admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-27T23:55:26.121714+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-27 23:55:29 +00:00
parent 3f701fb0d6
commit d37aaf8c31
11 changed files with 675 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2022/CVE-2022-439xx/CVE-2022-43907.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-43907",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-27T23:15:28.737",
"lastModified": "2023-08-27T23:15:28.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240901",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7028511",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2022/CVE-2022-439xx/CVE-2022-43909.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-43909",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-27T23:15:33.633",
"lastModified": "2023-08-27T23:15:33.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 240905."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240905",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7028511",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-304xx/CVE-2023-30435.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-30435",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-27T23:15:33.813",
"lastModified": "2023-08-27T23:15:33.813",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252291."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252291",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7028506",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-304xx/CVE-2023-30436.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-30436",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-27T23:15:33.973",
"lastModified": "2023-08-27T23:15:33.973",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252292."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252292",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7028506",
"source": "psirt@us.ibm.com"
}
]
}

47
CVE-2023/CVE-2023-304xx/CVE-2023-30437.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-30437",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-27T23:15:34.117",
"lastModified": "2023-08-27T23:15:34.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252293",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7028506",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-338xx/CVE-2023-33852.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-33852",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-27T23:15:34.230",
"lastModified": "2023-08-27T23:15:34.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257614",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7028514",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-387xx/CVE-2023-38730.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-38730",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-27T23:15:34.383",
"lastModified": "2023-08-27T23:15:34.383",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262268",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7028841",
"source": "psirt@us.ibm.com"
}
]
}

88
CVE-2023/CVE-2023-45xx/CVE-2023-4557.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-4557",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-27T23:15:35.040",
"lastModified": "2023-08-27T23:15:35.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_purchase_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238158 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/ZhangXiaoDan1/cve_hub/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system%20-%20vuln%204.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.238158",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.238158",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-45xx/CVE-2023-4558.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-4558",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-27T23:15:36.730",
"lastModified": "2023-08-27T23:15:36.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SourceCodester Inventory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file staff_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238159."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/Inventory%20Management%20System%20SQLi%20staff_data.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.238159",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.238159",
"source": "cna@vuldb.com"
}
]
}

84
CVE-2023/CVE-2023-45xx/CVE-2023-4559.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-4559",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-27T23:15:36.837",
"lastModified": "2023-08-27T23:15:36.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-238160."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.238160",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.238160",
"source": "cna@vuldb.com"
}
]
}

20
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-27T08:00:28.224541+00:00
2023-08-27T23:55:26.121714+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-27T07:15:13.950000+00:00
2023-08-27T23:15:36.837000+00:00
```
### Last Data Feed Release
@ -29,15 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223502
223512
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `10`
* [CVE-2023-4555](CVE-2023/CVE-2023-45xx/CVE-2023-4555.json) (`2023-08-27T07:15:07.370`)
* [CVE-2023-4556](CVE-2023/CVE-2023-45xx/CVE-2023-4556.json) (`2023-08-27T07:15:13.950`)
* [CVE-2022-43907](CVE-2022/CVE-2022-439xx/CVE-2022-43907.json) (`2023-08-27T23:15:28.737`)
* [CVE-2022-43909](CVE-2022/CVE-2022-439xx/CVE-2022-43909.json) (`2023-08-27T23:15:33.633`)
* [CVE-2023-30435](CVE-2023/CVE-2023-304xx/CVE-2023-30435.json) (`2023-08-27T23:15:33.813`)
* [CVE-2023-30436](CVE-2023/CVE-2023-304xx/CVE-2023-30436.json) (`2023-08-27T23:15:33.973`)
* [CVE-2023-30437](CVE-2023/CVE-2023-304xx/CVE-2023-30437.json) (`2023-08-27T23:15:34.117`)
* [CVE-2023-33852](CVE-2023/CVE-2023-338xx/CVE-2023-33852.json) (`2023-08-27T23:15:34.230`)
* [CVE-2023-38730](CVE-2023/CVE-2023-387xx/CVE-2023-38730.json) (`2023-08-27T23:15:34.383`)
* [CVE-2023-4557](CVE-2023/CVE-2023-45xx/CVE-2023-4557.json) (`2023-08-27T23:15:35.040`)
* [CVE-2023-4558](CVE-2023/CVE-2023-45xx/CVE-2023-4558.json) (`2023-08-27T23:15:36.730`)
* [CVE-2023-4559](CVE-2023/CVE-2023-45xx/CVE-2023-4559.json) (`2023-08-27T23:15:36.837`)
### CVEs modified in the last Commit