admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-01T22:00:24.820627+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-01 22:00:28 +00:00
parent 9f106578ec
commit cc8c25ed89
65 changed files with 2393 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2020/CVE-2020-226xx/CVE-2020-22612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-22612",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:07.533",
"lastModified": "2023-09-01T16:15:07.533",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-34xx/CVE-2022-3407.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3407",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-09-01T17:15:07.463",
"lastModified": "2023-09-01T17:15:07.463",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2022/CVE-2022-432xx/CVE-2022-43293.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-43293",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-11T01:15:06.987",
"lastModified": "2023-04-14T17:58:45.077",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-01T21:15:07.460",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -69,6 +69,10 @@
}
],
"references": [
{
"url": "https://cdn.wacom.com/u/productsupport/drivers/win/professional/releasenotes/Windows_6.4.2-1.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/LucaBarile/CVE-2022-43293",
"source": "cve@mitre.org",

4
CVE-2023/CVE-2023-15xx/CVE-2023-1523.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1523",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-09-01T19:15:42.707",
"lastModified": "2023-09-01T19:15:42.707",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-237xx/CVE-2023-23763.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23763",
"sourceIdentifier": "product-cna@github.com",
"published": "2023-09-01T15:15:07.620",
"lastModified": "2023-09-01T15:15:07.620",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

42
CVE-2023/CVE-2023-23xx/CVE-2023-2352.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2352",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-31T06:15:09.313",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T21:10:59.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,22 +46,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sureshchand:chp_ads_block_detector:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.9.4",
"matchCriteriaId": "823E8242-2D7D-4C3F-91B9-B37E819CE227"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2920522/chp-ads-block-detector",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2922313/chp-ads-block-detector",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2926660/chp-ads-block-detector",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5a9cced-0e5e-4b6e-8291-0a862c9f9523?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-23xx/CVE-2023-2353.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2353",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-31T06:15:09.503",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T21:10:49.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,7 +13,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -31,6 +31,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -46,22 +66,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sureshchand:chp_ads_block_detector:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.9.4",
"matchCriteriaId": "823E8242-2D7D-4C3F-91B9-B37E819CE227"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2920522/chp-ads-block-detector",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2922313/chp-ads-block-detector",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2926660/chp-ads-block-detector",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4eca64d7-6e33-4b8e-af37-a3e8bbf2b76f?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-23xx/CVE-2023-2354.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2354",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-31T06:15:09.617",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T21:10:29.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -46,22 +66,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sureshchand:chp_ads_block_detector:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.9.4",
"matchCriteriaId": "823E8242-2D7D-4C3F-91B9-B37E819CE227"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2920522/chp-ads-block-detector",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2922313/chp-ads-block-detector",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2926660/chp-ads-block-detector",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f8514c9-0e11-4e26-ba0b-1d08a990b56c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-244xx/CVE-2023-24412.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24412",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-01T11:15:40.863",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T20:28:44.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:web-settler:image_social_feed:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.6",
"matchCriteriaId": "ED583508-9A16-4BAF-A846-BE5E07A9194F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/add-instagram/wordpress-image-social-feed-plugin-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-246xx/CVE-2023-24675.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-24675",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T10:15:08.080",
"lastModified": "2023-09-01T11:47:50.290",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T20:28:00.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bludit:bludit:3.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1884F54-CD39-43CC-B52B-8B2335A09CDB"
}
]
}
]
}
],
"references": [
{
"url": "https://cupc4k3.medium.com/cve-2023-24674-uncovering-a-privilege-escalation-vulnerability-in-bludit-cms-dcf86c41107",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://medium.com/@cupc4k3/xss-stored-in-friendly-url-field-on-bludit-cms-641a9dd653f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-250xx/CVE-2023-25042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25042",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-01T11:15:41.097",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T20:47:28.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stormconsultancy:oauth_twitter_feed_for_developers:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.0",
"matchCriteriaId": "7D58AA74-1308-4C21-8673-74981AB141AE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/oauth-twitter-feed-for-developers/wordpress-oauth-twitter-feed-for-developers-plugin-2-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-250xx/CVE-2023-25044.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25044",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-01T11:15:41.313",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T20:47:45.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +64,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sumo:social_share_boost:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.5",
"matchCriteriaId": "AB1892B9-68AC-4F6E-91F2-24CEAE155F04"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/social-share-boost/wordpress-social-share-boost-plugin-4-4-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-283xx/CVE-2023-28366.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28366",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:07.790",
"lastModified": "2023-09-01T16:15:07.790",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

37
CVE-2023/CVE-2023-31xx/CVE-2023-3162.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3162",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-31T06:15:09.737",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T20:52:57.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,18 +46,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webtoffee:stripe_payment_plugin_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.7.7",
"matchCriteriaId": "D869C0F7-157C-4275-9389-713838B658A1"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/payment-gateway-stripe-and-woocommerce-integration/tags/3.7.7/includes/class-stripe-checkout.php#L640",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2925361/payment-gateway-stripe-and-woocommerce-integration",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d052f3e-8554-43f0-a5ae-1de09c198d7b?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

94
CVE-2023/CVE-2023-32xx/CVE-2023-3205.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3205",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:41.850",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T21:13:41.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +76,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.11",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "190E843E-6F15-4DD2-A5C4-C797BE750DA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.11",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "1933945E-1CCB-4611-ABA6-9CD834CA6E62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.5",
"matchCriteriaId": "18116007-7452-495F-80A1-39499882656E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.5",
"matchCriteriaId": "4E03E8BA-63C8-47D5-B5A1-26DF199E1F65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*",
"matchCriteriaId": "EE9B8DE8-9990-494B-BDBE-F867DDBB9D57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "08D6B555-39B6-493D-8460-3DC998BAF651"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415067",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2011464",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

94
CVE-2023/CVE-2023-32xx/CVE-2023-3210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3210",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:42.053",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T21:13:51.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +76,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.11",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "190E843E-6F15-4DD2-A5C4-C797BE750DA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.11",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "1933945E-1CCB-4611-ABA6-9CD834CA6E62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.5",
"matchCriteriaId": "18116007-7452-495F-80A1-39499882656E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.5",
"matchCriteriaId": "4E03E8BA-63C8-47D5-B5A1-26DF199E1F65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*",
"matchCriteriaId": "EE9B8DE8-9990-494B-BDBE-F867DDBB9D57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "08D6B555-39B6-493D-8460-3DC998BAF651"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415074",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2011474",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

67
CVE-2023/CVE-2023-32xx/CVE-2023-3297.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-3297",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-09-01T21:15:07.977",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182",
"source": "security@ubuntu.com"
},
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297",
"source": "security@ubuntu.com"
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/",
"source": "security@ubuntu.com"
},
{
"url": "https://ubuntu.com/security/notices/USN-6190-1",
"source": "security@ubuntu.com"
}
]
}

84
CVE-2023/CVE-2023-338xx/CVE-2023-33833.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-33833",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-31T13:15:42.310",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T20:49:16.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013."
},
{
"lang": "es",
"value": "IBM Security Verify Information Queue v10.0.4 y v10.0.5 almacena informaci\u00f3n confidencial en texto claro que puede ser le\u00edda por un usuario local. IBM X-Force ID: 256013."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,56 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:security_verify_information_queue:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A17418B-EB46-4D94-85DD-2BEB4AAB43E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:security_verify_information_queue:10.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "82484EB1-ED0C-4195-BC80-161B3032FBD7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/256013",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7029584",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-338xx/CVE-2023-33834.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-33834",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-31T14:15:08.563",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T20:48:26.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014."
},
{
"lang": "es",
"value": "IBM Security Verify Information Queue v10.0.4 y v10.0.5 podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n sensible que podr\u00eda ayudar en futuros ataques contra el sistema. IBM X-force ID: 256014."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,55 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:security_verify_information_queue:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A17418B-EB46-4D94-85DD-2BEB4AAB43E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:security_verify_information_queue:10.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "82484EB1-ED0C-4195-BC80-161B3032FBD7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/256014",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7029584",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-338xx/CVE-2023-33835.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-33835",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-31T14:15:08.657",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T20:48:06.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015."
},
{
"lang": "es",
"value": "IBM Security Verify Information Queue v10.0.4 y v10.0.5 podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n sensible que podr\u00eda ayudar en futuros ataques contra el sistema. IBM X-Force ID: 256015. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,55 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:security_verify_information_queue:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A17418B-EB46-4D94-85DD-2BEB4AAB43E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:security_verify_information_queue:10.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "82484EB1-ED0C-4195-BC80-161B3032FBD7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/256015",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7029584",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

37
CVE-2023/CVE-2023-34xx/CVE-2023-3404.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3404",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-31T06:15:09.860",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T20:52:48.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,18 +46,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.5.0",
"matchCriteriaId": "DE279283-024F-4B29-97FB-51BBE207C3B1"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.4.8/includes/class-profile-magic-request.php#L325",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2936383/profilegrid-user-profiles-groups-and-communities#file475",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d490bfb-6560-428e-ad91-0f8d8bc9b1f2?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-360xx/CVE-2023-36076.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36076",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:07.857",
"lastModified": "2023-09-01T16:15:07.857",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-360xx/CVE-2023-36088.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36088",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:07.910",
"lastModified": "2023-09-01T16:15:07.910",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-361xx/CVE-2023-36100.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36100",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:07.967",
"lastModified": "2023-09-01T16:15:07.967",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-361xx/CVE-2023-36187.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36187",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:08.020",
"lastModified": "2023-09-01T16:15:08.020",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-363xx/CVE-2023-36326.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36326",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:08.077",
"lastModified": "2023-09-01T16:15:08.077",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-363xx/CVE-2023-36327.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36327",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:08.127",
"lastModified": "2023-09-01T16:15:08.127",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-363xx/CVE-2023-36328.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36328",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:08.177",
"lastModified": "2023-09-01T16:15:08.177",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

62
CVE-2023/CVE-2023-367xx/CVE-2023-36741.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36741",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-26T01:15:08.460",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T20:25:16.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
@ -34,10 +54,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0.1938.62",
"matchCriteriaId": "7C0071E7-E3D9-4BDE-9BA7-5778B824D5ED"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36741",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-395xx/CVE-2023-39582.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39582",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:08.230",
"lastModified": "2023-09-01T16:15:08.230",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-396xx/CVE-2023-39631.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39631",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:08.370",
"lastModified": "2023-09-01T16:15:08.370",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-397xx/CVE-2023-39710.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39710",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T14:15:07.777",
"lastModified": "2023-09-01T14:15:07.777",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-397xx/CVE-2023-39714.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39714",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T18:15:07.710",
"lastModified": "2023-09-01T18:15:07.710",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

94
CVE-2023/CVE-2023-39xx/CVE-2023-3915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3915",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:42.267",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T21:14:01.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +76,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "9CE5E96F-15A1-43AB-ABF6-3B1490B5D12C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.5",
"matchCriteriaId": "D8DD59A9-B682-4B74-8E18-29210812CAFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.5",
"matchCriteriaId": "18116007-7452-495F-80A1-39499882656E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.5",
"matchCriteriaId": "4E03E8BA-63C8-47D5-B5A1-26DF199E1F65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*",
"matchCriteriaId": "EE9B8DE8-9990-494B-BDBE-F867DDBB9D57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "08D6B555-39B6-493D-8460-3DC998BAF651"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417664",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2040834",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

80
CVE-2023/CVE-2023-39xx/CVE-2023-3950.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3950",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:42.457",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T21:14:48.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +76,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.5",
"matchCriteriaId": "18116007-7452-495F-80A1-39499882656E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.5",
"matchCriteriaId": "4E03E8BA-63C8-47D5-B5A1-26DF199E1F65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*",
"matchCriteriaId": "EE9B8DE8-9990-494B-BDBE-F867DDBB9D57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "08D6B555-39B6-493D-8460-3DC998BAF651"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419675",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2079154",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

53
CVE-2023/CVE-2023-405xx/CVE-2023-40585.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40585",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T21:15:09.103",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T21:15:12.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metal3:ironic-image:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.3",
"matchCriteriaId": "27B0C984-15D2-41CB-AA20-456063F11DED"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/metal3-io/ironic-image/commit/f64bb6ce0945bbfb30d9965f98149ea183311de9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/metal3-io/ironic-image/security/advisories/GHSA-jwpr-9fwh-m4g7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-407xx/CVE-2023-40771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40771",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:08.423",
"lastModified": "2023-09-01T16:15:08.423",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

75
CVE-2023/CVE-2023-408xx/CVE-2023-40837.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-40837",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T17:15:10.337",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-01T20:23:05.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the \"formSetIptv\" function, obtaining the \"list\" and \"vlanId\" fields, unfiltered passing these two fields as parameters to the \"sub_ADD50\" function to execute commands."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/2/2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-408xx/CVE-2023-40838.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-40838",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T17:15:10.397",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-01T20:12:42.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/1/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-409xx/CVE-2023-40968.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40968",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:08.473",
"lastModified": "2023-09-01T16:15:08.473",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-409xx/CVE-2023-40980.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40980",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:08.523",
"lastModified": "2023-09-01T16:15:08.523",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

67
CVE-2023/CVE-2023-410xx/CVE-2023-41046.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-41046",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-01T20:15:07.540",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type \"TextArea\" and content type \"VelocityCode\" or \"VelocityWiki\". For the former, the syntax of the document needs to be set the `xwiki/1.0` (this syntax doesn't need to be installed). In both cases, when adding the property to an object, the Velocity code is executed regardless of the rights of the author of the property (edit right is still required, though). In both cases, the code is executed with the correct context author so no privileged APIs can be accessed. However, Velocity still grants access to otherwise inaccessible data and APIs that could allow further privilege escalation. At least for \"VelocityCode\", this behavior is most likely very old but only since XWiki 7.2, script right is a separate right, before that version all users were allowed to execute Velocity and thus this was expected and not a security issue. This has been patched in XWiki 14.10.10 and 15.4 RC1. Users are advised to upgrade. There are no known workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/edc52579eeaab1b4514785c134044671a1ecd839",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m5m2-h6h9-p2c8",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20847",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20848",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-410xx/CVE-2023-41049.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41049",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-01T20:15:07.873",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/decentraland/single-sign-on-client/commit/bd20ea9533d0cda30809d929db85b1b76cef855a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/decentraland/single-sign-on-client/security/advisories/GHSA-vp4f-wxgw-7x8x",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-410xx/CVE-2023-41051.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41051",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-01T19:15:42.883",
"lastModified": "2023-09-01T19:15:42.883",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

76
CVE-2023/CVE-2023-415xx/CVE-2023-41560.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-41560",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:14.390",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-01T20:11:06.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/formSetFirewallCfg/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

103
CVE-2023/CVE-2023-415xx/CVE-2023-41561.json
View File

@ -2,19 +2,114 @@
"id": "CVE-2023-41561",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:14.483",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-01T20:16:09.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/formSetPPTPServer/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

130
CVE-2023/CVE-2023-415xx/CVE-2023-41562.json
View File

@ -2,19 +2,141 @@
"id": "CVE-2023-41562",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:14.573",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-01T20:04:12.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94B37C-491D-4E7C-8273-F46FEDA62C9F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac7:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96503617-6B69-4862-ADFE-4EF379876F0F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/setSmartPowerManagement/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-416xx/CVE-2023-41627.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41627",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T17:15:07.633",
"lastModified": "2023-09-01T17:15:07.633",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-416xx/CVE-2023-41628.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41628",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T17:15:07.690",
"lastModified": "2023-09-01T17:15:07.690",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-416xx/CVE-2023-41633.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41633",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T19:15:43.003",
"lastModified": "2023-09-01T19:15:43.003",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

36
CVE-2023/CVE-2023-43xx/CVE-2023-4315.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4315",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-31T06:15:11.100",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T20:52:37.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-Site Scripting via the wcemails_edit parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "Woo Custom Emails para WordPress es vulnerable a Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro \"wcemails_edit\" en versiones hasta, e incluyendo, la 2.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas, que se ejecutan si consiguen enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace. "
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp3sixty:woo_custom_emails:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2",
"matchCriteriaId": "A31EB092-4D15-45E9-B61E-C538EBC7CB44"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woo-custom-emails/trunk/admin/class-wcemails-admin.php#L335",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6782d8b3-32f9-42e1-874c-35a1e93ffde0?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

37
CVE-2023/CVE-2023-44xx/CVE-2023-4471.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4471",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-31T06:15:11.207",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T20:52:28.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,18 +46,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:etoilewebdesign:order_tracking:*:*:*:*:pro:wordpress:*:*",
"versionEndIncluding": "3.3.6",
"matchCriteriaId": "9C6371DB-96BD-4538-98BD-138F65167F47"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/order-tracking/trunk/includes/Export.class.php#L158",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2959453%40order-tracking%2Ftrunk&old=2949611%40order-tracking%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed64d0ff-4f49-4c18-86ec-2c6fbd559d2e?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2023/CVE-2023-45xx/CVE-2023-4500.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4500",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-31T06:15:11.327",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T20:51:54.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:etoilewebdesign:order_tracking:*:*:*:*:pro:wordpress:*:*",
"versionEndIncluding": "3.3.6",
"matchCriteriaId": "9C6371DB-96BD-4538-98BD-138F65167F47"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2959453%40order-tracking%2Ftrunk&old=2949611%40order-tracking%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81f9a4c6-971f-4f6d-8bb1-e97bf75cf8d3?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-47xx/CVE-2023-4707.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4707",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-01T18:15:07.793",
"lastModified": "2023-09-01T18:15:07.793",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-47xx/CVE-2023-4708.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4708",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-01T18:15:07.893",
"lastModified": "2023-09-01T18:15:07.893",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-47xx/CVE-2023-4709.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4709",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-01T19:15:43.063",
"lastModified": "2023-09-01T19:15:43.063",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

84
CVE-2023/CVE-2023-47xx/CVE-2023-4710.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-4710",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-01T20:15:08.103",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in TOTVS RM 12.1. Affected by this vulnerability is an unknown functionality of the component Portal. The manipulation of the argument d leads to cross site scripting. The attack can be launched remotely. The identifier VDB-238573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.238573",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.238573",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-47xx/CVE-2023-4711.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-4711",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-01T20:15:08.310",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/TinkAnet/cve/blob/main/rce.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.238574",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.238574",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-47xx/CVE-2023-4712.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-4712",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-01T20:15:08.473",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. This affects an unknown part of the file /SysManage/AddUpdateRole.aspx. The manipulation of the argument txtRoleName leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/wpay65249519/cve/blob/main/SQL_injection.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.238575",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.238575",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-47xx/CVE-2023-4713.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-4713",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-01T20:15:08.680",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238576. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/13aiZe1/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.238576",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.238576",
"source": "cna@vuldb.com"
}
]
}

84
CVE-2023/CVE-2023-47xx/CVE-2023-4714.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-4714",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-01T20:15:08.890",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.238577",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.238577",
"source": "cna@vuldb.com"
}
]
}

4
CVE-2023/CVE-2023-47xx/CVE-2023-4720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4720",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-01T16:15:08.577",
"lastModified": "2023-09-01T16:15:08.577",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-47xx/CVE-2023-4721.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4721",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-01T16:15:08.660",
"lastModified": "2023-09-01T16:15:08.660",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-47xx/CVE-2023-4722.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4722",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-01T16:15:08.737",
"lastModified": "2023-09-01T16:15:08.737",
"vulnStatus": "Received",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

75
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-01T20:00:25.380934+00:00
2023-09-01T22:00:24.820627+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-01T19:59:22.693000+00:00
2023-09-01T21:15:30.513000+00:00
```
### Last Data Feed Release
@ -29,51 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223937
223945
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `8`
* [CVE-2023-39714](CVE-2023/CVE-2023-397xx/CVE-2023-39714.json) (`2023-09-01T18:15:07.710`)
* [CVE-2023-4707](CVE-2023/CVE-2023-47xx/CVE-2023-4707.json) (`2023-09-01T18:15:07.793`)
* [CVE-2023-4708](CVE-2023/CVE-2023-47xx/CVE-2023-4708.json) (`2023-09-01T18:15:07.893`)
* [CVE-2023-1523](CVE-2023/CVE-2023-15xx/CVE-2023-1523.json) (`2023-09-01T19:15:42.707`)
* [CVE-2023-41051](CVE-2023/CVE-2023-410xx/CVE-2023-41051.json) (`2023-09-01T19:15:42.883`)
* [CVE-2023-41633](CVE-2023/CVE-2023-416xx/CVE-2023-41633.json) (`2023-09-01T19:15:43.003`)
* [CVE-2023-4709](CVE-2023/CVE-2023-47xx/CVE-2023-4709.json) (`2023-09-01T19:15:43.063`)
* [CVE-2023-41046](CVE-2023/CVE-2023-410xx/CVE-2023-41046.json) (`2023-09-01T20:15:07.540`)
* [CVE-2023-41049](CVE-2023/CVE-2023-410xx/CVE-2023-41049.json) (`2023-09-01T20:15:07.873`)
* [CVE-2023-4710](CVE-2023/CVE-2023-47xx/CVE-2023-4710.json) (`2023-09-01T20:15:08.103`)
* [CVE-2023-4711](CVE-2023/CVE-2023-47xx/CVE-2023-4711.json) (`2023-09-01T20:15:08.310`)
* [CVE-2023-4712](CVE-2023/CVE-2023-47xx/CVE-2023-4712.json) (`2023-09-01T20:15:08.473`)
* [CVE-2023-4713](CVE-2023/CVE-2023-47xx/CVE-2023-4713.json) (`2023-09-01T20:15:08.680`)
* [CVE-2023-4714](CVE-2023/CVE-2023-47xx/CVE-2023-4714.json) (`2023-09-01T20:15:08.890`)
* [CVE-2023-3297](CVE-2023/CVE-2023-32xx/CVE-2023-3297.json) (`2023-09-01T21:15:07.977`)
### CVEs modified in the last Commit
Recently modified CVEs: `27`
Recently modified CVEs: `56`
* [CVE-2023-40586](CVE-2023/CVE-2023-405xx/CVE-2023-40586.json) (`2023-09-01T18:06:17.537`)
* [CVE-2023-3453](CVE-2023/CVE-2023-34xx/CVE-2023-3453.json) (`2023-09-01T18:11:49.340`)
* [CVE-2023-33876](CVE-2023/CVE-2023-338xx/CVE-2023-33876.json) (`2023-09-01T18:15:07.427`)
* [CVE-2023-4596](CVE-2023/CVE-2023-45xx/CVE-2023-4596.json) (`2023-09-01T18:17:25.357`)
* [CVE-2023-40170](CVE-2023/CVE-2023-401xx/CVE-2023-40170.json) (`2023-09-01T18:36:32.463`)
* [CVE-2023-4597](CVE-2023/CVE-2023-45xx/CVE-2023-4597.json) (`2023-09-01T18:36:38.313`)
* [CVE-2023-4611](CVE-2023/CVE-2023-46xx/CVE-2023-4611.json) (`2023-09-01T18:36:56.110`)
* [CVE-2023-41109](CVE-2023/CVE-2023-411xx/CVE-2023-41109.json) (`2023-09-01T18:37:07.207`)
* [CVE-2023-39348](CVE-2023/CVE-2023-393xx/CVE-2023-39348.json) (`2023-09-01T18:37:25.700`)
* [CVE-2023-35785](CVE-2023/CVE-2023-357xx/CVE-2023-35785.json) (`2023-09-01T18:37:42.127`)
* [CVE-2023-33317](CVE-2023/CVE-2023-333xx/CVE-2023-33317.json) (`2023-09-01T18:38:41.257`)
* [CVE-2023-4653](CVE-2023/CVE-2023-46xx/CVE-2023-4653.json) (`2023-09-01T18:39:05.677`)
* [CVE-2023-4652](CVE-2023/CVE-2023-46xx/CVE-2023-4652.json) (`2023-09-01T18:39:07.780`)
* [CVE-2023-4655](CVE-2023/CVE-2023-46xx/CVE-2023-4655.json) (`2023-09-01T18:39:47.187`)
* [CVE-2023-41121](CVE-2023/CVE-2023-411xx/CVE-2023-41121.json) (`2023-09-01T18:48:33.107`)
* [CVE-2023-4599](CVE-2023/CVE-2023-45xx/CVE-2023-4599.json) (`2023-09-01T18:59:53.493`)
* [CVE-2023-33325](CVE-2023/CVE-2023-333xx/CVE-2023-33325.json) (`2023-09-01T19:05:34.913`)
* [CVE-2023-41559](CVE-2023/CVE-2023-415xx/CVE-2023-41559.json) (`2023-09-01T19:10:58.247`)
* [CVE-2023-34032](CVE-2023/CVE-2023-340xx/CVE-2023-34032.json) (`2023-09-01T19:15:40.420`)
* [CVE-2023-34180](CVE-2023/CVE-2023-341xx/CVE-2023-34180.json) (`2023-09-01T19:22:34.537`)
* [CVE-2023-34176](CVE-2023/CVE-2023-341xx/CVE-2023-34176.json) (`2023-09-01T19:24:19.840`)
* [CVE-2023-34175](CVE-2023/CVE-2023-341xx/CVE-2023-34175.json) (`2023-09-01T19:36:10.463`)
* [CVE-2023-34174](CVE-2023/CVE-2023-341xx/CVE-2023-34174.json) (`2023-09-01T19:37:34.893`)
* [CVE-2023-41563](CVE-2023/CVE-2023-415xx/CVE-2023-41563.json) (`2023-09-01T19:54:35.217`)
* [CVE-2023-4624](CVE-2023/CVE-2023-46xx/CVE-2023-4624.json) (`2023-09-01T19:59:22.693`)
* [CVE-2023-28366](CVE-2023/CVE-2023-283xx/CVE-2023-28366.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-36076](CVE-2023/CVE-2023-360xx/CVE-2023-36076.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-36088](CVE-2023/CVE-2023-360xx/CVE-2023-36088.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-36100](CVE-2023/CVE-2023-361xx/CVE-2023-36100.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-36187](CVE-2023/CVE-2023-361xx/CVE-2023-36187.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-36326](CVE-2023/CVE-2023-363xx/CVE-2023-36326.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-36327](CVE-2023/CVE-2023-363xx/CVE-2023-36327.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-36328](CVE-2023/CVE-2023-363xx/CVE-2023-36328.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-39582](CVE-2023/CVE-2023-395xx/CVE-2023-39582.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-39631](CVE-2023/CVE-2023-396xx/CVE-2023-39631.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-40771](CVE-2023/CVE-2023-407xx/CVE-2023-40771.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-40968](CVE-2023/CVE-2023-409xx/CVE-2023-40968.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-40980](CVE-2023/CVE-2023-409xx/CVE-2023-40980.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-4720](CVE-2023/CVE-2023-47xx/CVE-2023-4720.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-4721](CVE-2023/CVE-2023-47xx/CVE-2023-4721.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-4722](CVE-2023/CVE-2023-47xx/CVE-2023-4722.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-41627](CVE-2023/CVE-2023-416xx/CVE-2023-41627.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-41628](CVE-2023/CVE-2023-416xx/CVE-2023-41628.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-39714](CVE-2023/CVE-2023-397xx/CVE-2023-39714.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-4707](CVE-2023/CVE-2023-47xx/CVE-2023-4707.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-4708](CVE-2023/CVE-2023-47xx/CVE-2023-4708.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-1523](CVE-2023/CVE-2023-15xx/CVE-2023-1523.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-41051](CVE-2023/CVE-2023-410xx/CVE-2023-41051.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-41633](CVE-2023/CVE-2023-416xx/CVE-2023-41633.json) (`2023-09-01T21:15:30.513`)
* [CVE-2023-4709](CVE-2023/CVE-2023-47xx/CVE-2023-4709.json) (`2023-09-01T21:15:30.513`)
## Download and Usage