFC-47B4-920F-DAC76077DF25"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:ssg2115p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA4BA00-C8D1-4DAC-8030-CB5EEC7D4591"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA41907C-1CDE-42F3-B21D-5D53B2F06AF7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:ssg2125p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC270A7-205C-41EB-A2E5-2A381A16BFBB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3236D6-0D01-4D05-B580-8888B99BAA5D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sxr1230p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1753FC-F3CD-4B50-886D-8E16D9301A84"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6444F6-A477-4B4C-8A09-C22C47CCE45B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sxr2230p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E20681-4FC4-46E2-AF77-BCF03BC8E77E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC012AD0-BCEE-4B1E-9B15-5D77D78CEA01"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9306:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C69B9-F0AB-4BF5-A8C2-64FEB7075593"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43A90019-4E96-40B5-9E4D-CCBDD51ACA34"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3D23FE-B3D5-4EC3-8268-98F12181966D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70292B01-617F-44AD-AF77-1AFC1450523D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA94C6D6-85DB-4031-AAF4-C399019AE16D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92B17201-8185-47F1-9720-5AB4ECD11B22"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FA2EB9-416F-4D69-8786-386CC73978AE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn685x-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A07C2049-B227-4849-85D0-B53D690C7697"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn685x-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88D2DB07-B72B-4D44-A373-0C7EAB35F388"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn685x-5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3CF46D-E1CB-447E-8371-15C3F49B1AA9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn685x-5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B74FDAF1-82D0-4136-BF97-25C56FCEE77C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn785x-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41266FF-5555-4522-AD55-6A7CF8BA33D5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn785x-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9C428C-7470-4178-9029-3234086D93F1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn785x-5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04EA12D4-24E2-4FE9-8CD6-06A8E36DEB2F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn785x-5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AED978B-0330-4B9B-B662-AA8E9E621996"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11B69595-E488-4590-A150-CE5BE08B5E13"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF680174-5FA6-47D9-8EAB-CC2A37A7BD42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACAD26E-B79E-4659-91A5-D301281F7D36"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E46DA6-9494-4D92-A4AE-A272AF6ACCCC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80BC68E-7476-4A40-9F48-53722FE9A5BF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B36F4B2-BAA3-45AD-9967-0EB482C99708"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

745
CVE-2022/CVE-2022-257xx/CVE-2022-25739.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25739",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-04-13T07:15:12.627",
"lastModified": "2023-04-13T12:52:26.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T16:49:48.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
@ -34,10 +54,729 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CFD9663-D78A-45C0-A0E7-A4D5B98C9BF8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38C02461-5207-401D-B97A-3E25E23C9B2B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A960B86A-C397-4ACB-AEE6-55F316D32949"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B8959-3D1E-4B48-9181-D75FE90AAF98"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F30E5379-0AA7-44C4-99E7-99B63A6B49EC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3676B953-5BC5-4AFF-A600-3DBFF01B31AD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3BA789-3EC2-474D-BD5F-AD67BAE64413"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm8207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5954E2E1-3A62-4601-8D7F-21B7B2D02370"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB39496-8699-4DAF-BD7B-AE69260B20CB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca4004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CFBC24-5F15-40DE-806E-62C1EE808992"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D4B026-2118-448D-A48D-36864DE715B8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qts110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED10480-E005-452C-A03C-D669CE94ABE4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_ar2_gen_1_platform_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1AB7D4-FB11-4020-A4A0-8F40D98C07F1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_ar2_gen_1_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6053F0-5E34-458A-B084-078E4D4F4021"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "312A5688-2508-4609-835F-F0957C511AE8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_x5_lte_modem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD6DFCE-2D24-4A68-8B46-FB47ABEC6694"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A146E52D-4AFC-47B4-920F-DAC76077DF25"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:ssg2115p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA4BA00-C8D1-4DAC-8030-CB5EEC7D4591"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA41907C-1CDE-42F3-B21D-5D53B2F06AF7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:ssg2125p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC270A7-205C-41EB-A2E5-2A381A16BFBB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3236D6-0D01-4D05-B580-8888B99BAA5D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sxr1230p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1753FC-F3CD-4B50-886D-8E16D9301A84"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6444F6-A477-4B4C-8A09-C22C47CCE45B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sxr2230p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E20681-4FC4-46E2-AF77-BCF03BC8E77E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC012AD0-BCEE-4B1E-9B15-5D77D78CEA01"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9306:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C69B9-F0AB-4BF5-A8C2-64FEB7075593"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43A90019-4E96-40B5-9E4D-CCBDD51ACA34"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3D23FE-B3D5-4EC3-8268-98F12181966D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70292B01-617F-44AD-AF77-1AFC1450523D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA94C6D6-85DB-4031-AAF4-C399019AE16D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92B17201-8185-47F1-9720-5AB4ECD11B22"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FA2EB9-416F-4D69-8786-386CC73978AE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11B69595-E488-4590-A150-CE5BE08B5E13"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF680174-5FA6-47D9-8EAB-CC2A37A7BD42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACAD26E-B79E-4659-91A5-D301281F7D36"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E46DA6-9494-4D92-A4AE-A272AF6ACCCC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80BC68E-7476-4A40-9F48-53722FE9A5BF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B36F4B2-BAA3-45AD-9967-0EB482C99708"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn685x-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A07C2049-B227-4849-85D0-B53D690C7697"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn685x-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88D2DB07-B72B-4D44-A373-0C7EAB35F388"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn785x-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41266FF-5555-4522-AD55-6A7CF8BA33D5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn785x-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9C428C-7470-4178-9029-3234086D93F1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_wear_1100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73CF3EE2-8933-43F6-945F-B5B01FF68DF1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_wear_1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "392986E3-9FB2-46F7-8420-6B0DC40E9912"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_wear_1200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDAADDF-3C85-4AA2-BDA9-23B6183E193C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_wear_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB85D1A-6586-4185-B56C-5C08C0A338AF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_wear_1300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8571A7EB-7BF1-4613-8CCB-667995115FC0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_wear_1300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE7E6EB-E3E7-45FB-AA7B-29937C21D116"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn685x-5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3CF46D-E1CB-447E-8371-15C3F49B1AA9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn685x-5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B74FDAF1-82D0-4136-BF97-25C56FCEE77C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn785x-5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04EA12D4-24E2-4FE9-8CD6-06A8E36DEB2F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn785x-5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AED978B-0330-4B9B-B662-AA8E9E621996"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

178
CVE-2022/CVE-2022-257xx/CVE-2022-25745.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25745",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-04-13T07:15:13.253",
"lastModified": "2023-04-13T12:52:26.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T16:20:18.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
@ -34,10 +54,162 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-670"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CFD9663-D78A-45C0-A0E7-A4D5B98C9BF8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38C02461-5207-401D-B97A-3E25E23C9B2B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB39496-8699-4DAF-BD7B-AE69260B20CB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca4004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CFBC24-5F15-40DE-806E-62C1EE808992"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D4B026-2118-448D-A48D-36864DE715B8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qts110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED10480-E005-452C-A03C-D669CE94ABE4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_wear_1300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8571A7EB-7BF1-4613-8CCB-667995115FC0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_wear_1300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE7E6EB-E3E7-45FB-AA7B-29937C21D116"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC012AD0-BCEE-4B1E-9B15-5D77D78CEA01"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9306:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C69B9-F0AB-4BF5-A8C2-64FEB7075593"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2022/CVE-2022-25xx/CVE-2022-2525.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2525",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-15T13:15:44.940",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T18:50:21.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:calibre-web_project:calibre-web:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.6.20",
"matchCriteriaId": "D18AE1BC-0C3E-42C4-8DFF-2CFCE44AF39D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

70
CVE-2022/CVE-2022-283xx/CVE-2022-28353.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2022-28353",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-16T03:15:07.123",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T19:12:54.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL (aka external.php?url=) is vulnerable to XSS."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:external_redirect_warning_project:external_redirect_warning:1.3:*:*:*:*:mybb:*:*",
"matchCriteriaId": "E3980EBC-994A-432D-88A8-336270EA490D"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/171403/MyBB-External-Redirect-Warning-1.3-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://community.mybb.com/mods.php?action=view&pid=493",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2022/CVE-2022-283xx/CVE-2022-28354.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-28354",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T21:15:09.110",
"lastModified": "2023-04-24T21:15:09.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period."
}
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/171402/MyBB-Active-Threads-1.3.0-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
},
{
"url": "https://community.mybb.com/mods.php?action=view&pid=1336",
"source": "cve@mitre.org"
}
]
}

5956
CVE-2022/CVE-2022-332xx/CVE-2022-33231.json
View File

File diff suppressed because it is too large Load Diff

2770
CVE-2022/CVE-2022-332xx/CVE-2022-33269.json
View File

File diff suppressed because it is too large Load Diff

1177
CVE-2022/CVE-2022-332xx/CVE-2022-33270.json
View File

File diff suppressed because it is too large Load Diff

583
CVE-2022/CVE-2022-332xx/CVE-2022-33282.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-33282",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-04-13T07:15:16.637",
"lastModified": "2023-04-13T12:52:20.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T16:11:15.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
@ -34,10 +54,567 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA1E7B0-782B-4757-B118-802943798984"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95CB08EC-AE12-4A54-AA3C-998F01FC8763"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D9E281-B382-41AC-84CB-5B1063E5AC51"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44EBEBD5-98C3-493B-A108-FD4DE6FFBE97"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828CFB37-76A6-4927-9D00-AF9A1C432DD6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11405993-5903-4716-B452-370281034B42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D527E2B1-2A46-4FBA-9F7A-F5543677C8FB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8374DDB3-D484-4141-AE0C-42333D2721F6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DDA896-576C-44B8-85B6-F71F473F776B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A87BDA-5B24-4212-BAB3-D2BBB2F4162E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "643EC76D-2836-48E6-81DA-78C4883C33CA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*",
"matchCriteriaId": "477F6529-4CE1-44FC-B6EE-D24D44C71AE7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "288F637F-22F8-47CF-B67F-C798A730A1BD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0996EA3-1C92-4933-BE34-9CF625E59FE7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE207DB-9770-40ED-961D-FDA75965826F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E23922D-C37F-476F-A623-4C1458A9156F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C66671C1-AE1A-44BE-9DB2-0B09FF4417DB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74AA3929-3F80-4D54-B13A-9B070D5C03BB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "054F77D6-FC66-4151-9005-DC7ECDB5C722"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED3F589-16D9-46A7-A539-C9862473EE0D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C40544E-B040-491C-8DF3-50225E70B50C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DAC85C-CDC9-4784-A69A-147A2CE8A8B2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0514D433-162C-4680-8912-721D19BE6201"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A71D74B0-0963-49FD-8E97-148C8993B263"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "910CBFA4-50F7-4C7A-B9B9-B88C8A919827"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69C1B02F-8D2D-42E7-B70D-41F4D9844FD1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEACAA9-C061-4713-9A54-37D8BFC0B00B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F33EB594-B0D3-42F2-B1CA-B0E6C9D82C6B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50EF47E5-2875-412F-815D-44804BB3A739"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8648B38-2597-401A-8F53-D582FA911569"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A01CD59B-8F21-4CD6-8A1A-7B37547A8715"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51BC0A66-493B-43BE-B51F-640BDF2FF32E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DA4D12-7ABF-4A04-B44E-E1D68C8E58AB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A19659B-A0C3-44B7-8D54-BA21729873A4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F978041A-CE28-4BDF-A7DB-F0360F1A5F14"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE8B62D-83B4-4326-8A53-FED5947D5FFE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8540p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6F8899-136A-4A57-9F02-BD428E1663DA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A024AB04-B213-4018-A4C1-FA467C7BA775"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A8AB7C-5D34-4794-8C06-2193075B323F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

3121
CVE-2022/CVE-2022-332xx/CVE-2022-33296.json
View File

File diff suppressed because it is too large Load Diff

313
CVE-2022/CVE-2022-332xx/CVE-2022-33297.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-33297",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-04-13T07:15:18.913",
"lastModified": "2023-04-13T12:52:20.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T16:11:31.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
@ -34,10 +54,297 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6310_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62DC4FBB-D9CB-43EB-829E-0A892306D0E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0F8ED6-EAE7-44EA-A8C6-F5AD408261F0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6320_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "886CF046-E1D9-4FD4-AC02-EAB61C3F70FD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "059486E9-3F99-4C65-A763-470564EDAF2C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA605FD-B801-43BB-B52D-879013F7F57E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "908BFD96-0423-4AFC-B8F3-105B2D5B4C73"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_835_mobile_platform_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC405AC-8196-490F-B6B9-8067BB8B0C8A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_835_mobile_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B639DD76-26BC-4A9B-8E09-D71ACF35A284"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28717583-463A-468A-8073-ECF0F90585F6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9335:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1A7188-7D5D-4D46-AEAB-08BA84FFF539"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA28CC6-C8BB-4F50-BFE3-A59F664A4F54"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94D2BDF1-764C-48BA-8944-3275E8768078"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE852339-1CAE-4983-9757-8F00EDEF1141"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9E96B3-F1BB-46F8-B715-7DF90180F1E1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2744A053-5BD9-45A9-A2FC-791BCA0CCD4C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn3990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F28E29-520F-469E-B048-62DE2EF07ADD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15307882-7039-43E9-9BA3-035045988B99"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA85B322-E593-4499-829A-CC6D70BAE884"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E839A0B9-64C3-4C7A-82B7-D2AAF65928F8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E870D82-DE3B-4199-A730-C8FB545BAA98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

2122
CVE-2022/CVE-2022-332xx/CVE-2022-33298.json
View File

File diff suppressed because it is too large Load Diff

476
CVE-2022/CVE-2022-333xx/CVE-2022-33301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-33301",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-04-13T07:15:19.457",
"lastModified": "2023-04-13T12:52:20.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T16:48:09.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
@ -34,10 +54,460 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-704"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "643EC76D-2836-48E6-81DA-78C4883C33CA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*",
"matchCriteriaId": "477F6529-4CE1-44FC-B6EE-D24D44C71AE7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "288F637F-22F8-47CF-B67F-C798A730A1BD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0996EA3-1C92-4933-BE34-9CF625E59FE7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE207DB-9770-40ED-961D-FDA75965826F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E23922D-C37F-476F-A623-4C1458A9156F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "054F77D6-FC66-4151-9005-DC7ECDB5C722"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED3F589-16D9-46A7-A539-C9862473EE0D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0514D433-162C-4680-8912-721D19BE6201"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A71D74B0-0963-49FD-8E97-148C8993B263"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "910CBFA4-50F7-4C7A-B9B9-B88C8A919827"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69C1B02F-8D2D-42E7-B70D-41F4D9844FD1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEACAA9-C061-4713-9A54-37D8BFC0B00B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8648B38-2597-401A-8F53-D582FA911569"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A01CD59B-8F21-4CD6-8A1A-7B37547A8715"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51BC0A66-493B-43BE-B51F-640BDF2FF32E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DA4D12-7ABF-4A04-B44E-E1D68C8E58AB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_w5\\+_gen_1_wearable_platform_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C455E7D-D256-4240-BE72-2A93273D685A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_w5\\+_gen_1_wearable_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "423E21A1-8F52-46DA-9AC2-77159FEB6001"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1BF9BB-AF11-46A7-A71C-F7D289E76E3F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8455D6-287D-4934-8E4D-F4127A9C0449"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB599A9F-0305-4FE4-8623-0F86630FEDCB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB883BF-68B2-4C25-84DC-5DA953BFAA2F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6E9038-9B18-4958-BE1E-215901C9B4B2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B36D3274-F8D0-49C5-A6D5-95F5DC6D1950"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BFB25F-013B-48E3-99FF-3E8687F94423"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF676C5B-838B-446C-A689-6A25AB8A87E2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11B69595-E488-4590-A150-CE5BE08B5E13"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF680174-5FA6-47D9-8EAB-CC2A37A7BD42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80BC68E-7476-4A40-9F48-53722FE9A5BF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B36F4B2-BAA3-45AD-9967-0EB482C99708"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

6118
CVE-2022/CVE-2022-333xx/CVE-2022-33302.json
View File

File diff suppressed because it is too large Load Diff

5
CVE-2022/CVE-2022-39xx/CVE-2022-3964.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3964",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-11-13T08:15:14.657",
"lastModified": "2023-02-06T15:13:59.527",
"lastModified": "2023-04-24T16:51:37.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -81,7 +81,8 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4",
"matchCriteriaId": "431A8D05-BBA6-41CF-B08A-716A0BAFC0A2"
"versionEndExcluding": "6.0",
"matchCriteriaId": "7683BDAA-2886-4E48-A7DA-A5F826A6ABF1"
}
]
}

5
CVE-2022/CVE-2022-39xx/CVE-2022-3965.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3965",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-11-13T08:15:15.367",
"lastModified": "2023-02-06T15:13:46.450",
"lastModified": "2023-04-24T16:51:00.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -81,7 +81,8 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"matchCriteriaId": "89DD2049-D04D-4A7C-A0DE-94397FA58A7E"
"versionEndExcluding": "6.0",
"matchCriteriaId": "BF67445F-DBBB-4116-8F62-77BBB438988E"
}
]
}

5039
CVE-2022/CVE-2022-405xx/CVE-2022-40503.json
View File

File diff suppressed because it is too large Load Diff

9574
CVE-2022/CVE-2022-405xx/CVE-2022-40532.json
View File

File diff suppressed because it is too large Load Diff

55
CVE-2022/CVE-2022-416xx/CVE-2022-41612.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-41612",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-04-24T17:15:09.463",
"lastModified": "2023-04-24T17:43:16.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shareaholic Similar Posts plugin <=\u00a03.1.6 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/similar-posts/wordpress-similar-posts-plugin-3-1-6-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

220
CVE-2022/CVE-2022-436xx/CVE-2022-43699.json
View File

@ -2,23 +2,233 @@
"id": "CVE-2022-43699",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-15T02:15:07.217",
"lastModified": "2023-04-15T02:25:57.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T19:46:49.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.10.6",
"matchCriteriaId": "5BBF1862-B6FF-4F32-A3C1-59D28BA25F81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "3A4EAD2E-C3C3-4C79-8C42-375FFE638486"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*",
"matchCriteriaId": "39198733-D227-4935-9A60-1026040D262F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*",
"matchCriteriaId": "3C86EE81-8CD4-4131-969A-BDA24B9B48E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*",
"matchCriteriaId": "F9E9C869-7DA9-4EFA-B613-82BA127F6CE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*",
"matchCriteriaId": "F8FAA329-5893-412B-8349-4DA3023CC76E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*",
"matchCriteriaId": "BB6A57A4-B18D-498D-9A8C-406797A6255C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*",
"matchCriteriaId": "7F0977F0-90B4-48B4-BED6-C218B5CA5E03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*",
"matchCriteriaId": "4D55DE67-8F93-48F3-BE54-D3A065479281"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*",
"matchCriteriaId": "D27980B4-B71B-4DA8-B130-F0B5929F8E65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*",
"matchCriteriaId": "DD1709BC-7DEB-4508-B3C3-B20F5FD001A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*",
"matchCriteriaId": "08A6BDD5-259E-4DC3-A548-00CD0D459749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*",
"matchCriteriaId": "B8166FF4-77D8-4A12-92E5-615B3DA2E602"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*",
"matchCriteriaId": "999F057B-7918-461A-B60C-3BE72E92CDC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*",
"matchCriteriaId": "88FD1550-3715-493E-B674-9ECF3DD7A813"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*",
"matchCriteriaId": "F31A4949-397F-4D1B-8AEA-AC7B335722F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*",
"matchCriteriaId": "D33A91D4-CE21-486D-9469-B09060B8C637"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*",
"matchCriteriaId": "5E3E5CD2-7631-4DBE-AB4D-669E82BCCAD4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*",
"matchCriteriaId": "2BEE0AF0-3D22-4DE7-9E71-A4469D9CA2EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*",
"matchCriteriaId": "AAFB199C-1D66-442D-AD7E-414DD339E1D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*",
"matchCriteriaId": "26322561-2491-4DC7-B974-0B92B61A5BDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*",
"matchCriteriaId": "A6BA6C2B-F2D5-4FF7-B316-C8E99C2B464B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*",
"matchCriteriaId": "733E4A65-821B-4187-AA3A-1ACD3E882C07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*",
"matchCriteriaId": "6B0A0043-33E8-4440-92AC-DDD70EA39535"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*",
"matchCriteriaId": "303205CC-8BDE-47EE-A675-9BA19983139A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*",
"matchCriteriaId": "8C088014-47D6-4632-9FB5-2C7B1085B762"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*",
"matchCriteriaId": "42CF6057-EB40-4208-9F1E-83213E97987C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*",
"matchCriteriaId": "966BC23E-B8CE-4F98-B3A6-4B620E8808BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*",
"matchCriteriaId": "7409CE19-ACC1-4AF4-8C8A-AE2CDBB63D3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*",
"matchCriteriaId": "17D71CDE-3111-459B-8520-F62E0D5D2972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*",
"matchCriteriaId": "6D808ED6-F819-4014-BD24-4537D52DDFB0"
}
]
}
]
}
],
"references": [
{
"url": "https://open-xchange.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://seclists.org/fulldisclosure/2023/Feb/3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

70
CVE-2022/CVE-2022-450xx/CVE-2022-45030.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2022-45030",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-15T02:15:07.253",
"lastModified": "2023-04-15T02:25:57.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T19:01:14.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rconfig:rconfig:3.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8B3D83-9360-4BEB-A062-C426CF3D73FC"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/171613/rconfig-3.9.7-SQL-Injection.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.rconfig.com/downloads/rconfig-3.9.7.zip",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

55
CVE-2022/CVE-2022-450xx/CVE-2022-45084.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45084",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-04-24T15:15:07.627",
"lastModified": "2023-04-24T15:35:56.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softaculous Loginizer plugin <=\u00a01.7.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/loginizer/wordpress-loginizer-plugin-1-7-5-unauth-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

333
CVE-2022/CVE-2022-468xx/CVE-2022-46886.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46886",
"sourceIdentifier": "psirt@servicenow.com",
"published": "2023-04-14T20:15:09.413",
"lastModified": "2023-04-17T22:15:07.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T17:39:45.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "psirt@servicenow.com",
"type": "Secondary",
@ -34,10 +54,317 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:quebec:-:*:*:*:*:*:*",
"matchCriteriaId": "C5A68765-7406-48CB-965E-6C09A7465CF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:quebec:patch_10:*:*:*:*:*:*",
"matchCriteriaId": "8816E561-8E81-4C30-9C48-7836069202D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*",
"matchCriteriaId": "52C8A7D2-F930-4078-9E9D-E48782E46CBD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "512C81E4-0C27-42EC-AD05-7563B50EF1DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:*",
"matchCriteriaId": "A5BBA03C-2A2E-4259-9F8E-99622F6758B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_2:*:*:*:*:*:*",
"matchCriteriaId": "D609B90C-E67E-461A-8756-36E06E265FF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_3:*:*:*:*:*:*",
"matchCriteriaId": "2A05F1AF-0E08-4280-A006-A27C917C9E82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:*",
"matchCriteriaId": "5E3198D2-CC9C-46F7-A366-6C16F3F35439"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "DD0D5C00-C5D2-4E30-BEB7-AA2ACBE68CF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2:*:*:*:*:*:*",
"matchCriteriaId": "F5B1C958-54DF-45BE-BD2B-60A44B846971"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2a:*:*:*:*:*:*",
"matchCriteriaId": "6BE785D2-A5C9-4ED7-968A-C01F257E8514"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*",
"matchCriteriaId": "EAA82A56-93C2-47DC-92BA-D2EBF0C19EEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "B4FEEDD5-F852-49AA-BDF9-869040C7F3C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_2:*:*:*:*:*:*",
"matchCriteriaId": "763B0915-14EF-4405-AAB6-78B185D5744B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*",
"matchCriteriaId": "B053530E-1CB3-4A86-BD4B-569750776A53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_3_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "4CF1B2AB-D561-4396-AA99-71FCD55B5D3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*",
"matchCriteriaId": "00EE16EE-B759-4BD8-A30B-C952142C860E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "1F157018-E6F2-45D1-8B54-68C051247798"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:*",
"matchCriteriaId": "88603AEF-0EC2-4006-B7F2-E5FFAC8F354C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:*",
"matchCriteriaId": "FB5BC2C0-A5CF-455F-A732-E49672B5682E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:*",
"matchCriteriaId": "66E9CCC4-7BC4-4FC2-8B54-B8746A83256C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "56E7DB16-6ABC-4ED3-99C1-A33914242405"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_2:*:*:*:*:*:*",
"matchCriteriaId": "55AC0E29-0F51-4D1D-A5EF-AECD29FAE417"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:*",
"matchCriteriaId": "5DCC0D37-6840-4882-84E1-AE1E83ABF31B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "CF53F785-2D19-48FB-9D88-9817785E5082"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_2:*:*:*:*:*:*",
"matchCriteriaId": "9EAAADE1-5804-44FB-BD9A-881BDA4FE1F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7:*:*:*:*:*:*",
"matchCriteriaId": "DC20DB81-AA27-4BE5-9296-2E4E6000F56B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "DECC9979-3A0B-4F36-85D1-DD539A7D18C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:*",
"matchCriteriaId": "563F3D85-A23A-453F-9932-3044F8B5566C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:*",
"matchCriteriaId": "3C770579-EDDC-4F46-8288-33A13289A8A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:*",
"matchCriteriaId": "78447698-90FF-4010-BF0B-3294E2EBB69B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "A32EF135-C229-49B1-8766-1ED6066C7CC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_2:*:*:*:*:*:*",
"matchCriteriaId": "22E5BA6F-6C66-4589-8AA9-C76776DCFCCB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:*",
"matchCriteriaId": "AE93BECE-CC4A-400A-9322-5E61DA5E6A75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "38D3CF30-CAC5-49B1-B527-9C9D24C28A54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:*",
"matchCriteriaId": "8C48A10D-0295-4023-AB20-0BE4D8AA582A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9b:*:*:*:*:*:*",
"matchCriteriaId": "0F42AF52-C388-44BB-B328-5E77CF9E4622"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*",
"matchCriteriaId": "71A44062-D94F-4246-A218-33AD4C43C7FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "6A4ABAF4-C84B-4E7B-A156-24640B7D56EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*",
"matchCriteriaId": "2855AE65-1B96-4537-BB6E-7659114955EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*",
"matchCriteriaId": "63725CBE-34A5-4B9E-BA8E-32E66B89C646"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*",
"matchCriteriaId": "8B2DC45C-17A0-4D92-AB29-3497DA43707E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "F2822278-2089-4F78-86EE-D63A9516B5A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*",
"matchCriteriaId": "49444E5E-0AB7-4083-8663-089955134AA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:*",
"matchCriteriaId": "8B5E2C3D-F838-48E0-8135-455AF964221D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:*",
"matchCriteriaId": "2494C288-83E1-48DF-9661-540B26C9137E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:*",
"matchCriteriaId": "815997A7-39CB-4C78-B776-54DECE294AA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:*",
"matchCriteriaId": "DE7FDD4B-163B-462A-A80C-454F5040FF90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*",
"matchCriteriaId": "FB55D9E6-FD9C-48A8-800D-10C665120792"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*",
"matchCriteriaId": "D481F300-EDF4-4E22-B865-F3AAFCE27692"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:*",
"matchCriteriaId": "311B0413-3771-4CAF-9A14-0726B2923A76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*",
"matchCriteriaId": "5C99222F-B676-471F-8E44-707024B2B097"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7:*:*:*:*:*:*",
"matchCriteriaId": "276A7ABE-2437-455C-9C5B-C05CAAC183A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8:*:*:*:*:*:*",
"matchCriteriaId": "BB9E765B-C094-4FC4-B9E3-0732F24C10D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:*",
"matchCriteriaId": "4332BE18-DA60-4921-A9DF-C434AB32839B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch1:*:*:*:*:*:*",
"matchCriteriaId": "9B73C50B-B52A-41E0-9B5B-E84CEA5503B4"
}
]
}
]
}
],
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1219857",
"source": "psirt@servicenow.com"
"source": "psirt@servicenow.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2022/CVE-2022-471xx/CVE-2022-47158.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47158",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-04-24T15:15:07.700",
"lastModified": "2023-04-24T15:35:56.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakpobox alfred24 Click & Collect plugin <=\u00a01.1.7 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/alfred-click-collect/wordpress-alfred24-click-collect-plugin-1-1-7-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-475xx/CVE-2022-47598.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47598",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-04-24T15:15:07.773",
"lastModified": "2023-04-24T15:35:56.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Plugins Pro WP Super Popup plugin\u00a0<= 1.1.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-super-popup/wordpress-wp-super-popup-plugin-1-1-2-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2022/CVE-2022-484xx/CVE-2022-48476.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48476",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-04-24T13:15:07.100",
"lastModified": "2023-04-24T13:15:07.100",
"vulnStatus": "Received",
"lastModified": "2023-04-24T15:35:56.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48477.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48477",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-04-24T13:15:07.173",
"lastModified": "2023-04-24T13:15:07.173",
"vulnStatus": "Received",
"lastModified": "2023-04-24T15:35:56.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

32
CVE-2023/CVE-2023-02xx/CVE-2023-0276.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0276",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.653",
"lastModified": "2023-04-24T19:15:08.653",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d00824a3-7df5-4b52-a31b-5fdfb19c970f",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-03xx/CVE-2023-0388.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0388",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.723",
"lastModified": "2023-04-24T19:15:08.723",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/77861a2e-879a-4bd0-b4c0-cd19481ace5d",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-04xx/CVE-2023-0418.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0418",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.803",
"lastModified": "2023-04-24T19:15:08.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/821751bb-feaf-45b8-91a9-e173cb0c05fc",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-04xx/CVE-2023-0420.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-0420",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.870",
"lastModified": "2023-04-24T19:15:08.870",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/266e417f-ece7-4ff5-a724-4d9c8e2f3faa",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-04xx/CVE-2023-0424.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0424",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.953",
"lastModified": "2023-04-24T19:15:08.953",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/b0f8713f-54b2-4ab2-a475-60a1692a50e9",
"source": "contact@wpscan.com"
}
]
}

10
CVE-2023/CVE-2023-08xx/CVE-2023-0890.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0890",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-03-20T16:15:12.727",
"lastModified": "2023-03-28T08:15:07.873",
"vulnStatus": "Modified",
"lastModified": "2023-04-24T18:32:49.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -36,7 +36,7 @@
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -46,12 +46,12 @@
]
},
{
"source": "nvd@nist.gov",
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-311"
"value": "CWE-862"
}
]
}

32
CVE-2023/CVE-2023-08xx/CVE-2023-0899.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0899",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.033",
"lastModified": "2023-04-24T19:15:09.033",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/e95f925f-118e-4fa1-8e8f-9dc1bc698f12",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-10xx/CVE-2023-1020.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1020",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.103",
"lastModified": "2023-04-24T19:15:09.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/4e5aa9a3-65a0-47d6-bc26-a2fb6cb073ff",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-11xx/CVE-2023-1126.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1126",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.180",
"lastModified": "2023-04-24T19:15:09.180",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/87ce3c59-b234-47bf-abca-e690b53bbe82",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-11xx/CVE-2023-1129.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1129",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.267",
"lastModified": "2023-04-24T19:15:09.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d40479de-fb04-41b8-9fb0-41b9eefbd8af",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-13xx/CVE-2023-1324.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1324",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.343",
"lastModified": "2023-04-24T19:15:09.343",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8f510b8c-b97a-44c9-a36d-2d775a4f7b81",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-14xx/CVE-2023-1414.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-1414",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.410",
"lastModified": "2023-04-24T19:15:09.410",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d61d4be7-9251-4c62-8fb7-8a456aa6969e",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-14xx/CVE-2023-1420.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1420",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.487",
"lastModified": "2023-04-24T19:15:09.487",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/a9a54ee5-2b80-4f55-894c-1047030eea7f",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-14xx/CVE-2023-1435.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1435",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.560",
"lastModified": "2023-04-24T19:15:09.560",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0ca62908-4ef5-41e0-9223-f77ad2c333d7",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-16xx/CVE-2023-1623.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1623",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.627",
"lastModified": "2023-04-24T19:15:09.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/a04d3808-f4fc-4d77-a1bd-be623cd7053e",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-16xx/CVE-2023-1624.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1624",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.693",
"lastModified": "2023-04-24T19:15:09.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/132b70e5-4368-43b4-81f6-2d01bc09dc8f",
"source": "contact@wpscan.com"
}
]
}

4
CVE-2023/CVE-2023-17xx/CVE-2023-1731.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1731",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-04-24T14:15:07.640",
"lastModified": "2023-04-24T14:15:07.640",
"vulnStatus": "Received",
"lastModified": "2023-04-24T15:35:56.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

166
CVE-2023/CVE-2023-20xx/CVE-2023-2004.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-2004",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-14T21:15:08.547",
"lastModified": "2023-04-22T03:15:11.110",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-04-24T17:50:08.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -23,50 +56,155 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.13.0",
"matchCriteriaId": "1B585B81-9074-40B9-A6F0-8BADE59E9022"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-2004",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186428",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Release Notes"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Release Notes"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDNGTGQAUZJ6YQDI2AVGYIFFPUMMZLKS/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Release Notes"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Release Notes"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFZWDF43D73C5KWFF26GIIVZJKEFPS3K/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRSEIYMPWLVPGTC34N2Q3WAUHGGOWSWP/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

40
CVE-2023/CVE-2023-20xx/CVE-2023-2006.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-2006",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T21:15:09.283",
"lastModified": "2023-04-24T21:15:09.283",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189112",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/torvalds/linux/commit/3bcd6c7eaa53",
"source": "secalert@redhat.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-439/",
"source": "secalert@redhat.com"
}
]
}

32
CVE-2023/CVE-2023-20xx/CVE-2023-2007.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2007",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T23:15:18.877",
"lastModified": "2023-04-24T23:15:18.877",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"references": [
{
"url": "https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0",
"source": "secalert@redhat.com"
}
]
}

95
CVE-2023/CVE-2023-20xx/CVE-2023-2008.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-2008",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-14T21:15:08.597",
"lastModified": "2023-04-17T22:15:10.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T17:52:46.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -23,18 +56,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"matchCriteriaId": "E74E9AF8-BDF5-4917-A9CA-0AAD8E13149B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:-:*:*:*:*:*:*",
"matchCriteriaId": "9D759CCF-9E1B-41B2-81AA-CB580C5F3EEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C30C2D-F82D-4D37-AB48-D76ABFBD5377"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BF8547FC-C849-4F1B-804B-A93AE2F04A92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F3068028-F453-4A1C-B80F-3F5609ACEF60"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186862",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/05b252cccb2e5c3f56119d25de684b4f810ba4",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-441/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

40
CVE-2023/CVE-2023-20xx/CVE-2023-2019.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-2019",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T21:15:09.347",
"lastModified": "2023-04-24T21:15:09.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-911"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189137",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/torvalds/linux/commit/180a6a3ee60a",
"source": "secalert@redhat.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17811/",
"source": "secalert@redhat.com"
}
]
}

64
CVE-2023/CVE-2023-20xx/CVE-2023-2027.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2027",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-04-15T08:15:07.397",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T17:57:57.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zm_ajax_login_\\&_register_project:zm_ajax_login_\\&_register:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.2",
"matchCriteriaId": "4444117E-3CB8-4E93-991F-D2786B4B2A19"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/zm-ajax-login-register/trunk/src/ALRSocial/ALRSocialFacebook.php#L58",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b10d01ec-54ef-456b-9410-ed013343a962?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-20xx/CVE-2023-2073.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2073",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-14T19:15:09.500",
"lastModified": "2023-04-14T22:45:15.923",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-04-24T17:32:28.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:campcodes_online_traffic_offense_management_system_project:campcodes_online_traffic_offense_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4F2F52-780F-4984-807F-EC960E1972EE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Traffic%20Offense%20Management%20System/Online%20Traffic%20Offense%20Management%20System%20-%20vuln%201.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.226051",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226051",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-20xx/CVE-2023-2089.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2089",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T08:15:07.603",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T17:28:48.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +83,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +91,58 @@
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:complaint_management_system_project:complaint_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37FB2709-4441-4348-A5AB-C7257108803E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/winkle175/bug_report/blob/main/SQLi-1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.226097",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226097",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-20xx/CVE-2023-2090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2090",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T09:15:07.143",
"lastModified": "2023-04-18T08:15:42.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T17:26:38.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:employee_and_visitor_gate_pass_logging_system_project:employee_and_visitor_gate_pass_logging_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46FE63C8-C11F-4BEC-9F47-C72F45061A20"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/4O4NtFd/bug_report/blob/main/SQLI1/SQLi-1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.226098",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226098",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-20xx/CVE-2023-2091.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2091",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T09:15:07.683",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T17:25:24.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kylinos:youker-assistant:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.4.13",
"matchCriteriaId": "29073978-F5AD-4818-9773-1C4D6E56461D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/i900008/vulndb/blob/main/youker-assistant_vuln.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.226099",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226099",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-20xx/CVE-2023-2092.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2092",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T10:15:07.023",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T18:12:49.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71872FF-70AC-422D-9FA4-3EB30246660F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%201.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.226100",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226100",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-20xx/CVE-2023-2093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2093",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T10:15:07.087",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T17:57:51.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71872FF-70AC-422D-9FA4-3EB30246660F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%202.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.226101",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226101",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-20xx/CVE-2023-2094.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2094",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T11:15:06.843",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T17:49:43.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71872FF-70AC-422D-9FA4-3EB30246660F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%203.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.226102",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226102",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-20xx/CVE-2023-2095.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2095",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T11:15:06.910",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T17:48:56.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71872FF-70AC-422D-9FA4-3EB30246660F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%204.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.226103",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226103",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-20xx/CVE-2023-2096.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2096",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T11:15:06.967",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T18:20:31.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71872FF-70AC-422D-9FA4-3EB30246660F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%205.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.226104",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226104",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-20xx/CVE-2023-2097.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2097",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T12:15:07.277",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T18:20:03.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71872FF-70AC-422D-9FA4-3EB30246660F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%206.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.226105",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226105",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-20xx/CVE-2023-2098.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2098",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T12:15:07.337",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T18:19:32.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71872FF-70AC-422D-9FA4-3EB30246660F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%207.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.226106",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226106",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-20xx/CVE-2023-2099.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2099",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T12:15:07.400",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T18:19:18.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +83,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +91,58 @@
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71872FF-70AC-422D-9FA4-3EB30246660F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%208.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.226107",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226107",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

1178
CVE-2023/CVE-2023-216xx/CVE-2023-21630.json
View File

File diff suppressed because it is too large Load Diff

59
CVE-2023/CVE-2023-21xx/CVE-2023-2100.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2100",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T13:15:45.033",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T18:19:04.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71872FF-70AC-422D-9FA4-3EB30246660F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%209.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.226108",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226108",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-21xx/CVE-2023-2101.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2101",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T13:15:45.083",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T18:56:05.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,22 +93,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mogublog_project:mogublog:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.2",
"matchCriteriaId": "A6BBC198-704E-4815-A027-17BDF2902A11"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/c3p0ooo-Yiqiyin/mogu_blog_v2/blob/main/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/moxi624/mogu_blog_v2/issues/97",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.226109",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226109",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-21xx/CVE-2023-2102.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2102",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-15T13:15:45.140",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T18:59:54.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.0",
"matchCriteriaId": "063BC3E9-AA71-49D6-9CEE-F2E7E7B9D687"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/alextselegidis/easyappointments/commit/bddc5cbeb7ff237a72943b304dcb01c653781767",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/dd7c04a7-a984-4387-9ac4-24596e7ece44",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-21xx/CVE-2023-2104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2104",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-15T14:15:07.650",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T19:05:28.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.0",
"matchCriteriaId": "063BC3E9-AA71-49D6-9CEE-F2E7E7B9D687"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/alextselegidis/easyappointments/commit/75b24735767868344193fb2cc56e17ee4b9ac4be",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/3099b8d1-c49c-41b8-a929-73ccded6fc7c",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-21xx/CVE-2023-2105.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2105",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-15T14:15:07.703",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T19:16:05.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.0",
"matchCriteriaId": "063BC3E9-AA71-49D6-9CEE-F2E7E7B9D687"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/alextselegidis/easyappointments/commit/7f37350fab9d729a9350d96369ff0f453cf7b840",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/de213e0b-a227-4fc3-bbe7-0b33fbf308e1",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-21xx/CVE-2023-2107.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2107",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T14:15:07.833",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T20:04:24.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +83,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +91,58 @@
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibos:ibos:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F678D76-48AA-4940-833F-5567D196DB7D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MuRKuo/cve/blob/main/ibos%20oa%20sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.226110",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.226110",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-226xx/CVE-2023-22665.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-22665",
"sourceIdentifier": "security@apache.org",
"published": "2023-04-25T07:15:08.137",
"lastModified": "2023-04-25T07:15:08.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-917"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s",
"source": "security@apache.org"
}
]
}

64
CVE-2023/CVE-2023-226xx/CVE-2023-22670.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-22670",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-15T01:15:07.007",
"lastModified": "2023-04-15T02:25:57.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T20:13:39.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.6",
"matchCriteriaId": "178B0588-1D9B-408B-9612-BD50CA51E7CC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.opendesign.com/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-229xx/CVE-2023-22913.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22913",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T17:15:09.550",
"lastModified": "2023-04-24T17:43:16.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the \u201caccount_operator.cgi\u201d CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps",
"source": "security@zyxel.com.tw"
}
]
}

55
CVE-2023/CVE-2023-229xx/CVE-2023-22914.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22914",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T17:15:09.627",
"lastModified": "2023-04-24T17:43:16.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in the \u201caccount_print.cgi\u201d CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the \u201ctmp\u201d directory by uploading a crafted file if the hotspot function were enabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps",
"source": "security@zyxel.com.tw"
}
]
}

55
CVE-2023/CVE-2023-229xx/CVE-2023-22915.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22915",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T17:15:09.690",
"lastModified": "2023-04-24T17:43:16.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the \u201cfbwifi_forward.cgi\u201d CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps",
"source": "security@zyxel.com.tw"
}
]
}

55
CVE-2023/CVE-2023-229xx/CVE-2023-22916.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22916",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T17:15:09.767",
"lastModified": "2023-04-24T17:43:16.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps",
"source": "security@zyxel.com.tw"
}
]
}

55
CVE-2023/CVE-2023-229xx/CVE-2023-22917.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22917",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T17:15:09.833",
"lastModified": "2023-04-24T17:43:16.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the \u201csdwan_iface_ipc\u201d binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps",
"source": "security@zyxel.com.tw"
}
]
}

55
CVE-2023/CVE-2023-229xx/CVE-2023-22918.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22918",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T18:15:09.027",
"lastModified": "2023-04-24T18:15:09.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-359"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps",
"source": "security@zyxel.com.tw"
}
]
}

79
CVE-2023/CVE-2023-229xx/CVE-2023-22949.json
View File

@ -2,23 +2,92 @@
"id": "CVE-2023-22949",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-14T14:15:10.723",
"lastModified": "2023-04-14T22:45:15.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T19:32:02.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigergraph:cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51757E82-0551-48EB-9F73-7141B03D6D87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigergraph:tigergraph_enterprise:3.7.0:*:*:*:free:-:*:*",
"matchCriteriaId": "E4FF3A96-AA5F-4DA6-BBE9-37C5A1C11279"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigergraph:tigergraph_enterprise:3.7.0:*:*:*:free:docker:*:*",
"matchCriteriaId": "35459185-6569-4F54-B338-0355DF5ECC50"
}
]
}
]
}
],
"references": [
{
"url": "https://dev.tigergraph.com/forum/c/tg-community/announcements/35",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://neo4j.com/security/cve-2023-22949/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-22xx/CVE-2023-2250.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-2250",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T21:15:09.410",
"lastModified": "2023-04-24T21:15:09.410",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-268"
},
{
"lang": "en",
"value": "CWE-501"
}
]
}
],
"references": [
{
"url": "https://github.com/open-cluster-management-io/registration-operator/pull/344",
"source": "secalert@redhat.com"
}
]
}

59
CVE-2023/CVE-2023-22xx/CVE-2023-2251.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2251",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-24T15:15:08.897",
"lastModified": "2023-04-24T15:35:56.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncaught Exception in GitHub repository eemeli/yaml prior to 2.2.2."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-248"
}
]
}
],
"references": [
{
"url": "https://github.com/eemeli/yaml/commit/984f5781ffd807e58cad3b5c8da1f940dab75fba",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/4b494e99-5a3e-40d9-8678-277f3060e96c",
"source": "security@huntr.dev"
}
]
}

20
CVE-2023/CVE-2023-22xx/CVE-2023-2257.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-2257",
"sourceIdentifier": "security@devolutions.net",
"published": "2023-04-24T19:15:09.820",
"lastModified": "2023-04-24T19:15:09.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub \nBusiness space without being prompted to enter the password via an \nunimplemented \"Force Login\" security feature.\n\nThis vulnerability occurs only if \"Force Login\" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.\n"
}
],
"metrics": {},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0011",
"source": "security@devolutions.net"
}
]
}

59
CVE-2023/CVE-2023-22xx/CVE-2023-2258.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2258",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-24T21:15:09.477",
"lastModified": "2023-04-24T21:15:09.477",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"references": [
{
"url": "https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/31eaf0fe-4d91-4022-aa9b-802bc6eafb8f",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-22xx/CVE-2023-2259.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2259",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-24T21:15:09.547",
"lastModified": "2023-04-24T21:15:09.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1336"
}
]
}
],
"references": [
{
"url": "https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/e753bce0-ce82-463b-b344-2f67b39b60ff",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-22xx/CVE-2023-2260.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2260",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-24T21:15:09.613",
"lastModified": "2023-04-24T21:15:09.613",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-612"
}
]
}
],
"references": [
{
"url": "https://github.com/alfio-event/alf.io/commit/c9a16ab93d42b2beb06d529b57890121f85be6ef",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/649badc8-c935-4a84-8aa8-d3269ac54377",
"source": "security@huntr.dev"
}
]
}

4
CVE-2023/CVE-2023-238xx/CVE-2023-23892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23892",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-04-24T14:15:07.723",
"lastModified": "2023-04-24T14:15:07.723",
"vulnStatus": "Received",
"lastModified": "2023-04-24T15:35:56.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

113
CVE-2023/CVE-2023-245xx/CVE-2023-24513.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24513",
"sourceIdentifier": "psirt@arista.com",
"published": "2023-04-12T20:15:07.963",
"lastModified": "2023-04-13T02:51:06.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T16:00:57.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@arista.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "psirt@arista.com",
"type": "Secondary",
@ -46,10 +76,87 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.26.0",
"versionEndExcluding": "4.26.9m",
"matchCriteriaId": "47DC93B2-147D-427E-89E5-0F8EC3D884B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.27.0",
"versionEndExcluding": "4.27.8m",
"matchCriteriaId": "6BA01B5E-EDAB-4C30-9F2C-57C0ACB6EF02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.28.0",
"versionEndExcluding": "4.28.5m",
"matchCriteriaId": "60CFAB31-7E8C-49E0-BDB2-ED1EF62D9303"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.29.0",
"versionEndExcluding": "4.29.2f",
"matchCriteriaId": "5E98581C-4312-4EC2-A253-73D5179DDA6A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:amazon:aws_marketplace:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38DF4A9E-F836-4389-BCE4-10E5121332E8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:equinix:network_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE13E07-E588-498B-892A-48AE52E222CD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:google:google_cloud_platform_marketplace:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8139E4B-24C7-4C77-A375-088C6817256D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:microsoft:azure_marketplace:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B18F83F7-96C2-4B36-A68F-5B8C4E41D066"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:dca-200-veos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9985E3-D496-473F-A806-022EC164EF96"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085",
"source": "psirt@arista.com"
"source": "psirt@arista.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}
]
}

110
CVE-2023/CVE-2023-246xx/CVE-2023-24607.json
View File

@ -2,43 +2,133 @@
"id": "CVE-2023-24607",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-15T01:15:07.043",
"lastModified": "2023-04-15T02:25:57.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-24T20:10:01.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.15.13",
"matchCriteriaId": "82BC32FC-2B1F-4FD4-A368-DD37D7FCBA7E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.2.8",
"matchCriteriaId": "4911A94E-AA2F-4017-8702-0AF092FF809F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.0",
"versionEndExcluding": "6.4.3",
"matchCriteriaId": "9DC66FEF-0D94-4464-B9F8-800A1F9424C0"
}
]
}
]
}
],
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.qt.io/blog/tag/security",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

79
CVE-2023/CVE-2023-248xx/CVE-2023-24818.json Normal file
View File

@ -0,0 +1,79 @@
{
"id": "CVE-2023-24818",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T15:15:07.840",
"lastModified": "2023-04-24T15:35:56.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/0bec3e245ed3815ad6c8cae54673f0021777768b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/17c70f7ee0b1445f2941f516f264ed4a096e82b7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/aa27ed71fa3e5d48dee1748dcf27b6323ec98a33",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/4b23d93868a28edd8ebf2ff4ebe94540f2475008",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4df5b4c4f841ccb460930894cf68ab10b55b971",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/f4fb746d1acaacc962daeed3aa71aadfe307d20e",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-69h9-vj5r-xcg6",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-248xx/CVE-2023-24819.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-24819",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T15:15:07.907",
"lastModified": "2023-04-24T15:35:56.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-131"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/73615161c01fcfbbc7216cf502cabb12c1598ee4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/da63e45ee94c03a2e08625b04ea618653eab4a9f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-fv97-2448-gcf6",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-248xx/CVE-2023-24820.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-24820",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T15:15:07.987",
"lastModified": "2023-04-24T15:35:56.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-191"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/2709fbd827b688fe62df2c77c316914f4a3a6d4a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/d052e2ee166e55bbdfe4c455e65dbd7e3479ebe3",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-vpx8-h94p-9vrj",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-248xx/CVE-2023-24821.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-24821",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T16:15:07.623",
"lastModified": "2023-04-24T16:52:40.890",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset, thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-191"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/9728f727e75d7d78dbfb5918e0de1b938b7b6d2c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/bd31010231f5340e21410595dd95afc86bbfd341",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-2fpr-82xr-p887",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-248xx/CVE-2023-24822.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-24822",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T16:15:07.690",
"lastModified": "2023-04-24T16:52:40.890",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/639c04325de4ceb9d444955f4927bfae95843a39",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/7253e261556f252816f4a3b7c4f96fc10d642485",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-8x69-5fhj-72wh",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-248xx/CVE-2023-24823.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-24823",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T16:15:07.767",
"lastModified": "2023-04-24T16:52:40.890",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. This occurs while encoding a 6LoWPAN IPHC header. The type confusion manifests in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, apply the patches manually."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
},
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18817/commits/4a081f86616cb5c9dd0b5d7b286da03285d1652a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/18820/commits/dafc397fdc3655aeb5c7b9963a43f1604c6a2062",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-jwmv-47p2-hgq2",
"source": "security-advisories@github.com"
}
]
}

76
CVE-2023/CVE-2023-254xx/CVE-2023-25409.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-25409",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-11T21:15:20.743",
"lastModified": "2023-04-12T12:44:03.063",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-04-24T17:14:59.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aten:pe8108_firmware:2.4.232:*:*:*:*:*:*:*",
"matchCriteriaId": "1C393B3F-BAEC-4F0A-8B42-CC5050F1D2A1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:aten:pe8108:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1829D7C6-F46E-44B5-AACF-32707ABF5CCE"
}
]
}
]
}
],
"references": [
{
"url": "https://www.pentagrid.ch/en/blog/multiple-vulnerabilities-in-aten-PE8108-power-distribution-unit",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More