admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-04T06:00:23.819383+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-04 08:00:26 +02:00
parent df5a5de600
commit d8877c20e5
3 changed files with 140 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2023/CVE-2023-261xx/CVE-2023-26125.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-26125",
"sourceIdentifier": "report@snyk.io",
"published": "2023-05-04T05:15:09.163",
"lastModified": "2023-05-04T05:15:09.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning.\r\r**Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://github.com/gin-gonic/gin/pull/3500",
"source": "report@snyk.io"
},
{
"url": "https://github.com/gin-gonic/gin/pull/3503",
"source": "report@snyk.io"
},
{
"url": "https://github.com/gin-gonic/gin/releases/tag/v1.9.0",
"source": "report@snyk.io"
},
{
"url": "https://github.com/t0rchwo0d/gin/commit/fd9f98e70fb4107ee68c783482d231d35e60507b",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-3324285",
"source": "report@snyk.io"
}
]
}

77
CVE-2023/CVE-2023-307xx/CVE-2023-30770.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30770",
"sourceIdentifier": "security@asustor.com",
"published": "2023-04-17T07:15:08.300",
"lastModified": "2023-04-17T13:12:43.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T05:15:22.100",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@asustor.com",
"type": "Secondary",
@ -34,10 +54,61 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "security@asustor.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0.rib4",
"versionEndIncluding": "4.0.6.reg2",
"matchCriteriaId": "405FA5F6-2C64-4ED6-ABB6-F2A20C3E3BFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0.rhu2",
"versionEndExcluding": "4.2.1.rge2",
"matchCriteriaId": "D979C00B-026E-4EAF-8197-B1E689CFEC7F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.asustor.com/security/security_advisory_detail?id=21",
"source": "security@asustor.com"
"source": "security@asustor.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-04T04:00:24.919022+00:00
2023-05-04T06:00:23.819383+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-04T03:15:21.267000+00:00
2023-05-04T05:15:22.100000+00:00
```
### Last Data Feed Release
@ -29,27 +29,21 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
214041
214042
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `1`
* [CVE-2022-47757](CVE-2022/CVE-2022-477xx/CVE-2022-47757.json) (`2023-05-04T02:15:09.177`)
* [CVE-2023-25438](CVE-2023/CVE-2023-254xx/CVE-2023-25438.json) (`2023-05-04T02:15:18.213`)
* [CVE-2023-27075](CVE-2023/CVE-2023-270xx/CVE-2023-27075.json) (`2023-05-04T02:15:18.570`)
* [CVE-2023-27568](CVE-2023/CVE-2023-275xx/CVE-2023-27568.json) (`2023-05-04T02:15:19.103`)
* [CVE-2023-29842](CVE-2023/CVE-2023-298xx/CVE-2023-29842.json) (`2023-05-04T03:15:09.600`)
* [CVE-2023-30077](CVE-2023/CVE-2023-300xx/CVE-2023-30077.json) (`2023-05-04T03:15:20.930`)
* [CVE-2023-30331](CVE-2023/CVE-2023-303xx/CVE-2023-30331.json) (`2023-05-04T03:15:21.267`)
* [CVE-2023-31099](CVE-2023/CVE-2023-310xx/CVE-2023-31099.json) (`2023-05-04T02:15:19.437`)
* [CVE-2023-26125](CVE-2023/CVE-2023-261xx/CVE-2023-26125.json) (`2023-05-04T05:15:09.163`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
* [CVE-2023-30770](CVE-2023/CVE-2023-307xx/CVE-2023-30770.json) (`2023-05-04T05:15:22.100`)
## Download and Usage