admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-26T23:55:25.310449+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-26 23:55:28 +00:00
parent 0e1efd81d7
commit d385cfd8fe
74 changed files with 1839 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2020/CVE-2020-202xx/CVE-2020-20210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-20210",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T18:15:09.407",
"lastModified": "2023-06-26T18:15:09.407",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:28.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2020/CVE-2020-230xx/CVE-2020-23064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-23064",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T19:15:09.450",
"lastModified": "2023-06-26T19:15:09.450",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:28.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2020/CVE-2020-230xx/CVE-2020-23065.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-23065",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T19:15:09.517",
"lastModified": "2023-06-26T20:15:09.707",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:28.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2020/CVE-2020-230xx/CVE-2020-23066.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-23066",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T19:15:09.590",
"lastModified": "2023-06-26T19:15:09.590",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:28.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2021/CVE-2021-316xx/CVE-2021-31635.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-31635",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T19:15:09.667",
"lastModified": "2023-06-26T19:15:09.667",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:28.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

75
CVE-2022/CVE-2022-483xx/CVE-2022-48330.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2022-48330",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-16T13:15:09.243",
"lastModified": "2023-06-16T16:41:02.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-26T22:34:39.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0(H100SP22C00)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:flmg-10_firmware:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D556171-B26F-40C1-B05E-01C9185C5060"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:huawei:flmg-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8AC0B1F-0F85-4F9C-BF6A-E8E64BA937A5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-oobwviatp-89e403d4-en",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2022/CVE-2022-484xx/CVE-2022-48469.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2022-48469",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-16T13:15:09.293",
"lastModified": "2023-06-16T16:41:02.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-26T22:31:19.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a traffic hijacking vulnerability in Huawei routers. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.\u00a0"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:b535-232a_firmware:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0852D3-A2A0-4F04-86EF-D4DC1FED505E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:huawei:b535-232a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31DCAA8B-88D9-44FB-90A5-6ABCACA1301E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-thvihr-7015cbae-en",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2022/CVE-2022-484xx/CVE-2022-48471.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2022-48471",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-16T13:15:09.337",
"lastModified": "2023-06-16T16:41:02.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-26T22:27:46.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer service to be abnormal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-436"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:bisheng-wnm_firmware:3.0.0.325:*:*:*:*:*:*:*",
"matchCriteriaId": "F42BA355-01FF-4342-B91F-53B19423EA7C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:huawei:bisheng-wnm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "302CD065-898D-4B34-BCBC-D7781B4B362A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-moivihp-73cabdde-en",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2022/CVE-2022-484xx/CVE-2022-48472.json
View File

@ -2,19 +2,96 @@
"id": "CVE-2022-48472",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-16T13:15:09.377",
"lastModified": "2023-06-16T16:41:02.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-26T22:26:48.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:bisheng-wnm_firmware:2.0.0.211:*:*:*:*:*:*:*",
"matchCriteriaId": "E655EAC7-4C88-42DE-B94D-D6DD8C99D3D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:bisheng-wnm_firmware:3.0.0.325:*:*:*:*:*:*:*",
"matchCriteriaId": "F42BA355-01FF-4342-B91F-53B19423EA7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:ota-bisheng_firmware:2.0.0.211:beta:*:*:*:*:*:*",
"matchCriteriaId": "4338A19E-65D8-47BA-B897-D8CCD4C3D652"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:huawei:bisheng-wnm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "302CD065-898D-4B34-BCBC-D7781B4B362A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-sciviahpp-6bcddec5-en",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2022/CVE-2022-484xx/CVE-2022-48473.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2022-48473",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-16T13:15:09.417",
"lastModified": "2023-06-16T16:41:02.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-26T22:26:18.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer service to be abnormal."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de malinterpretaci\u00f3n de entrada en las impresoras Huawei. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar que el servicio de la impresora sea anormal. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-436"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:bisheng-wnm_firmware:3.0.0.325:*:*:*:*:*:*:*",
"matchCriteriaId": "F42BA355-01FF-4342-B91F-53B19423EA7C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:huawei:bisheng-wnm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "302CD065-898D-4B34-BCBC-D7781B4B362A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-moivihp-2f201af9-en",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-20xx/CVE-2023-2005.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2005",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-06-26T18:15:09.580",
"lastModified": "2023-06-26T18:15:09.580",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:28.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-22xx/CVE-2023-2290.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2290",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-06-26T20:15:09.867",
"lastModified": "2023-06-26T20:15:09.867",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

268
CVE-2023/CVE-2023-256xx/CVE-2023-25645.json
View File

@ -2,19 +2,279 @@
"id": "CVE-2023-25645",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-06-16T19:15:14.527",
"lastModified": "2023-06-17T02:32:29.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-26T22:19:11.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:up_t2_4k_firmware:v84511302.1427:*:*:*:*:*:*:*",
"matchCriteriaId": "7A170ABC-EAA7-40D1-896C-DAD16C8D7260"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:up_t2_4k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF5A786F-6CC1-489B-9F5F-CACE8E330A51"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0038:*:*:*:*:*:*:*",
"matchCriteriaId": "23D6C7DB-D959-473D-BBA5-B096EDCBE338"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0040:*:*:*:*:*:*:*",
"matchCriteriaId": "966CA470-382E-4441-AB66-612B7B13BAD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0045:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9A54F0-6C6A-4D6D-971F-CCB00EBE0EF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0049:*:*:*:*:*:*:*",
"matchCriteriaId": "F0917421-77D0-4570-93EB-20E43BE956FC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:zxv10_b866v2-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E91F392B-2958-45B3-917F-5DCEDE09D57A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82811306.3021:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CE2F78-3030-4ED6-801E-A0921BFFAE93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1027:*:*:*:*:*:*:*",
"matchCriteriaId": "2F181A93-93A7-4866-BA9B-837CBC2EFFF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1028:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7CEFFF-CDB8-4BA7-95F7-E131B77B9891"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1029:*:*:*:*:*:*:*",
"matchCriteriaId": "1E57517D-2A2F-416A-A2A0-BCF8435D6F63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.2012:*:*:*:*:*:*:*",
"matchCriteriaId": "85272C45-5AD6-43A4-80E0-78B796940FB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0016:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B74E25-442D-486D-98FD-383B2ED3989F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0018:*:*:*:*:*:*:*",
"matchCriteriaId": "9C15F806-081C-4575-860D-B087D23BD6A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0019:*:*:*:*:*:*:*",
"matchCriteriaId": "F374A943-A473-415C-BBDE-DBBEF0E07BF4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:zxv10_b866v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F37D926-BA5B-4081-97C4-B8B87D90D9BD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0049:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1243D2-F92D-4C57-9AA0-2AB6B07BA381"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0051:*:*:*:*:*:*:*",
"matchCriteriaId": "D79ABA22-FCDD-465A-9DB4-599341370D75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0053:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAA0753-52FA-4FEA-8388-66D80E17E443"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0063:*:*:*:*:*:*:*",
"matchCriteriaId": "B5270126-8727-41F0-B7BA-4707A9E955EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0069:*:*:*:*:*:*:*",
"matchCriteriaId": "57A8F5A1-C8FA-4AE9-B72C-461E91C01803"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:zxv10_b860h_v5d0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE5EFFC-3198-4449-876D-BF28E5161454"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FBE4772-CFC5-446A-8145-0A01C6056151"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0031:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5A0349-1394-4B46-9F86-DE5D761CAED4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0033:*:*:*:*:*:*:*",
"matchCriteriaId": "28F830CA-2318-420A-9E8B-6B7A8CDFD56B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0035:*:*:*:*:*:*:*",
"matchCriteriaId": "8175D049-DEFB-4234-9E80-67328E3D3418"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:zxv10_b866v2f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39271F84-DD7F-4A5B-B907-F7712F31EAAB"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1031464",
"source": "psirt@zte.com.cn"
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-270xx/CVE-2023-27082.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27082",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T20:15:09.817",
"lastModified": "2023-06-26T20:15:09.817",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-289xx/CVE-2023-28929.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-28929",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:09.733",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started."
}
],
"metrics": {},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062",
"source": "security@trendmicro.com"
}
]
}

4
CVE-2023/CVE-2023-29xx/CVE-2023-2992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2992",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-06-26T20:15:09.933",
"lastModified": "2023-06-26T20:15:09.933",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-29xx/CVE-2023-2993.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2993",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-06-26T20:15:10.000",
"lastModified": "2023-06-26T20:15:10.000",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-309xx/CVE-2023-30902.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-30902",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:09.793",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"source": "security@trendmicro.com"
}
]
}

43
CVE-2023/CVE-2023-309xx/CVE-2023-30945.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-30945",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-06-26T23:15:09.193",
"lastModified": "2023-06-26T23:15:09.193",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=e62e4dad-b39b-48ba-ba30-7b7c83406ad9",
"source": "cve-coordination@palantir.com"
}
]
}

6
CVE-2023/CVE-2023-311xx/CVE-2023-31130.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31130",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-25T22:15:09.760",
"lastModified": "2023-06-07T10:15:09.290",
"lastModified": "2023-06-26T22:15:09.840",
"vulnStatus": "Modified",
"descriptions": [
{
@ -129,6 +129,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/",
"source": "security-advisories@github.com",

4
CVE-2023/CVE-2023-31xx/CVE-2023-3113.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3113",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-06-26T20:15:10.653",
"lastModified": "2023-06-26T20:15:10.653",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-320xx/CVE-2023-32067.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-32067",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-25T23:15:09.380",
"lastModified": "2023-06-07T10:15:09.637",
"lastModified": "2023-06-26T22:15:09.937",
"vulnStatus": "Modified",
"descriptions": [
{
@ -129,6 +129,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/",
"source": "security-advisories@github.com",

24
CVE-2023/CVE-2023-325xx/CVE-2023-32521.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32521",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.017",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.tenable.com/security/research/tra-2023-17",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32522.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32522",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.057",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.tenable.com/security/research/tra-2023-17",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32523.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32523",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.097",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.\r\n\r\nThis is similar to, but not identical to CVE-2023-32524."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-587/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32524.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32524",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.140",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.\r\n\r\nThis is similar to, but not identical to CVE-2023-32523."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-588/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32525.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32525",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.183",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. \r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32526."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-589/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32526.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32526",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.227",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. \r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32525."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-586/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32527.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32527",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.273",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32528."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-590/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32528.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32528",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.317",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32527."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-591/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32529.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32529",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.360",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution.\r\n\r\nPlease note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities.\r\n\r\nThis is similar to, but not identical to CVE-2023-32530."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-652/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32530.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32530",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.407",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution.\r\n\r\nPlease note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities.\r\n\r\nThis is similar to, but not identical to CVE-2023-32529."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-654/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32531.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32531",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.450",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.\r\n\r\nThis is similar to, but not identical to CVE-2023-32532 through 32535."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-724/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32532.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32532",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.497",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.\r\n\r\nThis is similar to, but not identical to CVE-2023-32531 through 32535."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-723/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32533.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32533",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.540",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.\r\n\r\nThis is similar to, but not identical to CVE-2023-32531 through 32535."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-726/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32534.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32534",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.587",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.\r\n\r\nThis is similar to, but not identical to CVE-2023-32531 through 32535."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-725/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32535.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32535",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.630",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.\r\n\r\nThis is similar to, but not identical to CVE-2023-32531 through 32534."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-857/",
"source": "security@trendmicro.com"
}
]
}

20
CVE-2023/CVE-2023-325xx/CVE-2023-32536.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32536",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.670",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32537."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"source": "security@trendmicro.com"
}
]
}

20
CVE-2023/CVE-2023-325xx/CVE-2023-32537.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32537",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.713",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32536."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32552.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32552",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.757",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.\r\n\r\nThis is similar to, but not identical to CVE-2023-32553"
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-655/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32553.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32553",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.803",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.\r\n\r\nThis is similar to, but not identical to CVE-2023-32552."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-653/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32554.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32554",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.847",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32555."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-657/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32555.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32555",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.890",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32554."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-656/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32556.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32556",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.933",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-651/",
"source": "security@trendmicro.com"
}
]
}

20
CVE-2023/CVE-2023-325xx/CVE-2023-32557.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32557",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.977",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"source": "security@trendmicro.com"
}
]
}

20
CVE-2023/CVE-2023-326xx/CVE-2023-32604.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32604",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.020",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32605."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"source": "security@trendmicro.com"
}
]
}

20
CVE-2023/CVE-2023-326xx/CVE-2023-32605.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32605",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.063",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32604."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"source": "security@trendmicro.com"
}
]
}

4
CVE-2023/CVE-2023-331xx/CVE-2023-33176.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33176",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-26T20:15:10.063",
"lastModified": "2023-06-26T20:15:10.063",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-334xx/CVE-2023-33404.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33404",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T20:15:10.137",
"lastModified": "2023-06-26T20:15:10.137",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-341xx/CVE-2023-34144.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-34144",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.107",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34145."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-835/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-341xx/CVE-2023-34145.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-34145",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.147",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34144."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-836/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-341xx/CVE-2023-34146.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-34146",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.187",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-832/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-341xx/CVE-2023-34147.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-34147",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.230",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-833/",
"source": "security@trendmicro.com"
}
]
}

24
CVE-2023/CVE-2023-341xx/CVE-2023-34148.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-34148",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.270",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-834/",
"source": "security@trendmicro.com"
}
]
}

4
CVE-2023/CVE-2023-344xx/CVE-2023-34418.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34418",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-06-26T20:15:10.183",
"lastModified": "2023-06-26T20:15:10.183",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-344xx/CVE-2023-34420.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34420",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-06-26T20:15:10.247",
"lastModified": "2023-06-26T20:15:10.247",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-344xx/CVE-2023-34421.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34421",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-06-26T20:15:10.307",
"lastModified": "2023-06-26T20:15:10.307",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-344xx/CVE-2023-34422.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34422",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-06-26T20:15:10.370",
"lastModified": "2023-06-26T20:15:10.370",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-344xx/CVE-2023-34463.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34463",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-26T21:15:09.363",
"lastModified": "2023-06-26T21:15:09.363",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-347xx/CVE-2023-34733.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-34733",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T17:15:12.027",
"lastModified": "2023-06-16T18:24:22.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-26T22:21:25.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vw:discover_media_infotainment_system:0876:*:*:*:*:*:*:*",
"matchCriteriaId": "86BCF95D-1340-41F7-A306-0F672059AA44"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zj3t/Automotive-vulnerabilities/tree/main/VW/jetta2021",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

4
CVE-2023/CVE-2023-349xx/CVE-2023-34924.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34924",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T21:15:09.437",
"lastModified": "2023-06-26T21:15:09.437",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-34xx/CVE-2023-3420.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3420",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-26T21:15:09.557",
"lastModified": "2023-06-26T21:15:09.557",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-34xx/CVE-2023-3421.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3421",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-26T21:15:09.597",
"lastModified": "2023-06-26T21:15:09.597",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-34xx/CVE-2023-3422.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3422",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-26T21:15:09.640",
"lastModified": "2023-06-26T21:15:09.640",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-351xx/CVE-2023-35164.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35164",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-26T22:15:11.317",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://github.com/dataease/dataease/security/advisories/GHSA-grxm-fc3h-3qgj",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-351xx/CVE-2023-35168.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35168",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-26T21:15:09.483",
"lastModified": "2023-06-26T21:15:09.483",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-351xx/CVE-2023-35170.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35170",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-26T20:15:10.437",
"lastModified": "2023-06-26T20:15:10.437",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-356xx/CVE-2023-35695.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-35695",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.387",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product."
}
],
"metrics": {},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"source": "security@trendmicro.com"
},
{
"url": "https://www.tenable.com/security/research/tra-2023-17",
"source": "security@trendmicro.com"
}
]
}

110
CVE-2023/CVE-2023-357xx/CVE-2023-35784.json
View File

@ -2,39 +2,131 @@
"id": "CVE-2023-35784",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T20:15:09.493",
"lastModified": "2023-06-17T02:32:29.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-26T22:16:35.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
},
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.6.3",
"matchCriteriaId": "784B0777-194D-4E4A-874F-198BD201B508"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.0",
"versionEndExcluding": "3.7.3",
"matchCriteriaId": "0E68DCDD-212C-4EF0-AF5D-23CD66073680"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6EC6AC-E2DE-4166-A762-AB6A88DF1C1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C8A4344-6ABE-4626-ADA4-3FA91F8D76C7"
}
]
}
]
}
],
"references": [
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sig",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sig",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/libressl/openbsd/commit/1d6680b3682f8caba78c627dee60c76da6e20dd7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/libressl/openbsd/commit/96094ca8757b95298f49d65c813f303bd514b27b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

69
CVE-2023/CVE-2023-357xx/CVE-2023-35789.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-35789",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T21:15:09.383",
"lastModified": "2023-06-17T02:32:29.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-26T22:14:37.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.13.0",
"matchCriteriaId": "0779926A-A815-414D-AC29-05303D1FE451"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/alanxz/rabbitmq-c/issues/575",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/alanxz/rabbitmq-c/pull/781",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

4
CVE-2023/CVE-2023-359xx/CVE-2023-35930.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35930",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-26T20:15:10.507",
"lastModified": "2023-06-26T20:15:10.507",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-359xx/CVE-2023-35933.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35933",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-26T20:15:10.580",
"lastModified": "2023-06-26T20:15:10.580",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-362xx/CVE-2023-36252.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36252",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T19:15:09.773",
"lastModified": "2023-06-26T19:15:09.773",
"vulnStatus": "Received",
"lastModified": "2023-06-26T22:13:28.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

81
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-26T22:00:26.747303+00:00
2023-06-26T23:55:25.310449+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-26T21:15:09.640000+00:00
2023-06-26T23:15:09.193000+00:00
```
### Last Data Feed Release
@ -29,40 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
218582
218617
```
### CVEs added in the last Commit
Recently added CVEs: `20`
Recently added CVEs: `35`
* [CVE-2023-27082](CVE-2023/CVE-2023-270xx/CVE-2023-27082.json) (`2023-06-26T20:15:09.817`)
* [CVE-2023-2290](CVE-2023/CVE-2023-22xx/CVE-2023-2290.json) (`2023-06-26T20:15:09.867`)
* [CVE-2023-2992](CVE-2023/CVE-2023-29xx/CVE-2023-2992.json) (`2023-06-26T20:15:09.933`)
* [CVE-2023-2993](CVE-2023/CVE-2023-29xx/CVE-2023-2993.json) (`2023-06-26T20:15:10.000`)
* [CVE-2023-33176](CVE-2023/CVE-2023-331xx/CVE-2023-33176.json) (`2023-06-26T20:15:10.063`)
* [CVE-2023-33404](CVE-2023/CVE-2023-334xx/CVE-2023-33404.json) (`2023-06-26T20:15:10.137`)
* [CVE-2023-34418](CVE-2023/CVE-2023-344xx/CVE-2023-34418.json) (`2023-06-26T20:15:10.183`)
* [CVE-2023-34420](CVE-2023/CVE-2023-344xx/CVE-2023-34420.json) (`2023-06-26T20:15:10.247`)
* [CVE-2023-34421](CVE-2023/CVE-2023-344xx/CVE-2023-34421.json) (`2023-06-26T20:15:10.307`)
* [CVE-2023-34422](CVE-2023/CVE-2023-344xx/CVE-2023-34422.json) (`2023-06-26T20:15:10.370`)
* [CVE-2023-35170](CVE-2023/CVE-2023-351xx/CVE-2023-35170.json) (`2023-06-26T20:15:10.437`)
* [CVE-2023-35930](CVE-2023/CVE-2023-359xx/CVE-2023-35930.json) (`2023-06-26T20:15:10.507`)
* [CVE-2023-35933](CVE-2023/CVE-2023-359xx/CVE-2023-35933.json) (`2023-06-26T20:15:10.580`)
* [CVE-2023-3113](CVE-2023/CVE-2023-31xx/CVE-2023-3113.json) (`2023-06-26T20:15:10.653`)
* [CVE-2023-34463](CVE-2023/CVE-2023-344xx/CVE-2023-34463.json) (`2023-06-26T21:15:09.363`)
* [CVE-2023-34924](CVE-2023/CVE-2023-349xx/CVE-2023-34924.json) (`2023-06-26T21:15:09.437`)
* [CVE-2023-35168](CVE-2023/CVE-2023-351xx/CVE-2023-35168.json) (`2023-06-26T21:15:09.483`)
* [CVE-2023-3420](CVE-2023/CVE-2023-34xx/CVE-2023-3420.json) (`2023-06-26T21:15:09.557`)
* [CVE-2023-3421](CVE-2023/CVE-2023-34xx/CVE-2023-3421.json) (`2023-06-26T21:15:09.597`)
* [CVE-2023-3422](CVE-2023/CVE-2023-34xx/CVE-2023-3422.json) (`2023-06-26T21:15:09.640`)
* [CVE-2023-32557](CVE-2023/CVE-2023-325xx/CVE-2023-32557.json) (`2023-06-26T22:15:10.977`)
* [CVE-2023-32604](CVE-2023/CVE-2023-326xx/CVE-2023-32604.json) (`2023-06-26T22:15:11.020`)
* [CVE-2023-32605](CVE-2023/CVE-2023-326xx/CVE-2023-32605.json) (`2023-06-26T22:15:11.063`)
* [CVE-2023-34144](CVE-2023/CVE-2023-341xx/CVE-2023-34144.json) (`2023-06-26T22:15:11.107`)
* [CVE-2023-34145](CVE-2023/CVE-2023-341xx/CVE-2023-34145.json) (`2023-06-26T22:15:11.147`)
* [CVE-2023-34146](CVE-2023/CVE-2023-341xx/CVE-2023-34146.json) (`2023-06-26T22:15:11.187`)
* [CVE-2023-34147](CVE-2023/CVE-2023-341xx/CVE-2023-34147.json) (`2023-06-26T22:15:11.230`)
* [CVE-2023-34148](CVE-2023/CVE-2023-341xx/CVE-2023-34148.json) (`2023-06-26T22:15:11.270`)
* [CVE-2023-35164](CVE-2023/CVE-2023-351xx/CVE-2023-35164.json) (`2023-06-26T22:15:11.317`)
* [CVE-2023-35695](CVE-2023/CVE-2023-356xx/CVE-2023-35695.json) (`2023-06-26T22:15:11.387`)
* [CVE-2023-28929](CVE-2023/CVE-2023-289xx/CVE-2023-28929.json) (`2023-06-26T22:15:09.733`)
* [CVE-2023-30902](CVE-2023/CVE-2023-309xx/CVE-2023-30902.json) (`2023-06-26T22:15:09.793`)
* [CVE-2023-32521](CVE-2023/CVE-2023-325xx/CVE-2023-32521.json) (`2023-06-26T22:15:10.017`)
* [CVE-2023-32522](CVE-2023/CVE-2023-325xx/CVE-2023-32522.json) (`2023-06-26T22:15:10.057`)
* [CVE-2023-32523](CVE-2023/CVE-2023-325xx/CVE-2023-32523.json) (`2023-06-26T22:15:10.097`)
* [CVE-2023-32524](CVE-2023/CVE-2023-325xx/CVE-2023-32524.json) (`2023-06-26T22:15:10.140`)
* [CVE-2023-32525](CVE-2023/CVE-2023-325xx/CVE-2023-32525.json) (`2023-06-26T22:15:10.183`)
* [CVE-2023-32526](CVE-2023/CVE-2023-325xx/CVE-2023-32526.json) (`2023-06-26T22:15:10.227`)
* [CVE-2023-32527](CVE-2023/CVE-2023-325xx/CVE-2023-32527.json) (`2023-06-26T22:15:10.273`)
* [CVE-2023-32528](CVE-2023/CVE-2023-325xx/CVE-2023-32528.json) (`2023-06-26T22:15:10.317`)
* [CVE-2023-32529](CVE-2023/CVE-2023-325xx/CVE-2023-32529.json) (`2023-06-26T22:15:10.360`)
* [CVE-2023-32530](CVE-2023/CVE-2023-325xx/CVE-2023-32530.json) (`2023-06-26T22:15:10.407`)
* [CVE-2023-32531](CVE-2023/CVE-2023-325xx/CVE-2023-32531.json) (`2023-06-26T22:15:10.450`)
* [CVE-2023-32532](CVE-2023/CVE-2023-325xx/CVE-2023-32532.json) (`2023-06-26T22:15:10.497`)
* [CVE-2023-30945](CVE-2023/CVE-2023-309xx/CVE-2023-30945.json) (`2023-06-26T23:15:09.193`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `38`
* [CVE-2020-23065](CVE-2020/CVE-2020-230xx/CVE-2020-23065.json) (`2023-06-26T20:15:09.707`)
* [CVE-2023-2993](CVE-2023/CVE-2023-29xx/CVE-2023-2993.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-33176](CVE-2023/CVE-2023-331xx/CVE-2023-33176.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-33404](CVE-2023/CVE-2023-334xx/CVE-2023-33404.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-34418](CVE-2023/CVE-2023-344xx/CVE-2023-34418.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-34420](CVE-2023/CVE-2023-344xx/CVE-2023-34420.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-34421](CVE-2023/CVE-2023-344xx/CVE-2023-34421.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-34422](CVE-2023/CVE-2023-344xx/CVE-2023-34422.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-35170](CVE-2023/CVE-2023-351xx/CVE-2023-35170.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-35930](CVE-2023/CVE-2023-359xx/CVE-2023-35930.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-35933](CVE-2023/CVE-2023-359xx/CVE-2023-35933.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-3113](CVE-2023/CVE-2023-31xx/CVE-2023-3113.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-34463](CVE-2023/CVE-2023-344xx/CVE-2023-34463.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-34924](CVE-2023/CVE-2023-349xx/CVE-2023-34924.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-35168](CVE-2023/CVE-2023-351xx/CVE-2023-35168.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-3420](CVE-2023/CVE-2023-34xx/CVE-2023-3420.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-3421](CVE-2023/CVE-2023-34xx/CVE-2023-3421.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-3422](CVE-2023/CVE-2023-34xx/CVE-2023-3422.json) (`2023-06-26T22:13:24.933`)
* [CVE-2023-2005](CVE-2023/CVE-2023-20xx/CVE-2023-2005.json) (`2023-06-26T22:13:28.460`)
* [CVE-2023-36252](CVE-2023/CVE-2023-362xx/CVE-2023-36252.json) (`2023-06-26T22:13:28.460`)
* [CVE-2023-35789](CVE-2023/CVE-2023-357xx/CVE-2023-35789.json) (`2023-06-26T22:14:37.633`)
* [CVE-2023-31130](CVE-2023/CVE-2023-311xx/CVE-2023-31130.json) (`2023-06-26T22:15:09.840`)
* [CVE-2023-32067](CVE-2023/CVE-2023-320xx/CVE-2023-32067.json) (`2023-06-26T22:15:09.937`)
* [CVE-2023-35784](CVE-2023/CVE-2023-357xx/CVE-2023-35784.json) (`2023-06-26T22:16:35.380`)
* [CVE-2023-25645](CVE-2023/CVE-2023-256xx/CVE-2023-25645.json) (`2023-06-26T22:19:11.390`)
* [CVE-2023-34733](CVE-2023/CVE-2023-347xx/CVE-2023-34733.json) (`2023-06-26T22:21:25.547`)
## Download and Usage