admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-09T16:00:32.817894+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-09 16:00:36 +00:00
parent 3f5ec4b993
commit d6fc0826cd
20 changed files with 1862 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
CVE-2020/CVE-2020-235xx/CVE-2020-23564.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2020-23564", "id": "CVE-2020-23564",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-05T02:15:09.423", "published": "2023-08-05T02:15:09.423",
"lastModified": "2023-08-06T12:01:01.827", "lastModified": "2023-08-09T14:59:47.673",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php." "value": "File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sem-cms:semcms:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EEB608-9B0A-4F4F-8AAE-A681F1AD2634"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/a1ertx55/cmstest/blob/main/semcms.md", "url": "https://github.com/a1ertx55/cmstest/blob/main/semcms.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/a1ertx55/cmstest/blob/master/semcms.md", "url": "https://github.com/a1ertx55/cmstest/blob/master/semcms.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

6
CVE-2022/CVE-2022-457xx/CVE-2022-45788.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-45788", "id": "CVE-2022-45788",
"sourceIdentifier": "cybersecurity@se.com", "sourceIdentifier": "cybersecurity@se.com",
"published": "2023-01-30T13:15:09.310", "published": "2023-01-30T13:15:09.310",
"lastModified": "2023-02-08T18:17:54.160", "lastModified": "2023-08-09T14:15:09.497",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure\u2122 Control Expert (All Versions), EcoStruxure\u2122 Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)" "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)\n\n"
} }
], ],
"metrics": { "metrics": {

6
CVE-2022/CVE-2022-457xx/CVE-2022-45789.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-45789", "id": "CVE-2022-45789",
"sourceIdentifier": "cybersecurity@se.com", "sourceIdentifier": "cybersecurity@se.com",
"published": "2023-01-31T06:15:07.920", "published": "2023-01-31T06:15:07.920",
"lastModified": "2023-02-07T18:37:14.653", "lastModified": "2023-08-09T14:15:10.130",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure\u2122 Control Expert (All Versions), EcoStruxure\u2122 Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)" "value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)\n\n"
} }
], ],
"metrics": { "metrics": {

64
CVE-2022/CVE-2022-467xx/CVE-2022-46782.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2022-46782", "id": "CVE-2022-46782",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-05T02:15:10.630", "published": "2023-08-05T02:15:10.630",
"lastModified": "2023-08-06T12:01:01.827", "lastModified": "2023-08-09T15:06:19.847",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine." "value": "An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stormshield:ssl_vpn_client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "4FB6E817-FE92-41D4-9E28-E0CD487CE963"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://advisories.stormshield.eu/2022-028/", "url": "https://advisories.stormshield.eu/2022-028/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

367
CVE-2023/CVE-2023-201xx/CVE-2023-20181.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20181", "id": "CVE-2023-20181",
"sourceIdentifier": "ykramarz@cisco.com", "sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:10.737", "published": "2023-08-03T22:15:10.737",
"lastModified": "2023-08-04T02:45:53.837", "lastModified": "2023-08-09T15:35:42.960",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "ykramarz@cisco.com", "source": "ykramarz@cisco.com",
"type": "Secondary", "type": "Secondary",
@ -34,10 +54,351 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa500ds_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBF9231-128E-4528-AAB9-75673CA4C525"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa500ds:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7B9304-CCA9-41C0-A6B9-032DC923420C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5E2A30-128B-4EE9-A232-9216D38E2A66"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B2A148-467A-4F10-945C-1F49A218BD4F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa501g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22F20D5D-F409-400B-9A9B-6B243CA40525"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa501g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73B67905-79ED-4771-B436-49868BA7C922"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa502g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "060BFBB6-B6F7-4C77-B572-DF37EDA0E4DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa502g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D371387F-C7CC-46BB-85E9-419EF97D2A00"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa504g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D423B5-88EE-40A3-A9F3-240D9431B1D9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa504g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FE12AB-1CC7-450D-88F2-7B06C51DCE7C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa508g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9F406D-1144-4B59-88A7-6A3157BAE785"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa508g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F38FDFF1-AD9D-40E1-A232-4B08AE0C4ABC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa509g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3746023-AA04-4ACB-AFD0-3EB6556DA5BF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa509g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C04DA66-1516-40ED-B8AC-504F8B2B1E88"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa512g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8337AA54-2683-425F-A0E7-3637B65F15AE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa512g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92A92FEE-7CB5-43B1-8AC3-00C077DD4A63"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa514g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE2B80D-E782-4CE0-8FB0-840BBA2C1DEE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa514g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C4089F-5B9F-4D69-8819-43B52309454F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa525_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EF9778-0B64-4D42-AFEB-58F2B61AF085"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa525:-:*:*:*:*:*:*:*",
"matchCriteriaId": "452622A5-5A5A-40F2-AD69-4158FEA1309E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa525g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1668FAAF-CFC0-4C42-B1A3-0649BD1CBCFD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa525g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5602EAB-6507-4B5B-A05B-4FED970B43D0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa525g2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1DDD99-5739-4B61-B468-F40F3AC454FA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa525g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58E0A339-CE89-4D27-B08D-BF151C9FF086"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F",
"source": "ykramarz@cisco.com" "source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

367
CVE-2023/CVE-2023-202xx/CVE-2023-20218.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20218", "id": "CVE-2023-20218",
"sourceIdentifier": "ykramarz@cisco.com", "sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:11.770", "published": "2023-08-03T22:15:11.770",
"lastModified": "2023-08-04T02:45:53.837", "lastModified": "2023-08-09T15:55:24.287",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "ykramarz@cisco.com", "source": "ykramarz@cisco.com",
"type": "Secondary", "type": "Secondary",
@ -34,10 +54,351 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa500ds_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBF9231-128E-4528-AAB9-75673CA4C525"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa500ds:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7B9304-CCA9-41C0-A6B9-032DC923420C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5E2A30-128B-4EE9-A232-9216D38E2A66"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B2A148-467A-4F10-945C-1F49A218BD4F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa501g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22F20D5D-F409-400B-9A9B-6B243CA40525"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa501g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73B67905-79ED-4771-B436-49868BA7C922"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa502g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "060BFBB6-B6F7-4C77-B572-DF37EDA0E4DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa502g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D371387F-C7CC-46BB-85E9-419EF97D2A00"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa504g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D423B5-88EE-40A3-A9F3-240D9431B1D9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa504g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FE12AB-1CC7-450D-88F2-7B06C51DCE7C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa508g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9F406D-1144-4B59-88A7-6A3157BAE785"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa508g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F38FDFF1-AD9D-40E1-A232-4B08AE0C4ABC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa509g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3746023-AA04-4ACB-AFD0-3EB6556DA5BF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa509g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C04DA66-1516-40ED-B8AC-504F8B2B1E88"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa512g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8337AA54-2683-425F-A0E7-3637B65F15AE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa512g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92A92FEE-7CB5-43B1-8AC3-00C077DD4A63"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa514g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE2B80D-E782-4CE0-8FB0-840BBA2C1DEE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa514g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C4089F-5B9F-4D69-8819-43B52309454F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa525_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EF9778-0B64-4D42-AFEB-58F2B61AF085"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa525:-:*:*:*:*:*:*:*",
"matchCriteriaId": "452622A5-5A5A-40F2-AD69-4158FEA1309E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa525g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1668FAAF-CFC0-4C42-B1A3-0649BD1CBCFD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa525g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5602EAB-6507-4B5B-A05B-4FED970B43D0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:spa525g2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1DDD99-5739-4B61-B468-F40F3AC454FA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:spa525g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58E0A339-CE89-4D27-B08D-BF151C9FF086"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F",
"source": "ykramarz@cisco.com" "source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

6
CVE-2023/CVE-2023-205xx/CVE-2023-20569.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20569", "id": "CVE-2023-20569",
"sourceIdentifier": "psirt@amd.com", "sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.530", "published": "2023-08-08T18:15:11.530",
"lastModified": "2023-08-08T21:15:09.367", "lastModified": "2023-08-09T14:15:10.507",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
@ -20,6 +20,10 @@
"url": "http://xenbits.xen.org/xsa/advisory-434.html", "url": "http://xenbits.xen.org/xsa/advisory-434.html",
"source": "psirt@amd.com" "source": "psirt@amd.com"
}, },
{
"url": "https://comsec.ethz.ch/research/microarch/inception/",
"source": "psirt@amd.com"
},
{ {
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005", "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005",
"source": "psirt@amd.com" "source": "psirt@amd.com"

140
CVE-2023/CVE-2023-207xx/CVE-2023-20793.json
View File

@ -2,19 +2,151 @@
"id": "CVE-2023-20793", "id": "CVE-2023-20793",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-08-07T04:15:13.323", "published": "2023-08-07T04:15:13.323",
"lastModified": "2023-08-07T12:57:21.007", "lastModified": "2023-08-09T15:16:44.627",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818." "value": "In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023", "url": "https://corp.mediatek.com/product-security-bulletin/August-2023",
"source": "security@mediatek.com" "source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

245
CVE-2023/CVE-2023-207xx/CVE-2023-20795.json
View File

@ -2,19 +2,256 @@
"id": "CVE-2023-20795", "id": "CVE-2023-20795",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-08-07T04:15:13.393", "published": "2023-08-07T04:15:13.393",
"lastModified": "2023-08-07T12:57:21.007", "lastModified": "2023-08-09T15:17:31.673",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07864900; Issue ID: ALPS07864900." "value": "In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07864900; Issue ID: ALPS07864900."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023", "url": "https://corp.mediatek.com/product-security-bulletin/August-2023",
"source": "security@mediatek.com" "source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

119
CVE-2023/CVE-2023-208xx/CVE-2023-20801.json
View File

@ -2,19 +2,130 @@
"id": "CVE-2023-20801", "id": "CVE-2023-20801",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-08-07T04:15:13.730", "published": "2023-08-07T04:15:13.730",
"lastModified": "2023-08-07T12:57:21.007", "lastModified": "2023-08-09T15:07:45.820",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys,\u00a0there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968." "value": "In imgsys,\u00a0there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023", "url": "https://corp.mediatek.com/product-security-bulletin/August-2023",
"source": "security@mediatek.com" "source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

83
CVE-2023/CVE-2023-333xx/CVE-2023-33383.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-33383", "id": "CVE-2023-33383",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-02T14:15:10.637", "published": "2023-08-02T14:15:10.637",
"lastModified": "2023-08-04T18:15:13.120", "lastModified": "2023-08-09T15:28:53.793",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload." "value": "Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:shelly:pro_4pm_firmware:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC88FF33-F6FF-438C-8F6E-FF6629147C8B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:shelly:pro_4pm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E93741-3A64-42DF-ACF3-9307EB9C5A8B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://packetstormsecurity.com/files/173954/Shelly-PRO-4PM-0.11.0-Authentication-Bypass.html", "url": "http://packetstormsecurity.com/files/173954/Shelly-PRO-4PM-0.11.0-Authentication-Bypass.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability", "url": "https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

24
CVE-2023/CVE-2023-345xx/CVE-2023-34545.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-34545",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T14:15:10.617",
"lastModified": "2023-08-09T14:15:10.617",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/komomon/24d3ea391af6f067c044fa47cb6c20d8",
"source": "cve@mitre.org"
},
{
"url": "https://www.cszcms.com/",
"source": "cve@mitre.org"
}
]
}

63
CVE-2023/CVE-2023-37xx/CVE-2023-3749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3749", "id": "CVE-2023-3749",
"sourceIdentifier": "productsecurity@jci.com", "sourceIdentifier": "productsecurity@jci.com",
"published": "2023-08-03T20:15:11.883", "published": "2023-08-03T20:15:11.883",
"lastModified": "2023-08-04T02:46:03.197", "lastModified": "2023-08-09T15:39:05.463",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{ {
"source": "productsecurity@jci.com", "source": "productsecurity@jci.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
},
{ {
"source": "productsecurity@jci.com", "source": "productsecurity@jci.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +76,39 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:videoedge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.1",
"matchCriteriaId": "BFB74B22-DB50-4014-BCAA-77CE74DAD21B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-04", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-04",
"source": "productsecurity@jci.com" "source": "productsecurity@jci.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}, },
{ {
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"source": "productsecurity@jci.com" "source": "productsecurity@jci.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

55
CVE-2023/CVE-2023-39xx/CVE-2023-3953.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3953",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-08-09T15:15:09.623",
"lastModified": "2023-08-09T15:15:09.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@se.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "cybersecurity@se.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-220-01.pdf",
"source": "cybersecurity@se.com"
}
]
}

61
CVE-2023/CVE-2023-41xx/CVE-2023-4182.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-4182", "id": "CVE-2023-4182",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-06T10:15:09.430", "published": "2023-08-06T10:15:09.430",
"lastModified": "2023-08-06T12:00:51.333", "lastModified": "2023-08-09T15:57:05.087",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-236217 was assigned to this vulnerability." "value": "A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-236217 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad, clasificada como cr\u00edtica, en SourceCodester Inventory Management System v1.0. Esto afecta a una parte desconocida del archivo \"edit_sell.php\". La manipulaci\u00f3n del argumento \"up_pid\" conduce a una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El identificador VDB-236217 fue asignado a esta vulnerabilidad. "
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
@ -71,14 +97,41 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inventory_management_system_project:inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3D9475-43F9-4544-973D-E5B41DDB2695"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://vuldb.com/?ctiid.236217", "url": "https://vuldb.com/?ctiid.236217",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.236217", "url": "https://vuldb.com/?id.236217",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

61
CVE-2023/CVE-2023-41xx/CVE-2023-4183.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-4183", "id": "CVE-2023-4183",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-06T11:15:09.047", "published": "2023-08-06T11:15:09.047",
"lastModified": "2023-08-06T12:00:51.333", "lastModified": "2023-08-09T15:56:40.387",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability." "value": "A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en SourceCodester Inventory Management System v1.0 y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo \"edit_update.php\" del componente \"Password Handler\". La manipulaci\u00f3n del argumento \"user_id\" conduce a controles de acceso inadecuados. El ataque puede iniciarse de forma remota. VDB-236218 es el identificador asignado a esta vulnerabilidad. "
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
@ -71,14 +97,41 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inventory_management_system_project:inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3D9475-43F9-4544-973D-E5B41DDB2695"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://vuldb.com/?ctiid.236218", "url": "https://vuldb.com/?ctiid.236218",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.236218", "url": "https://vuldb.com/?id.236218",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

57
CVE-2023/CVE-2023-41xx/CVE-2023-4184.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4184", "id": "CVE-2023-4184",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-06T12:15:09.263", "published": "2023-08-06T12:15:09.263",
"lastModified": "2023-08-07T12:57:26.370", "lastModified": "2023-08-09T15:55:32.980",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -15,6 +15,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
@ -75,14 +97,41 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inventory_management_system_project:inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3D9475-43F9-4544-973D-E5B41DDB2695"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://vuldb.com/?ctiid.236219", "url": "https://vuldb.com/?ctiid.236219",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.236219", "url": "https://vuldb.com/?id.236219",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

56
CVE-2023/CVE-2023-41xx/CVE-2023-4188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4188", "id": "CVE-2023-4188",
"sourceIdentifier": "security@huntr.dev", "sourceIdentifier": "security@huntr.dev",
"published": "2023-08-05T20:15:09.870", "published": "2023-08-05T20:15:09.870",
"lastModified": "2023-08-06T12:01:01.827", "lastModified": "2023-08-09T14:56:12.197",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -11,6 +11,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security@huntr.dev", "source": "security@huntr.dev",
@ -46,14 +68,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:instantcms:instantcms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.16.1",
"matchCriteriaId": "56EF3F9B-6CDB-4568-AF80-EEF6D72B72F6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/instantsoft/icms2/commit/1dbc3e6c8fbf5d2dc551cb27fad0de3584dee40f", "url": "https://github.com/instantsoft/icms2/commit/1dbc3e6c8fbf5d2dc551cb27fad0de3584dee40f",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://huntr.dev/bounties/fe9809b6-40ad-4e81-9197-a9aa42e8a7bf", "url": "https://huntr.dev/bounties/fe9809b6-40ad-4e81-9197-a9aa42e8a7bf",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-42xx/CVE-2023-4273.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-4273",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-09T15:15:09.823",
"lastModified": "2023-08-09T15:15:09.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4273",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221609",
"source": "secalert@redhat.com"
}
]
}

61
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-08-09T14:00:31.832047+00:00 2023-08-09T16:00:32.817894+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-08-09T13:49:52.743000+00:00 2023-08-09T15:57:05.087000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,51 +29,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
222156 222159
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `7` Recently added CVEs: `3`
* [CVE-2023-31448](CVE-2023/CVE-2023-314xx/CVE-2023-31448.json) (`2023-08-09T12:15:09.647`) * [CVE-2023-34545](CVE-2023/CVE-2023-345xx/CVE-2023-34545.json) (`2023-08-09T14:15:10.617`)
* [CVE-2023-31449](CVE-2023/CVE-2023-314xx/CVE-2023-31449.json) (`2023-08-09T12:15:09.823`) * [CVE-2023-3953](CVE-2023/CVE-2023-39xx/CVE-2023-3953.json) (`2023-08-09T15:15:09.623`)
* [CVE-2023-31450](CVE-2023/CVE-2023-314xx/CVE-2023-31450.json) (`2023-08-09T12:15:09.897`) * [CVE-2023-4273](CVE-2023/CVE-2023-42xx/CVE-2023-4273.json) (`2023-08-09T15:15:09.823`)
* [CVE-2023-31452](CVE-2023/CVE-2023-314xx/CVE-2023-31452.json) (`2023-08-09T12:15:09.970`)
* [CVE-2023-32781](CVE-2023/CVE-2023-327xx/CVE-2023-32781.json) (`2023-08-09T12:15:10.047`)
* [CVE-2023-32782](CVE-2023/CVE-2023-327xx/CVE-2023-32782.json) (`2023-08-09T12:15:10.127`)
* [CVE-2023-33953](CVE-2023/CVE-2023-339xx/CVE-2023-33953.json) (`2023-08-09T13:15:09.370`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `54` Recently modified CVEs: `16`
* [CVE-2023-37856](CVE-2023/CVE-2023-378xx/CVE-2023-37856.json) (`2023-08-09T12:46:53.387`) * [CVE-2020-23564](CVE-2020/CVE-2020-235xx/CVE-2020-23564.json) (`2023-08-09T14:59:47.673`)
* [CVE-2023-37857](CVE-2023/CVE-2023-378xx/CVE-2023-37857.json) (`2023-08-09T12:46:53.387`) * [CVE-2022-45788](CVE-2022/CVE-2022-457xx/CVE-2022-45788.json) (`2023-08-09T14:15:09.497`)
* [CVE-2023-37858](CVE-2023/CVE-2023-378xx/CVE-2023-37858.json) (`2023-08-09T12:46:53.387`) * [CVE-2022-45789](CVE-2022/CVE-2022-457xx/CVE-2022-45789.json) (`2023-08-09T14:15:10.130`)
* [CVE-2023-37859](CVE-2023/CVE-2023-378xx/CVE-2023-37859.json) (`2023-08-09T12:46:53.387`) * [CVE-2022-46782](CVE-2022/CVE-2022-467xx/CVE-2022-46782.json) (`2023-08-09T15:06:19.847`)
* [CVE-2023-37860](CVE-2023/CVE-2023-378xx/CVE-2023-37860.json) (`2023-08-09T12:46:53.387`) * [CVE-2023-20569](CVE-2023/CVE-2023-205xx/CVE-2023-20569.json) (`2023-08-09T14:15:10.507`)
* [CVE-2023-37861](CVE-2023/CVE-2023-378xx/CVE-2023-37861.json) (`2023-08-09T12:46:53.387`) * [CVE-2023-4188](CVE-2023/CVE-2023-41xx/CVE-2023-4188.json) (`2023-08-09T14:56:12.197`)
* [CVE-2023-37862](CVE-2023/CVE-2023-378xx/CVE-2023-37862.json) (`2023-08-09T12:46:53.387`) * [CVE-2023-20801](CVE-2023/CVE-2023-208xx/CVE-2023-20801.json) (`2023-08-09T15:07:45.820`)
* [CVE-2023-37863](CVE-2023/CVE-2023-378xx/CVE-2023-37863.json) (`2023-08-09T12:46:53.387`) * [CVE-2023-20793](CVE-2023/CVE-2023-207xx/CVE-2023-20793.json) (`2023-08-09T15:16:44.627`)
* [CVE-2023-37864](CVE-2023/CVE-2023-378xx/CVE-2023-37864.json) (`2023-08-09T12:46:53.387`) * [CVE-2023-20795](CVE-2023/CVE-2023-207xx/CVE-2023-20795.json) (`2023-08-09T15:17:31.673`)
* [CVE-2023-39209](CVE-2023/CVE-2023-392xx/CVE-2023-39209.json) (`2023-08-09T12:47:02.767`) * [CVE-2023-33383](CVE-2023/CVE-2023-333xx/CVE-2023-33383.json) (`2023-08-09T15:28:53.793`)
* [CVE-2023-39210](CVE-2023/CVE-2023-392xx/CVE-2023-39210.json) (`2023-08-09T12:47:02.767`) * [CVE-2023-20181](CVE-2023/CVE-2023-201xx/CVE-2023-20181.json) (`2023-08-09T15:35:42.960`)
* [CVE-2023-39211](CVE-2023/CVE-2023-392xx/CVE-2023-39211.json) (`2023-08-09T12:47:02.767`) * [CVE-2023-3749](CVE-2023/CVE-2023-37xx/CVE-2023-3749.json) (`2023-08-09T15:39:05.463`)
* [CVE-2023-39212](CVE-2023/CVE-2023-392xx/CVE-2023-39212.json) (`2023-08-09T12:47:02.767`) * [CVE-2023-20218](CVE-2023/CVE-2023-202xx/CVE-2023-20218.json) (`2023-08-09T15:55:24.287`)
* [CVE-2023-39213](CVE-2023/CVE-2023-392xx/CVE-2023-39213.json) (`2023-08-09T12:47:02.767`) * [CVE-2023-4184](CVE-2023/CVE-2023-41xx/CVE-2023-4184.json) (`2023-08-09T15:55:32.980`)
* [CVE-2023-39214](CVE-2023/CVE-2023-392xx/CVE-2023-39214.json) (`2023-08-09T12:47:02.767`) * [CVE-2023-4183](CVE-2023/CVE-2023-41xx/CVE-2023-4183.json) (`2023-08-09T15:56:40.387`)
* [CVE-2023-39951](CVE-2023/CVE-2023-399xx/CVE-2023-39951.json) (`2023-08-09T12:47:02.767`) * [CVE-2023-4182](CVE-2023/CVE-2023-41xx/CVE-2023-4182.json) (`2023-08-09T15:57:05.087`)
* [CVE-2023-39341](CVE-2023/CVE-2023-393xx/CVE-2023-39341.json) (`2023-08-09T12:47:02.767`)
* [CVE-2023-38702](CVE-2023/CVE-2023-387xx/CVE-2023-38702.json) (`2023-08-09T13:15:10.613`)
* [CVE-2023-4159](CVE-2023/CVE-2023-41xx/CVE-2023-4159.json) (`2023-08-09T13:15:41.000`)
* [CVE-2023-4157](CVE-2023/CVE-2023-41xx/CVE-2023-4157.json) (`2023-08-09T13:16:43.537`)
* [CVE-2023-38695](CVE-2023/CVE-2023-386xx/CVE-2023-38695.json) (`2023-08-09T13:18:50.527`)
* [CVE-2023-38692](CVE-2023/CVE-2023-386xx/CVE-2023-38692.json) (`2023-08-09T13:19:09.430`)
* [CVE-2023-20800](CVE-2023/CVE-2023-208xx/CVE-2023-20800.json) (`2023-08-09T13:25:26.837`)
* [CVE-2023-20797](CVE-2023/CVE-2023-207xx/CVE-2023-20797.json) (`2023-08-09T13:39:25.510`)
* [CVE-2023-20798](CVE-2023/CVE-2023-207xx/CVE-2023-20798.json) (`2023-08-09T13:49:52.743`)
## Download and Usage ## Download and Usage