admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-06T22:00:26.115652+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-06 22:00:29 +00:00
parent 143a0d3b31
commit ce70999c95
18 changed files with 1226 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2020/CVE-2020-267xx/CVE-2020-26708.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-26708",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T21:15:09.197",
"lastModified": "2023-06-29T23:57:54.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T20:59:00.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:requests-xml_project:requests-xml:0.2.3:*:*:*:*:python:*:*",
"matchCriteriaId": "C4009C08-96CE-46E4-9C69-2263629352D5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/erinxocon/requests-xml/issues/7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

64
CVE-2020/CVE-2020-267xx/CVE-2020-26709.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-26709",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T21:15:09.247",
"lastModified": "2023-06-29T23:57:54.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T21:02:24.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:py-xml_project:py-xml:1.0:*:*:*:*:python:*:*",
"matchCriteriaId": "C9AB5878-FBEB-45C4-8A78-812078BA0AF6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PinaeOS/py-xml/issues/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

64
CVE-2022/CVE-2022-464xx/CVE-2022-46407.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2022-46407",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T02:15:15.827",
"lastModified": "2023-06-29T15:35:43.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T20:53:58.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint \u201ceditprofile\u201d where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ericsson:network_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.2",
"matchCriteriaId": "59329A1F-C8D6-4D22-AAE3-9207C516573E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-201xx/CVE-2023-20192.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20192",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-06-28T15:15:10.007",
"lastModified": "2023-06-28T15:25:19.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T21:08:47.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -46,10 +78,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:expressway:*:*:*",
"versionEndIncluding": "x14.0.3",
"matchCriteriaId": "10B65B6C-EBB4-407E-803C-9F3B33B07177"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "x14.0.3",
"matchCriteriaId": "C5220365-49BE-4021-9D4E-13FEB6FB5EBD"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

336
CVE-2023/CVE-2023-215xx/CVE-2023-21513.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21513",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-06-28T21:15:09.467",
"lastModified": "2023-06-29T15:35:43.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T21:23:49.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -46,10 +76,310 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "8D2D0083-0A85-47F7-A42D-2040A3BEC132"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0332BF16-0F1F-4733-ABCE-A1EA1366A5D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D7120696-2440-44EC-B3A4-6FCBB4A60A12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3658A42-BCA9-4188-8B36-3C6599BBF83C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D0E55E09-C2C9-43D1-8A1A-6D02F544E34A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2020-r1:*:*:*:*:*:*",
"matchCriteriaId": "C26195A5-31BE-4116-8F31-9F25BE57AB52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C6114C5-C175-45E7-821E-6BA218F923DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "58BA232B-8D39-473A-91D0-D3AC03FDE8FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "25B42CE0-67DE-4611-8D70-DEEC975E32BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "AF2EADA0-5976-4711-A7A5-61594F3E2FEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "6B59145B-5506-477C-8F9C-ABB0CE2CF631"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "AC082E25-1B7D-473D-A066-1463E6321CD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "655BEA94-9A83-4A56-8DDE-79ADC821C707"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "B894D0C1-E66E-44B0-8FCA-2EE4290C4173"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "2B088DE9-31F1-4737-8BC8-CC406F208ACB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "899F6BD2-47AF-4ADA-935D-90AB069E9BA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "C2592B14-B3B7-4C85-88E8-5E12F6F50ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "40A783AA-91E7-426B-8A78-4EBE5D69A602"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "BA51F5D5-D18D-426C-B09F-EE12CE11E9FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "53968A3C-6E71-42B8-8671-6730D8C85603"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "FFB0F9B9-C60D-40CC-AC7D-FDB288EB2264"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "6C946853-D56D-457C-A1CB-AD1A5BD56C41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B35EB1D3-2F29-4A5C-AC9A-6ED72A2E22D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "1DD6CFD3-5341-4069-B4FC-A5E07F13A63F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "9BD8E899-427B-47D2-9168-446B0249868F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "E923AF0F-34BA-40FE-AA20-B01366263B97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "78B14D1F-C536-4816-A076-B074E41EB0A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "AF2D00F4-B521-4D8F-84F8-DCE45B6349A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "548BCC15-C6D8-4AE7-B167-4DD74382097B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9C2B6E53-CC07-4590-ADFA-CEF7DB0F4EB7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EC4A2EBA-038B-44D5-84F3-FF326CD1C62D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "40EB3FC1-D79A-40C7-9E2B-573E20780982"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0ABFBBDB-E935-4C54-865A-0E607497DA87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "3899E3E7-1284-4223-A258-DA691F5D62FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "ECD961EA-6881-4A14-83DE-C6972F6F681C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "011CC4F5-6701-41E9-BC7D-CFE6EFF682AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "13E145E2-CE11-4EE5-9085-B4960FE4F52F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3BBC8B6-1D2B-47C9-93EE-3D3DC43062F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "02600CDD-6862-4146-88E8-A2E73B7ED534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "35F40D59-034B-44FB-8DCD-D469B50DE7E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "BC3F8572-578B-4D19-9453-1D03DA55EF70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9137C66C-4966-4C90-ABE9-7E22F7E29BA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E261C9D8-1E74-44B8-9F11-F5769CF8B7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "18CD523B-530E-4187-8BFF-729CDAC69282"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C28D3CD-DD34-4334-B03F-794B31A4BF48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "5A81C86D-F1FE-4166-8F37-D7170E6B30FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3D80783-523A-455E-B1AD-0961086F79E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "89BE2958-0BEE-4CFD-A0BA-494DE62E7F32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B0329C50-B904-480D-8EBB-F2757049FC81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3F3EF3F1-4E54-46E3-A308-69656A29FBD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-215xx/CVE-2023-21518.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21518",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-06-28T21:15:09.623",
"lastModified": "2023-06-29T15:35:43.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T21:20:49.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -46,10 +76,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:searchwidget:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3",
"matchCriteriaId": "54972111-D867-49B3-8611-D69DC683914A"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=06",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-264xx/CVE-2023-26432.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26432",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-06-20T08:15:09.360",
"lastModified": "2023-06-22T15:15:11.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T20:05:13.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -46,22 +76,71 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.10.6",
"matchCriteriaId": "74EDAF14-4BF1-4E62-AA44-86090B6BEEFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.11.0",
"matchCriteriaId": "73183E5C-54B0-4426-BD3B-34C19BBDECEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:7.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D41FD049-C028-4C6D-A9D7-9DD1820B2C5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:7.10.6:revision_39:*:*:*:*:*:*",
"matchCriteriaId": "1B382924-49BE-43BF-B012-7F8F8A90CA6C"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jun/8",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Release Notes"
]
}
]
}

28
CVE-2023/CVE-2023-298xx/CVE-2023-29824.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-29824",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-06T21:15:09.060",
"lastModified": "2023-07-06T21:15:09.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0."
}
],
"metrics": {},
"references": [
{
"url": "http://www.square16.org/achievement/cve-2023-29824/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/scipy/scipy/issues/14713",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/scipy/scipy/pull/15013",
"source": "cve@mitre.org"
}
]
}

47
CVE-2023/CVE-2023-29xx/CVE-2023-2982.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2982",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-29T02:15:16.103",
"lastModified": "2023-06-29T15:35:43.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T21:04:26.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,26 +46,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:miniorange:wordpress_social_login_and_register_\\(discord\\,_google\\,_twitter\\,_linkedin\\):*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.6.5",
"matchCriteriaId": "4942FAAF-310A-4B97-AE0F-109F09B21257"
}
]
}
]
}
],
"references": [
{
"url": "https://lana.codes/lanavdb/2326f41f-a39f-4fde-8627-9d29fff91443/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/miniorange-login-openid/trunk/mo-openid-social-login-functions.php#L107",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2924863/miniorange-login-openid",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2925914/miniorange-login-openid",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08ca186a-2486-4a58-9c53-03e9eba13e66?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-301xx/CVE-2023-30195.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-30195",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-06T20:15:09.247",
"lastModified": "2023-07-06T20:15:09.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the module \"Detailed Order\" (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://friends-of-presta.github.io/security-advisories/modules/2023/06/22/lgdetailedorder.html",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-33xx/CVE-2023-3390.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3390",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-06-28T21:15:10.447",
"lastModified": "2023-07-06T04:15:12.060",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T21:32:34.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,18 +76,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16",
"versionEndExcluding": "6.4",
"matchCriteriaId": "1C12E20E-DA5B-46BA-A7C9-7190D48F59D6"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5448",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

96
CVE-2023/CVE-2023-34xx/CVE-2023-3439.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-3439",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-06-28T21:15:10.517",
"lastModified": "2023-07-02T15:15:09.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T21:39:33.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -23,18 +56,69 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"matchCriteriaId": "FE93544F-B946-47CF-9697-FBF3484FCB92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6AD94161-84BB-42E6-9882-4FC0C42E9FC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7AB06DDF-3C2B-416D-B448-E990D8FF67A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EAE6C6C5-4D21-4C04-897C-70CBBB3D7B91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DA5F085D-52F3-4EE2-8353-455D1A6FE073"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/02/1",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217915",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/b561275d633bcd8e0e8055ab86f1a13df75a0269",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch"
]
}
]
}

75
CVE-2023/CVE-2023-359xx/CVE-2023-35934.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2023-35934",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-06T20:15:09.333",
"lastModified": "2023-07-06T20:15:09.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later).\n\nAt the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp's info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped.\n\nyt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders' built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scoping\n\nSome workarounds are available for those who are unable to upgrade. Avoid using cookies and user authentication methods. While extractors may set custom cookies, these usually do not contain sensitive information. Alternatively, avoid using `--load-info-json`. Or, if authentication is a must: verify the integrity of download links from unknown sources in browser (including redirects) before passing them to yt-dlp; use `curl` as external downloader, since it is not impacted; and/or avoid fragmented formats such as HLS/m3u8, DASH/mpd and ISM."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2023.07.06.185519",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/yt-dlp/yt-dlp/commit/3121512228487c9c690d3d39bfd2579addf96e07",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/yt-dlp/yt-dlp/commit/f8b4bcc0a791274223723488bfbfc23ea3276641",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/yt-dlp/yt-dlp/releases/tag/2023.07.06",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj",
"source": "security-advisories@github.com"
}
]
}

62
CVE-2023/CVE-2023-359xx/CVE-2023-35935.json
View File

@ -2,66 +2,14 @@
"id": "CVE-2023-35935",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-03T17:15:09.317",
"lastModified": "2023-07-03T18:33:32.153",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T21:15:09.260",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "@fastify/oauth2, a wrapper around the `simple-oauth2` library, is vulnerable to cross site request forgery (CSRF) prior to version 7.2.0.. All versions of @fastify/oauth2 used a statically generated `state` parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 `state` parameter is to prevent CSRF attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it. Version 7.2.0 changes the default behavior to store the `state` in a cookie with the `http-only` and `same-site=lax` attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the `checkStateFunction` function, which now accepts the full `Request` object. There are no known workarounds for the issue."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-31999. Reason: This candidate is a reservation duplicate of CVE-2023-31999. Notes: All CVE users should reference CVE-2023-31999 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://auth0.com/docs/secure/attack-protection/state-parameters",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/fastify/fastify-oauth2/commit/bff756b456cbb769080631af2beb85671ff4c79c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/fastify/fastify-oauth2/releases/tag/v7.2.0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/fastify/fastify-oauth2/security/advisories/GHSA-g8x5-p9qc-cf95",
"source": "security-advisories@github.com"
}
]
"metrics": {},
"references": []
}

10
CVE-2023/CVE-2023-35xx/CVE-2023-3529.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3529",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-06T19:15:11.030",
"lastModified": "2023-07-06T19:15:11.030",
"lastModified": "2023-07-06T20:15:09.527",
"vulnStatus": "Received",
"descriptions": [
{
@ -17,19 +17,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],

59
CVE-2023/CVE-2023-35xx/CVE-2023-3531.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3531",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-07-06T20:15:09.593",
"lastModified": "2023-07-06T20:15:09.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/nilsteampassnet/teampass/commit/cb8ea5ccca61653895bb6881547e463baa50293d",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/c9f0b3ff-bbc4-4ea1-a59e-8594b48bb414",
"source": "security@huntr.dev"
}
]
}

71
CVE-2023/CVE-2023-364xx/CVE-2023-36462.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-36462",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-06T20:15:09.423",
"lastModified": "2023-07-06T20:15:09.423",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a different URL altogether. The link is visually misleading, but clicking on it will reveal the actual link. This can still be used for phishing, though, similar to IDN homograph attacks. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/mastodon/mastodon/commit/610731b03dfcadd887078cb0399f4e514aa1931c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mastodon/mastodon/releases/tag/v3.5.9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mastodon/mastodon/releases/tag/v4.0.5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mastodon/mastodon/releases/tag/v4.1.3",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-55j9-c3mp-6fcq",
"source": "security-advisories@github.com"
}
]
}

59
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-06T20:00:34.265320+00:00
2023-07-06T22:00:26.115652+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-06T19:55:47.750000+00:00
2023-07-06T21:39:33.310000+00:00
```
### Last Data Feed Release
@ -29,51 +29,36 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
219418
219423
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `5`
* [CVE-2023-1298](CVE-2023/CVE-2023-12xx/CVE-2023-1298.json) (`2023-07-06T18:15:10.497`)
* [CVE-2023-3528](CVE-2023/CVE-2023-35xx/CVE-2023-3528.json) (`2023-07-06T18:15:17.877`)
* [CVE-2023-36456](CVE-2023/CVE-2023-364xx/CVE-2023-36456.json) (`2023-07-06T19:15:10.633`)
* [CVE-2023-36459](CVE-2023/CVE-2023-364xx/CVE-2023-36459.json) (`2023-07-06T19:15:10.727`)
* [CVE-2023-36460](CVE-2023/CVE-2023-364xx/CVE-2023-36460.json) (`2023-07-06T19:15:10.807`)
* [CVE-2023-36461](CVE-2023/CVE-2023-364xx/CVE-2023-36461.json) (`2023-07-06T19:15:10.880`)
* [CVE-2023-3529](CVE-2023/CVE-2023-35xx/CVE-2023-3529.json) (`2023-07-06T19:15:11.030`)
* [CVE-2023-30195](CVE-2023/CVE-2023-301xx/CVE-2023-30195.json) (`2023-07-06T20:15:09.247`)
* [CVE-2023-35934](CVE-2023/CVE-2023-359xx/CVE-2023-35934.json) (`2023-07-06T20:15:09.333`)
* [CVE-2023-36462](CVE-2023/CVE-2023-364xx/CVE-2023-36462.json) (`2023-07-06T20:15:09.423`)
* [CVE-2023-3531](CVE-2023/CVE-2023-35xx/CVE-2023-3531.json) (`2023-07-06T20:15:09.593`)
* [CVE-2023-29824](CVE-2023/CVE-2023-298xx/CVE-2023-29824.json) (`2023-07-06T21:15:09.060`)
### CVEs modified in the last Commit
Recently modified CVEs: `119`
Recently modified CVEs: `12`
* [CVE-2023-3479](CVE-2023/CVE-2023-34xx/CVE-2023-3479.json) (`2023-07-06T18:50:34.680`)
* [CVE-2023-3477](CVE-2023/CVE-2023-34xx/CVE-2023-3477.json) (`2023-07-06T18:50:58.493`)
* [CVE-2023-3476](CVE-2023/CVE-2023-34xx/CVE-2023-3476.json) (`2023-07-06T18:51:15.307`)
* [CVE-2023-34831](CVE-2023/CVE-2023-348xx/CVE-2023-34831.json) (`2023-07-06T18:52:42.250`)
* [CVE-2023-37299](CVE-2023/CVE-2023-372xx/CVE-2023-37299.json) (`2023-07-06T18:54:42.910`)
* [CVE-2023-37298](CVE-2023/CVE-2023-372xx/CVE-2023-37298.json) (`2023-07-06T18:54:56.713`)
* [CVE-2023-3249](CVE-2023/CVE-2023-32xx/CVE-2023-3249.json) (`2023-07-06T18:57:05.560`)
* [CVE-2023-3063](CVE-2023/CVE-2023-30xx/CVE-2023-3063.json) (`2023-07-06T18:57:21.283`)
* [CVE-2023-1150](CVE-2023/CVE-2023-11xx/CVE-2023-1150.json) (`2023-07-06T18:58:33.670`)
* [CVE-2023-35169](CVE-2023/CVE-2023-351xx/CVE-2023-35169.json) (`2023-07-06T19:01:47.627`)
* [CVE-2023-2834](CVE-2023/CVE-2023-28xx/CVE-2023-2834.json) (`2023-07-06T19:03:08.023`)
* [CVE-2023-34599](CVE-2023/CVE-2023-345xx/CVE-2023-34599.json) (`2023-07-06T19:05:10.733`)
* [CVE-2023-26965](CVE-2023/CVE-2023-269xx/CVE-2023-26965.json) (`2023-07-06T19:15:09.980`)
* [CVE-2023-2183](CVE-2023/CVE-2023-21xx/CVE-2023-2183.json) (`2023-07-06T19:15:10.047`)
* [CVE-2023-2454](CVE-2023/CVE-2023-24xx/CVE-2023-2454.json) (`2023-07-06T19:15:10.143`)
* [CVE-2023-2455](CVE-2023/CVE-2023-24xx/CVE-2023-2455.json) (`2023-07-06T19:15:10.233`)
* [CVE-2023-2700](CVE-2023/CVE-2023-27xx/CVE-2023-2700.json) (`2023-07-06T19:15:10.307`)
* [CVE-2023-2801](CVE-2023/CVE-2023-28xx/CVE-2023-2801.json) (`2023-07-06T19:15:10.383`)
* [CVE-2023-34149](CVE-2023/CVE-2023-341xx/CVE-2023-34149.json) (`2023-07-06T19:15:10.460`)
* [CVE-2023-34396](CVE-2023/CVE-2023-343xx/CVE-2023-34396.json) (`2023-07-06T19:15:10.557`)
* [CVE-2023-3141](CVE-2023/CVE-2023-31xx/CVE-2023-3141.json) (`2023-07-06T19:15:10.957`)
* [CVE-2023-22886](CVE-2023/CVE-2023-228xx/CVE-2023-22886.json) (`2023-07-06T19:32:59.063`)
* [CVE-2023-34598](CVE-2023/CVE-2023-345xx/CVE-2023-34598.json) (`2023-07-06T19:38:44.117`)
* [CVE-2023-36487](CVE-2023/CVE-2023-364xx/CVE-2023-36487.json) (`2023-07-06T19:43:16.007`)
* [CVE-2023-26434](CVE-2023/CVE-2023-264xx/CVE-2023-26434.json) (`2023-07-06T19:55:47.750`)
* [CVE-2020-26708](CVE-2020/CVE-2020-267xx/CVE-2020-26708.json) (`2023-07-06T20:59:00.767`)
* [CVE-2020-26709](CVE-2020/CVE-2020-267xx/CVE-2020-26709.json) (`2023-07-06T21:02:24.347`)
* [CVE-2022-46407](CVE-2022/CVE-2022-464xx/CVE-2022-46407.json) (`2023-07-06T20:53:58.867`)
* [CVE-2023-26432](CVE-2023/CVE-2023-264xx/CVE-2023-26432.json) (`2023-07-06T20:05:13.003`)
* [CVE-2023-3529](CVE-2023/CVE-2023-35xx/CVE-2023-3529.json) (`2023-07-06T20:15:09.527`)
* [CVE-2023-2982](CVE-2023/CVE-2023-29xx/CVE-2023-2982.json) (`2023-07-06T21:04:26.413`)
* [CVE-2023-20192](CVE-2023/CVE-2023-201xx/CVE-2023-20192.json) (`2023-07-06T21:08:47.440`)
* [CVE-2023-35935](CVE-2023/CVE-2023-359xx/CVE-2023-35935.json) (`2023-07-06T21:15:09.260`)
* [CVE-2023-21518](CVE-2023/CVE-2023-215xx/CVE-2023-21518.json) (`2023-07-06T21:20:49.410`)
* [CVE-2023-21513](CVE-2023/CVE-2023-215xx/CVE-2023-21513.json) (`2023-07-06T21:23:49.590`)
* [CVE-2023-3390](CVE-2023/CVE-2023-33xx/CVE-2023-3390.json) (`2023-07-06T21:32:34.897`)
* [CVE-2023-3439](CVE-2023/CVE-2023-34xx/CVE-2023-3439.json) (`2023-07-06T21:39:33.310`)
## Download and Usage