admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-20T04:00:27.303338+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-20 04:00:30 +00:00
parent 2b32a14b2d
commit cda650b5d5
22 changed files with 1397 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
CVE-2021/CVE-2021-446xx/CVE-2021-44696.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-44696",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-07-12T12:15:09.663",
"lastModified": "2023-07-12T12:46:11.343",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:11:45.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
@ -46,10 +66,49 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:prelude:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.1.1",
"matchCriteriaId": "39887E20-A188-44D9-91E7-2E1EBF00063E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/prelude/apsb21-114.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

113
CVE-2023/CVE-2023-16xx/CVE-2023-1672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1672",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-11T12:15:09.520",
"lastModified": "2023-07-11T12:43:16.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:04:18.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,22 +54,103 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tang_project:tang:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14",
"matchCriteriaId": "91FB668D-32F0-442D-BC21-36133C7CC6F7"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1672",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180999",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/06/15/1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-291xx/CVE-2023-29156.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29156",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-07-11T09:15:09.527",
"lastModified": "2023-07-11T12:43:16.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:11:22.203",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -46,14 +76,51 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bluemark:dronescout_ds230_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20211210-1627",
"versionEndIncluding": "20230329-1042",
"matchCriteriaId": "ECAA0DEB-A113-4A49-82DF-539AB43E9461"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:bluemark:dronescout_ds230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7E81E1-02C3-4E4F-BF27-918CF7461899"
}
]
}
]
}
],
"references": [
{
"url": "https://download.bluemark.io/dronescout/firmware/history.txt",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-29156/",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-311xx/CVE-2023-31190.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31190",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-07-11T09:15:09.597",
"lastModified": "2023-07-11T12:43:16.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:04:56.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -46,14 +76,51 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bluemark:dronescout_ds230_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20211210-1627",
"versionEndIncluding": "20230329-1042",
"matchCriteriaId": "ECAA0DEB-A113-4A49-82DF-539AB43E9461"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:bluemark:dronescout_ds230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7E81E1-02C3-4E4F-BF27-918CF7461899"
}
]
}
]
}
],
"references": [
{
"url": "https://download.bluemark.io/dronescout/firmware/history.txt",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31190/",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-311xx/CVE-2023-31191.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31191",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-07-11T09:15:09.653",
"lastModified": "2023-07-11T12:43:16.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:04:36.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -46,14 +76,51 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:bluemark:dronescout_ds230_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20211210-1627",
"versionEndIncluding": "20230329-1042",
"matchCriteriaId": "ECAA0DEB-A113-4A49-82DF-539AB43E9461"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:bluemark:dronescout_ds230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7E81E1-02C3-4E4F-BF27-918CF7461899"
}
]
}
]
}
],
"references": [
{
"url": "https://download.bluemark.io/dronescout/firmware/history.txt",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31191/",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-336xx/CVE-2023-33668.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-33668",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-12T13:15:09.190",
"lastModified": "2023-07-12T13:56:22.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:11:57.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-354"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:digiexam:digiexam:*:*:*:*:*:*:*:*",
"versionEndIncluding": "14.0.2",
"matchCriteriaId": "EB3B8CB6-1D21-4B3D-9409-4EE3669CB01F"
}
]
}
]
}
],
"references": [
{
"url": "http://digiexam.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/lodi-g/CVE-2023-33668",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-36xx/CVE-2023-3642.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-3642",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-12T17:15:09.040",
"lastModified": "2023-07-12T17:58:08.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:02:56.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /VacationRentalWebsite/property/8/ad-has-principes/ of the component HTTP POST Request Handler. The manipulation of the argument username/title/comment leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233888."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en GZ Scripts Vacation Rental Website v1.8 y se ha clasificado como problem\u00e1tica. Este problema afecta a una funcionalidad desconocida del archivo \"/VacationRentalWebsite/property/8/ad-has-principes/\" del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento \"username/title/comment\" conduce a ataques de tipo Cross-Site Scripting. El ataque puede ser lanzado remotamente. El identificador de esta vulnerabilidad es VDB-233888."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +97,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gzscripts:vacation_rental_website:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9F3D91-AC88-4DCA-B062-79EDD927511D"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.233888",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.233888",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-36xx/CVE-2023-3644.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-3644",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-12T18:15:09.563",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:04:50.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. VDB-233890 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en SourceCodester Service Provider Management System v1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo \"/classes/Master.php?f=save_inquiry\". La manipulaci\u00f3n del argumento id conduce a una inyecci\u00f3n sql. El ataque puede iniciarse de forma remota. VDB-233890 es el identificador asignado a esta vulnerabilidad. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +87,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,16 +95,50 @@
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:service_provider_management_system_project:service_provider_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72A53E3F-CC8B-4570-9F4F-BA25E7F4F642"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.233890",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.233890",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-372xx/CVE-2023-37289.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37289",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-07-20T03:15:10.047",
"lastModified": "2023-07-20T03:15:10.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker to exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.\u00a0This issue affects Document On-line Submission and Approval System: 22547, 22567."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7225-cef32-1.html",
"source": "twcert@cert.org.tw"
}
]
}

68
CVE-2023/CVE-2023-375xx/CVE-2023-37582.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-37582",
"sourceIdentifier": "security@apache.org",
"published": "2023-07-12T10:15:11.197",
"lastModified": "2023-07-12T12:46:11.343",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:11:34.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. \n\nWhen NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. \n\nIt is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -23,14 +46,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.9.6",
"matchCriteriaId": "B55D62B2-8FCD-4522-A3AE-8DDDA449BFC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.1",
"matchCriteriaId": "5944A57F-AC51-4AF2-8775-5B8FAD76CF33"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/m614czxtpvlztd7mfgcs2xcsg36rdbnc",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-376xx/CVE-2023-37628.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-37628",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-12T17:15:08.720",
"lastModified": "2023-07-12T17:58:08.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:07:39.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Piggery Management System 1.0 is vulnerable to SQL Injection."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple_online_piggery_management_system_project:simple_online_piggery_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A096010-5E04-46F9-ADCA-8EE8C47B12E5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/1337kid/Piggery_CMS_multiple_vulns_PoC/tree/main/CVE-2023-37628",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-376xx/CVE-2023-37629.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-37629",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-12T17:15:08.777",
"lastModified": "2023-07-12T17:58:08.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:06:08.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to \"add-pig.php.\""
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple_online_piggery_management_system_project:simple_online_piggery_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A096010-5E04-46F9-ADCA-8EE8C47B12E5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/1337kid/Piggery_CMS_multiple_vulns_PoC/tree/main/CVE-2023-37629",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-379xx/CVE-2023-37956.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37956",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.723",
"lastModified": "2023-07-13T23:15:11.933",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:09:20.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:test_results_aggregator:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.2.13",
"matchCriteriaId": "44A86C07-24C7-4842-9AB2-B9E94AB79B5F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3122",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-379xx/CVE-2023-37957.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37957",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.777",
"lastModified": "2023-07-13T23:15:11.977",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:10:10.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:pipeline_restful_api:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "0.11",
"matchCriteriaId": "938E4D09-F3B4-4527-92C8-EAFDBD10019C"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3126",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-379xx/CVE-2023-37958.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37958",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.827",
"lastModified": "2023-07-13T23:15:12.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:11:09.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:sumologic_publisher:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "2.2.1",
"matchCriteriaId": "DA640A78-9364-422F-8567-2D92FBE3F3F1"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3117",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-379xx/CVE-2023-37959.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37959",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.887",
"lastModified": "2023-07-13T23:15:12.073",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:15:07.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:sumologic_publisher:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "2.2.1",
"matchCriteriaId": "DA640A78-9364-422F-8567-2D92FBE3F3F1"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3117",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-379xx/CVE-2023-37961.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37961",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.990",
"lastModified": "2023-07-13T23:15:12.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:15:58.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:assembla:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.14",
"matchCriteriaId": "5E9A4BC1-119B-419C-B22F-B9915E0D0B03"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2988",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-379xx/CVE-2023-37962.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37962",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:14.043",
"lastModified": "2023-07-13T23:15:12.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:19:19.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:benchmark_evaluator:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.0.1",
"matchCriteriaId": "4413D0DB-25F4-4D2F-9A30-40E875EFA13F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3119",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-379xx/CVE-2023-37964.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37964",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:14.143",
"lastModified": "2023-07-13T23:15:12.320",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:21:44.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:elasticbox_ci:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "5.0.1",
"matchCriteriaId": "15545E15-F619-4031-BF03-6E6159C7A3EA"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3131",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-380xx/CVE-2023-38062.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38062",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-07-12T13:15:09.317",
"lastModified": "2023-07-12T13:56:22.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T02:13:48.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@jetbrains.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security@jetbrains.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@jetbrains.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +76,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.05.1",
"matchCriteriaId": "46175D6A-9392-4ABE-983F-50501F7876A1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com"
"source": "security@jetbrains.com",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-384xx/CVE-2023-38408.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-38408",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T03:15:10.170",
"lastModified": "2023-07-20T03:15:10.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009."
}
],
"metrics": {},
"references": [
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca",
"source": "cve@mitre.org"
},
{
"url": "https://news.ycombinator.com/item?id=36790196",
"source": "cve@mitre.org"
},
{
"url": "https://www.openssh.com/security.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.openssh.com/txt/release-9.3p2",
"source": "cve@mitre.org"
},
{
"url": "https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt",
"source": "cve@mitre.org"
}
]
}

64
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-20T02:00:46.310594+00:00
2023-07-20T04:00:27.303338+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-20T01:59:35.997000+00:00
2023-07-20T03:15:10.170000+00:00
```
### Last Data Feed Release
@ -29,52 +29,40 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
220713
220715
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `2`
* [CVE-2022-28733](CVE-2022/CVE-2022-287xx/CVE-2022-28733.json) (`2023-07-20T01:15:10.140`)
* [CVE-2022-28734](CVE-2022/CVE-2022-287xx/CVE-2022-28734.json) (`2023-07-20T01:15:10.243`)
* [CVE-2022-28735](CVE-2022/CVE-2022-287xx/CVE-2022-28735.json) (`2023-07-20T01:15:10.320`)
* [CVE-2022-28736](CVE-2022/CVE-2022-287xx/CVE-2022-28736.json) (`2023-07-20T01:15:10.400`)
* [CVE-2022-28737](CVE-2022/CVE-2022-287xx/CVE-2022-28737.json) (`2023-07-20T01:15:10.473`)
* [CVE-2023-3072](CVE-2023/CVE-2023-30xx/CVE-2023-3072.json) (`2023-07-20T00:15:10.347`)
* [CVE-2023-3299](CVE-2023/CVE-2023-32xx/CVE-2023-3299.json) (`2023-07-20T00:15:10.447`)
* [CVE-2023-3300](CVE-2023/CVE-2023-33xx/CVE-2023-3300.json) (`2023-07-20T00:15:10.527`)
* [CVE-2023-37289](CVE-2023/CVE-2023-372xx/CVE-2023-37289.json) (`2023-07-20T03:15:10.047`)
* [CVE-2023-38408](CVE-2023/CVE-2023-384xx/CVE-2023-38408.json) (`2023-07-20T03:15:10.170`)
### CVEs modified in the last Commit
Recently modified CVEs: `39`
Recently modified CVEs: `19`
* [CVE-2023-37955](CVE-2023/CVE-2023-379xx/CVE-2023-37955.json) (`2023-07-20T01:43:38.530`)
* [CVE-2023-37954](CVE-2023/CVE-2023-379xx/CVE-2023-37954.json) (`2023-07-20T01:43:50.643`)
* [CVE-2023-37953](CVE-2023/CVE-2023-379xx/CVE-2023-37953.json) (`2023-07-20T01:44:38.133`)
* [CVE-2023-37952](CVE-2023/CVE-2023-379xx/CVE-2023-37952.json) (`2023-07-20T01:44:51.670`)
* [CVE-2023-37951](CVE-2023/CVE-2023-379xx/CVE-2023-37951.json) (`2023-07-20T01:45:11.257`)
* [CVE-2023-37945](CVE-2023/CVE-2023-379xx/CVE-2023-37945.json) (`2023-07-20T01:45:33.523`)
* [CVE-2023-37944](CVE-2023/CVE-2023-379xx/CVE-2023-37944.json) (`2023-07-20T01:45:57.860`)
* [CVE-2023-30937](CVE-2023/CVE-2023-309xx/CVE-2023-30937.json) (`2023-07-20T01:46:05.337`)
* [CVE-2023-37943](CVE-2023/CVE-2023-379xx/CVE-2023-37943.json) (`2023-07-20T01:46:27.617`)
* [CVE-2023-37942](CVE-2023/CVE-2023-379xx/CVE-2023-37942.json) (`2023-07-20T01:47:00.227`)
* [CVE-2023-36825](CVE-2023/CVE-2023-368xx/CVE-2023-36825.json) (`2023-07-20T01:47:19.413`)
* [CVE-2023-30936](CVE-2023/CVE-2023-309xx/CVE-2023-30936.json) (`2023-07-20T01:47:35.127`)
* [CVE-2023-24492](CVE-2023/CVE-2023-244xx/CVE-2023-24492.json) (`2023-07-20T01:49:10.613`)
* [CVE-2023-3127](CVE-2023/CVE-2023-31xx/CVE-2023-3127.json) (`2023-07-20T01:49:31.853`)
* [CVE-2023-2762](CVE-2023/CVE-2023-27xx/CVE-2023-2762.json) (`2023-07-20T01:49:48.370`)
* [CVE-2023-30941](CVE-2023/CVE-2023-309xx/CVE-2023-30941.json) (`2023-07-20T01:50:32.973`)
* [CVE-2023-30940](CVE-2023/CVE-2023-309xx/CVE-2023-30940.json) (`2023-07-20T01:53:12.603`)
* [CVE-2023-30938](CVE-2023/CVE-2023-309xx/CVE-2023-30938.json) (`2023-07-20T01:55:49.427`)
* [CVE-2023-2763](CVE-2023/CVE-2023-27xx/CVE-2023-2763.json) (`2023-07-20T01:56:00.570`)
* [CVE-2023-30928](CVE-2023/CVE-2023-309xx/CVE-2023-30928.json) (`2023-07-20T01:56:16.403`)
* [CVE-2023-30939](CVE-2023/CVE-2023-309xx/CVE-2023-30939.json) (`2023-07-20T01:56:36.267`)
* [CVE-2023-3108](CVE-2023/CVE-2023-31xx/CVE-2023-3108.json) (`2023-07-20T01:56:37.593`)
* [CVE-2023-3269](CVE-2023/CVE-2023-32xx/CVE-2023-3269.json) (`2023-07-20T01:56:56.217`)
* [CVE-2023-37630](CVE-2023/CVE-2023-376xx/CVE-2023-37630.json) (`2023-07-20T01:57:57.420`)
* [CVE-2023-3641](CVE-2023/CVE-2023-36xx/CVE-2023-3641.json) (`2023-07-20T01:59:35.997`)
* [CVE-2021-44696](CVE-2021/CVE-2021-446xx/CVE-2021-44696.json) (`2023-07-20T02:11:45.490`)
* [CVE-2023-3642](CVE-2023/CVE-2023-36xx/CVE-2023-3642.json) (`2023-07-20T02:02:56.427`)
* [CVE-2023-1672](CVE-2023/CVE-2023-16xx/CVE-2023-1672.json) (`2023-07-20T02:04:18.157`)
* [CVE-2023-31191](CVE-2023/CVE-2023-311xx/CVE-2023-31191.json) (`2023-07-20T02:04:36.067`)
* [CVE-2023-3644](CVE-2023/CVE-2023-36xx/CVE-2023-3644.json) (`2023-07-20T02:04:50.907`)
* [CVE-2023-31190](CVE-2023/CVE-2023-311xx/CVE-2023-31190.json) (`2023-07-20T02:04:56.910`)
* [CVE-2023-37629](CVE-2023/CVE-2023-376xx/CVE-2023-37629.json) (`2023-07-20T02:06:08.907`)
* [CVE-2023-37628](CVE-2023/CVE-2023-376xx/CVE-2023-37628.json) (`2023-07-20T02:07:39.827`)
* [CVE-2023-37956](CVE-2023/CVE-2023-379xx/CVE-2023-37956.json) (`2023-07-20T02:09:20.513`)
* [CVE-2023-37957](CVE-2023/CVE-2023-379xx/CVE-2023-37957.json) (`2023-07-20T02:10:10.550`)
* [CVE-2023-37958](CVE-2023/CVE-2023-379xx/CVE-2023-37958.json) (`2023-07-20T02:11:09.283`)
* [CVE-2023-29156](CVE-2023/CVE-2023-291xx/CVE-2023-29156.json) (`2023-07-20T02:11:22.203`)
* [CVE-2023-37582](CVE-2023/CVE-2023-375xx/CVE-2023-37582.json) (`2023-07-20T02:11:34.330`)
* [CVE-2023-33668](CVE-2023/CVE-2023-336xx/CVE-2023-33668.json) (`2023-07-20T02:11:57.637`)
* [CVE-2023-38062](CVE-2023/CVE-2023-380xx/CVE-2023-38062.json) (`2023-07-20T02:13:48.837`)
* [CVE-2023-37959](CVE-2023/CVE-2023-379xx/CVE-2023-37959.json) (`2023-07-20T02:15:07.977`)
* [CVE-2023-37961](CVE-2023/CVE-2023-379xx/CVE-2023-37961.json) (`2023-07-20T02:15:58.907`)
* [CVE-2023-37962](CVE-2023/CVE-2023-379xx/CVE-2023-37962.json) (`2023-07-20T02:19:19.640`)
* [CVE-2023-37964](CVE-2023/CVE-2023-379xx/CVE-2023-37964.json) (`2023-07-20T02:21:44.327`)
## Download and Usage