admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-11T16:00:32.078848+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-11 16:00:35 +00:00
parent 4a893dbd7a
commit dab1a8cf68
75 changed files with 2349 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2020/CVE-2020-199xx/CVE-2020-19952.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2020-19952",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:09.927",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/jbt/markdown-editor/commit/228f1947a5242a6fbe2995d72d21b7e5f5178f35",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/jbt/markdown-editor/issues/106",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/jbt/markdown-editor/pull/110",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-205xx/CVE-2020-20523.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-20523",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.047",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GilaCMS/gila/issues/41",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-235xx/CVE-2020-23595.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-23595",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.113",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yzmcms/yzmcms/issues/47",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-240xx/CVE-2020-24075.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-24075",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.177",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code."
}
],
"metrics": {},
"references": [
{
"url": "https://documentation.laborator.co/kb/kalium/kalium-changelog/#version-3-0-4-jun-23-2020",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-241xx/CVE-2020-24187.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-24187",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.237",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference)."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Aurorainfinity/Poc/tree/master/jerryscript/NULL-dereference-ecma_get_lex_env_type",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/jerryscript-project/jerryscript/issues/4076",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-242xx/CVE-2020-24221.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-24221",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.297",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop)."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/miniupnp/ngiflib/issues/17",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-242xx/CVE-2020-24222.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-24222",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.363",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/rockcarry/ffjpeg/issues/31",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-248xx/CVE-2020-24804.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-24804",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.427",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cms-dev/cms/issues/1160",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-248xx/CVE-2020-24872.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-24872",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.500",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code."
}
],
"metrics": {},
"references": [
{
"url": "https://lepton-cms.org/posts/new-security-release-144.php",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-249xx/CVE-2020-24904.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-24904",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.563",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted \"mailto\" link."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/davesteele/gnome-gmail/issues/84",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-249xx/CVE-2020-24922.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-24922",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.627",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/xuxueli/xxl-job/issues/1921",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-249xx/CVE-2020-24950.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-24950",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.690",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/daylightstudio/FUEL-CMS/issues/562",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-259xx/CVE-2020-25915.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-25915",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.763",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/thinkcmf/thinkcmf/issues/675",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-274xx/CVE-2020-27449.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-27449",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.840",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload."
}
],
"metrics": {},
"references": [
{
"url": "https://bugbounty.zoho.com/bb/#/bug/101000003619211",
"source": "cve@mitre.org"
},
{
"url": "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-275xx/CVE-2020-27514.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-27514",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.910",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS)."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/94fzb/zrlog/issues/66",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-275xx/CVE-2020-27544.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-27544",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.973",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/FoldingAtHome/fah-control/commit/9b619ae64443997948a36dda01b420578de1af77",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-287xx/CVE-2020-28717.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-28717",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.040",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kindsoft/kindeditor/issues/321",
"source": "cve@mitre.org"
}
]
}

32
CVE-2020/CVE-2020-288xx/CVE-2020-28840.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2020-28840",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.103",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS)."
}
],
"metrics": {},
"references": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900820",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-xh27-xwgj-gqw2",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Matthias-Wandel/jhead/commit/4827ed31c226dc5ed93603bd649e0e387a1778da",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Matthias-Wandel/jhead/issues/8",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-288xx/CVE-2020-28848.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-28848",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.170",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ChurchCRM/CRM/issues/5465",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-288xx/CVE-2020-28849.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-28849",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.237",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ChurchCRM/CRM/issues/5477",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-351xx/CVE-2020-35139.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-35139",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.297",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop)."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/faucetsdn/ryu/issues/118",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-351xx/CVE-2020-35141.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-35141",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.367",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop)."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/faucetsdn/ryu/issues/118",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-359xx/CVE-2020-35990.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-35990",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.443",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file."
}
],
"metrics": {},
"references": [
{
"url": "http://foxit.com",
"source": "cve@mitre.org"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-360xx/CVE-2020-36023.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-36023",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.513",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function."
}
],
"metrics": {},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-360xx/CVE-2020-36024.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-36024",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.577",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function."
}
],
"metrics": {},
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016",
"source": "cve@mitre.org"
}
]
}

28
CVE-2020/CVE-2020-360xx/CVE-2020-36034.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2020-36034",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.643",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/TCSWT/School-Faculty-Scheduling-System",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/download-code?nid=14535&title=School+Faculty+Scheduling+System+using+PHP%2FMySQLi+with+Source+Code",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-360xx/CVE-2020-36037.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-36037",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.707",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/wuzhicms/wuzhicms/issues/192",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-360xx/CVE-2020-36082.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-36082",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.770",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/alexlang24/bloofoxCMS/issues/7",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-361xx/CVE-2020-36136.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-36136",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.840",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cskaza/cszcms/issues/26",
"source": "cve@mitre.org"
}
]
}

28
CVE-2020/CVE-2020-361xx/CVE-2020-36138.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2020-36138",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.910",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS)."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/FFmpeg/FFmpeg/commit/292e41ce650a7b5ca5de4ae87fff0d6a90d9fc97",
"source": "cve@mitre.org"
},
{
"url": "https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2020-November/272001.html",
"source": "cve@mitre.org"
},
{
"url": "https://trac.ffmpeg.org/ticket/8960",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-257xx/CVE-2021-25786.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-25786",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.987",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/qpdf/qpdf/issues/492",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-258xx/CVE-2021-25856.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-25856",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.047",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/pcmt/superMicro-CMS/issues/1",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-258xx/CVE-2021-25857.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-25857",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.117",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/pcmt/superMicro-CMS/issues/2",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-265xx/CVE-2021-26504.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-26504",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.187",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Foddy/node-red-contrib-huemagic/issues/217",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-265xx/CVE-2021-26505.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-26505",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.257",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MrSwitch/hello.js/issues/634",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-275xx/CVE-2021-27523.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-27523",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.320",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/open-falcon/dashboard/issues/153",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-275xx/CVE-2021-27524.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-27524",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.383",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/margox/braft-editor/issues/880",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-280xx/CVE-2021-28025.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-28025",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.453",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS)."
}
],
"metrics": {},
"references": [
{
"url": "https://bugreports.qt.io/browse/QTBUG-91507",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-284xx/CVE-2021-28411.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-28411",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.523",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/lerry903/RuoYi/issues/20",
"source": "cve@mitre.org"
}
]
}

43
CVE-2021/CVE-2021-284xx/CVE-2021-28427.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2021-28427",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.587",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35&t=41035",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-284xx/CVE-2021-28429.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-28429",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.667",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file."
}
],
"metrics": {},
"references": [
{
"url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c94875471e3ba3dc396c6919ff3ec9b14539cd71",
"source": "cve@mitre.org"
}
]
}

47
CVE-2021/CVE-2021-288xx/CVE-2021-28835.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2021-28835",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.730",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35&t=44679",
"source": "cve@mitre.org"
},
{
"url": "https://www.xnview.com/en/xnview/#changelog",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-290xx/CVE-2021-29057.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-29057",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.813",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/SUCHMOKUO/node-worker-threads-pool/issues/20",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-293xx/CVE-2021-29378.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-29378",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.880",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php."
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/pear-admin/Pear-Admin-Think/issues/I3DIEC",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-32xx/CVE-2021-3236.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-3236",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.953",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/vim/vim/issues/7674",
"source": "cve@mitre.org"
}
]
}

6
CVE-2021/CVE-2021-411xx/CVE-2021-41184.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-41184",
"sourceIdentifier": "security-advisories@github.com",
"published": "2021-10-26T15:15:10.460",
"lastModified": "2023-06-21T18:26:41.793",
"lastModified": "2023-08-11T14:47:10.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -116,8 +116,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:*",
"versionEndIncluding": "1.13.0",
"matchCriteriaId": "37FEB7FC-3B34-4A33-A852-37C936DCAA5F"
"versionEndExcluding": "1.13.0",
"matchCriteriaId": "EA897736-789A-461C-86F5-E7470E643213"
}
]
}

20
CVE-2022/CVE-2022-409xx/CVE-2022-40982.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-40982",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:14.823",
"lastModified": "2023-08-11T03:44:51.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-11T14:15:13.020",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -38,6 +38,22 @@
{
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html",
"source": "secure@intel.com"
},
{
"url": "https://access.redhat.com/solutions/7027704",
"source": "secure@intel.com"
},
{
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-007/",
"source": "secure@intel.com"
},
{
"url": "https://downfall.page",
"source": "secure@intel.com"
},
{
"url": "https://xenbits.xen.org/xsa/advisory-435.html",
"source": "secure@intel.com"
}
]
}

6
CVE-2022/CVE-2022-476xx/CVE-2022-47636.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47636",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-10T16:15:09.627",
"lastModified": "2023-08-10T18:13:59.283",
"lastModified": "2023-08-11T15:15:09.490",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DLL-Hijacking.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploit-db.com/exploits/51678",
"source": "cve@mitre.org"

12
CVE-2023/CVE-2023-13xx/CVE-2023-1389.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-1389",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-03-15T23:15:09.403",
"lastModified": "2023-03-21T19:31:47.030",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-11T15:15:09.760",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-05-01",
"cisaActionDue": "2023-05-22",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "TP-Link Archer AX-21 Command Injection Vulnerability",
"descriptions": [
{
"lang": "en",
@ -77,6 +81,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html",
"source": "vulnreport@tenable.com"
},
{
"url": "https://www.tenable.com/security/research/tra-2023-11",
"source": "vulnreport@tenable.com",

6
CVE-2023/CVE-2023-266xx/CVE-2023-26604.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26604",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-03T16:15:10.607",
"lastModified": "2023-05-05T20:15:10.477",
"lastModified": "2023-08-11T15:15:10.040",
"vulnStatus": "Modified",
"descriptions": [
{
@ -65,6 +65,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html",
"source": "cve@mitre.org"
},
{
"url": "https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/",
"source": "cve@mitre.org",

12
CVE-2023/CVE-2023-271xx/CVE-2023-27163.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27163",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-31T20:15:07.477",
"lastModified": "2023-04-07T01:32:52.517",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-11T15:15:10.570",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -65,6 +65,14 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174128/Request-Baskets-1.2.1-Server-Side-Request-Forgery.html",
"source": "cve@mitre.org"
},
{
"url": "http://packetstormsecurity.com/files/174129/Maltrail-0.53-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "http://request-baskets.com",
"source": "cve@mitre.org",

92
CVE-2023/CVE-2023-307xx/CVE-2023-30795.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30795",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:15.067",
"lastModified": "2023-08-08T12:51:11.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-11T14:22:05.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -46,10 +76,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:jt_open:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.4",
"matchCriteriaId": "0C5E38E9-C07C-4E2C-A2A5-B3A0E77B5B00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:jt_utilities:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.4",
"matchCriteriaId": "C1B0B2A2-1A1A-4B0F-B957-2D5B6EBDB0FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
"versionStartIncluding": "34.0",
"versionEndExcluding": "34.0.253",
"matchCriteriaId": "0856DA04-7E50-4EF7-AB5A-D09349B188B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
"versionStartIncluding": "34.1",
"versionEndExcluding": "34.1.243",
"matchCriteriaId": "2785D65C-6EA7-4602-9A81-6E54F45E9F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
"versionStartIncluding": "35.0",
"versionEndExcluding": "35.0.177",
"matchCriteriaId": "884A8645-3BB6-4AF6-9B3A-1C73E9F8344B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
"versionStartIncluding": "35.1",
"versionEndExcluding": "35.1.073",
"matchCriteriaId": "C3FD284B-0089-4430-89F0-41B93D61C717"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-001569.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-322xx/CVE-2023-32267.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-32267",
"sourceIdentifier": "security@opentext.com",
"published": "2023-08-11T14:15:13.150",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@opentext.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000020296?language=en_US",
"source": "security@opentext.com"
}
]
}

49
CVE-2023/CVE-2023-353xx/CVE-2023-35368.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35368",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:12.213",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-11T15:58:03.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,10 +34,53 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
"matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
"matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*",
"matchCriteriaId": "583745C7-B802-4CBE-BD88-B5B9AF9B5371"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

174
CVE-2023/CVE-2023-353xx/CVE-2023-35388.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-35388",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:13.507",
"lastModified": "2023-08-10T18:19:06.270",
"lastModified": "2023-08-11T15:56:46.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -55,178 +55,18 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*",
"matchCriteriaId": "8039FBA1-73D4-4FF2-B183-0DCC961CBFF7"
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
"matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_1:*:*:*:*:*:*",
"matchCriteriaId": "56728785-188C-470A-9692-E6C7235109CA"
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
"matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*",
"matchCriteriaId": "63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*",
"matchCriteriaId": "9BE04790-85A2-4078-88CE-1787BC5172E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*",
"matchCriteriaId": "CCF101BE-27FD-4E2D-A694-C606BD3D1ED7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*",
"matchCriteriaId": "4DF5BDB5-205D-4B64-A49A-0152AFCF4A13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*",
"matchCriteriaId": "55284CF7-0D04-4216-83FE-4B1F9CA94207"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*",
"matchCriteriaId": "CA2CE223-AA49-49E6-AC32-59270EFF55AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*",
"matchCriteriaId": "4830D6A9-AF74-480C-8F69-8648CD619980"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*",
"matchCriteriaId": "079E1E3F-FF25-4B0D-AC98-191D6455A014"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*",
"matchCriteriaId": "29805EC7-6403-44B9-91EC-109C087E98EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*",
"matchCriteriaId": "28FCA0E8-7D27-4746-9731-91B834CA3E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_2:*:*:*:*:*:*",
"matchCriteriaId": "996163E7-6F3F-4D3B-AEA4-62A7F7E1F54D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*",
"matchCriteriaId": "19C1EE0C-B8DD-4B91-BE4B-1C42D72FB718"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*",
"matchCriteriaId": "3BE427A4-B0C2-4064-8234-29426325C348"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*",
"matchCriteriaId": "449CE85B-E599-44D3-A7C1-5133F6A55E86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_3:*:*:*:*:*:*",
"matchCriteriaId": "FE401B0A-DDE4-4A36-8E27-6DB14E094BE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_4:*:*:*:*:*:*",
"matchCriteriaId": "450319C4-7C8F-43B7-B7F8-80DA4F1F2817"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_5:*:*:*:*:*:*",
"matchCriteriaId": "23015889-48AF-40A5-862F-290E73A54E77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_6:*:*:*:*:*:*",
"matchCriteriaId": "4FC34516-D7E7-4AD9-9B45-5474831548E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_7:*:*:*:*:*:*",
"matchCriteriaId": "5211792E-5292-41C0-B7E9-8AA63EC606EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*",
"matchCriteriaId": "075E907F-AF2F-4C31-86C7-51972BE412A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*",
"matchCriteriaId": "69AF19DC-3D65-49A8-A85F-511085CDF27B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "40D8A6DB-9225-4A3F-AD76-192F6CCCF002"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*",
"matchCriteriaId": "051DE6C4-7456-4C42-BC51-253208AADB4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*",
"matchCriteriaId": "B4185347-EEDD-4239-9AB3-410E2EC89D2A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*",
"matchCriteriaId": "435343A4-BF10-461A-ABF2-D511A5FBDA75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*",
"matchCriteriaId": "EE320413-D2C9-4B28-89BF-361B44A3F0FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*",
"matchCriteriaId": "104F96DC-E280-4E0A-8586-B043B55888C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*",
"matchCriteriaId": "73B3B3FE-7E85-4B86-A983-2C410FFEF4B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*",
"matchCriteriaId": "8A9FB275-7F17-48B2-B528-BE89309D2AF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*",
"matchCriteriaId": "D4AB3C25-CEA8-4D66-AEE4-953C8B17911A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*",
"matchCriteriaId": "36CE5C6D-9A04-41F5-AE7C-265779833649"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*",
"matchCriteriaId": "44ECF39A-1DE1-4870-A494-06A53494338D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*",
"matchCriteriaId": "71CDF29B-116B-4DE2-AFD0-B62477FF0AEB"
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*",
"matchCriteriaId": "583745C7-B802-4CBE-BD88-B5B9AF9B5371"
}
]
}

96
CVE-2023/CVE-2023-353xx/CVE-2023-35391.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35391",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T19:15:09.940",
"lastModified": "2023-08-08T20:39:01.517",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-11T15:11:06.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
@ -34,10 +54,78 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.21",
"matchCriteriaId": "4DAD563A-F016-4824-B767-44D420EB60C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.10",
"matchCriteriaId": "A2D1BB38-DFDA-4192-8E83-0DD11F29E9A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19C3047E-C222-4636-B1B3-722F2C65BC99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.18",
"matchCriteriaId": "DADAE1CA-1303-4B24-A9EC-E79A83088E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.4.0",
"versionEndExcluding": "17.4.10",
"matchCriteriaId": "A2A151F0-EE6A-4D89-BF83-74CCAA76E373"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.6.0",
"versionEndExcluding": "17.6.6",
"matchCriteriaId": "FB465155-CEDD-48E5-8B58-AF49B8FAF504"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

111
CVE-2023/CVE-2023-365xx/CVE-2023-36535.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36535",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T18:15:14.207",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-11T14:01:17.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -46,10 +76,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.14.10",
"matchCriteriaId": "A529300E-4547-4D4D-B2EB-762C4F107CD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"versionEndExcluding": "5.14.10",
"matchCriteriaId": "42FCEAAC-A453-4EDA-90A9-A82A23D8F685"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.14.10",
"matchCriteriaId": "666607A8-8F43-4B14-9CA7-D851376D05B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.14.10",
"matchCriteriaId": "8F8E8291-00C6-49CA-AB93-5E9FD0868959"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.10",
"matchCriteriaId": "1430CF6C-7A2B-4755-8AEC-95E706DA1F07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.14.10",
"matchCriteriaId": "1A66A1E5-9D2A-4533-B803-6C1B74C7AA5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.14.10",
"matchCriteriaId": "516E7E40-A476-4277-8363-43FE4F748240"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "5.14.10",
"matchCriteriaId": "3674A229-D066-4C97-93C5-E30824B54742"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.14.10",
"matchCriteriaId": "6B3D7B50-B13B-45D3-AE2C-7EBB1DE30FA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.14.10",
"matchCriteriaId": "B2DE0D4A-F97E-41D3-9906-427BEFFBDB8F"
}
]
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-365xx/CVE-2023-36540.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36540",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T18:15:14.293",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-11T14:22:03.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -46,10 +76,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.14.5",
"matchCriteriaId": "7BEEBBF1-8759-4ED0-912F-29176263A1E3"
}
]
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-365xx/CVE-2023-36541.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36541",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T18:15:14.397",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-11T14:09:26.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -46,10 +76,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.14.5",
"matchCriteriaId": "7BEEBBF1-8759-4ED0-912F-29176263A1E3"
}
]
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}

40
CVE-2023/CVE-2023-381xx/CVE-2023-38175.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38175",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:22.520",
"lastModified": "2023-08-08T18:32:54.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-11T15:53:42.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,10 +34,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:windows_defender:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1.23060.3001",
"matchCriteriaId": "5B737B61-DD3E-4210-9B5C-021D4386E47F"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38175",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

40
CVE-2023/CVE-2023-381xx/CVE-2023-38176.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38176",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:22.607",
"lastModified": "2023-08-08T18:32:54.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-11T15:18:04.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,10 +34,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_arc-enabled_servers:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.33.02399.0",
"matchCriteriaId": "41177984-CF07-42C1-AF7B-D0F0EFEEAF61"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38176",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-381xx/CVE-2023-38178.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38178",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:22.697",
"lastModified": "2023-08-08T18:32:54.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-11T15:44:48.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,10 +34,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1DE0C8DD-9C73-4876-8193-068F18074B58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.18",
"matchCriteriaId": "DADAE1CA-1303-4B24-A9EC-E79A83088E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.4.0",
"versionEndExcluding": "17.4.10",
"matchCriteriaId": "A2A151F0-EE6A-4D89-BF83-74CCAA76E373"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38178",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

49
CVE-2023/CVE-2023-381xx/CVE-2023-38181.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38181",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:22.787",
"lastModified": "2023-08-08T18:32:54.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-11T15:00:13.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,10 +34,53 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
"matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
"matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*",
"matchCriteriaId": "583745C7-B802-4CBE-BD88-B5B9AF9B5371"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38181",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

49
CVE-2023/CVE-2023-381xx/CVE-2023-38182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38182",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:22.873",
"lastModified": "2023-08-08T18:32:54.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-11T14:27:04.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,10 +34,53 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
"matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
"matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*",
"matchCriteriaId": "583745C7-B802-4CBE-BD88-B5B9AF9B5371"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38182",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

159
CVE-2023/CVE-2023-381xx/CVE-2023-38184.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38184",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:22.967",
"lastModified": "2023-08-08T18:32:54.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-11T14:47:17.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,10 +34,163 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "A045AC0A-471E-444C-B3B0-4CABC23E8CFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "73D24713-D897-408D-893B-77A61982597D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8FC46499-DB6E-48BF-9334-85EE27AFE7AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "83A79DD6-E74E-419F-93F1-323B68502633"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "61959ACC-B608-4556-92AF-4D94B338907A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "C230D3BF-7FCE-405C-B62E-B9190C995C3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0C3552E0-F793-4CDD-965D-457495475805"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B2D24C54-F04F-4717-B614-FE67B3ED9DC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5EC3F68-8F41-4F6B-B2E5-920322A4A321"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38184",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-394xx/CVE-2023-39417.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39417",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-11T13:15:09.870",
"lastModified": "2023-08-11T13:15:09.870",
"vulnStatus": "Received",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-394xx/CVE-2023-39418.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39418",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-11T13:15:09.963",
"lastModified": "2023-08-11T13:15:09.963",
"vulnStatus": "Received",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

67
CVE-2023/CVE-2023-395xx/CVE-2023-39534.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-39534",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-11T14:15:13.240",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"references": [
{
"url": "https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-assert-230509.pcap",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eProsima/Fast-DDS/blob/v2.9.1/include/fastdds/rtps/common/SequenceNumber.h#L238-L252",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eProsima/Fast-DDS/blob/v2.9.1/src/cpp/rtps/reader/StatefulReader.cpp#L863",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2023/CVE-2023-395xx/CVE-2023-39553.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39553",
"sourceIdentifier": "security@apache.org",
"published": "2023-08-11T08:15:09.103",
"lastModified": "2023-08-11T12:58:22.393",
"lastModified": "2023-08-11T15:15:10.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -24,6 +24,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/11/1",
"source": "security@apache.org"
},
{
"url": "https://github.com/apache/airflow/pull/33074",
"source": "security@apache.org"

63
CVE-2023/CVE-2023-399xx/CVE-2023-39945.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-39945",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-11T14:15:13.363",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-248"
}
]
}
],
"references": [
{
"url": "https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-exception-20230509-02.pcap",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eProsima/Fast-CDR/blob/v1.0.26/src/cpp/Cdr.cpp#L72-L79",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-399xx/CVE-2023-39946.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-39946",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-11T14:15:13.483",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet'ized length and then to copy the data into `properties_.data`. At the second memcpy, both `data` and `size` can be controlled by anyone that sends the CDR string to the discovery multicast port. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-399xx/CVE-2023-39947.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-39947",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-11T14:15:13.587",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-399xx/CVE-2023-39948.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-39948",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-11T14:15:13.693",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-248"
}
]
}
],
"references": [
{
"url": "https://github.com/eProsima/Fast-DDS/files/11117197/fastdds-assert.pcap.zip",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eProsima/Fast-DDS/issues/3422",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-399xx/CVE-2023-39949.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-39949",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-11T14:15:13.807",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"references": [
{
"url": "https://github.com/eProsima/Fast-DDS/blob/v2.9.0/src/cpp/rtps/messages/MessageReceiver.cpp#L1059",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eProsima/Fast-DDS/issues/3236",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg",
"source": "security-advisories@github.com"
}
]
}

87
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-11T14:00:29.279460+00:00
2023-08-11T16:00:32.078848+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-11T13:55:20.393000+00:00
2023-08-11T15:58:03.063000+00:00
```
### Last Data Feed Release
@ -29,49 +29,66 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
222447
222499
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `52`
* [CVE-2022-3403](CVE-2022/CVE-2022-34xx/CVE-2022-3403.json) (`2023-08-11T13:15:09.740`)
* [CVE-2023-3864](CVE-2023/CVE-2023-38xx/CVE-2023-3864.json) (`2023-08-11T12:15:09.293`)
* [CVE-2023-3937](CVE-2023/CVE-2023-39xx/CVE-2023-3937.json) (`2023-08-11T12:15:09.637`)
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-08-11T13:15:09.870`)
* [CVE-2023-39418](CVE-2023/CVE-2023-394xx/CVE-2023-39418.json) (`2023-08-11T13:15:09.963`)
* [CVE-2020-24904](CVE-2020/CVE-2020-249xx/CVE-2020-24904.json) (`2023-08-11T14:15:10.563`)
* [CVE-2020-24922](CVE-2020/CVE-2020-249xx/CVE-2020-24922.json) (`2023-08-11T14:15:10.627`)
* [CVE-2020-24950](CVE-2020/CVE-2020-249xx/CVE-2020-24950.json) (`2023-08-11T14:15:10.690`)
* [CVE-2021-25857](CVE-2021/CVE-2021-258xx/CVE-2021-25857.json) (`2023-08-11T14:15:12.117`)
* [CVE-2021-26504](CVE-2021/CVE-2021-265xx/CVE-2021-26504.json) (`2023-08-11T14:15:12.187`)
* [CVE-2021-26505](CVE-2021/CVE-2021-265xx/CVE-2021-26505.json) (`2023-08-11T14:15:12.257`)
* [CVE-2021-27523](CVE-2021/CVE-2021-275xx/CVE-2021-27523.json) (`2023-08-11T14:15:12.320`)
* [CVE-2021-27524](CVE-2021/CVE-2021-275xx/CVE-2021-27524.json) (`2023-08-11T14:15:12.383`)
* [CVE-2021-28025](CVE-2021/CVE-2021-280xx/CVE-2021-28025.json) (`2023-08-11T14:15:12.453`)
* [CVE-2021-28411](CVE-2021/CVE-2021-284xx/CVE-2021-28411.json) (`2023-08-11T14:15:12.523`)
* [CVE-2021-28427](CVE-2021/CVE-2021-284xx/CVE-2021-28427.json) (`2023-08-11T14:15:12.587`)
* [CVE-2021-28429](CVE-2021/CVE-2021-284xx/CVE-2021-28429.json) (`2023-08-11T14:15:12.667`)
* [CVE-2021-28835](CVE-2021/CVE-2021-288xx/CVE-2021-28835.json) (`2023-08-11T14:15:12.730`)
* [CVE-2021-29057](CVE-2021/CVE-2021-290xx/CVE-2021-29057.json) (`2023-08-11T14:15:12.813`)
* [CVE-2021-29378](CVE-2021/CVE-2021-293xx/CVE-2021-29378.json) (`2023-08-11T14:15:12.880`)
* [CVE-2021-3236](CVE-2021/CVE-2021-32xx/CVE-2021-3236.json) (`2023-08-11T14:15:12.953`)
* [CVE-2021-25786](CVE-2021/CVE-2021-257xx/CVE-2021-25786.json) (`2023-08-11T14:15:11.987`)
* [CVE-2021-25856](CVE-2021/CVE-2021-258xx/CVE-2021-25856.json) (`2023-08-11T14:15:12.047`)
* [CVE-2023-32267](CVE-2023/CVE-2023-322xx/CVE-2023-32267.json) (`2023-08-11T14:15:13.150`)
* [CVE-2023-39534](CVE-2023/CVE-2023-395xx/CVE-2023-39534.json) (`2023-08-11T14:15:13.240`)
* [CVE-2023-39945](CVE-2023/CVE-2023-399xx/CVE-2023-39945.json) (`2023-08-11T14:15:13.363`)
* [CVE-2023-39946](CVE-2023/CVE-2023-399xx/CVE-2023-39946.json) (`2023-08-11T14:15:13.483`)
* [CVE-2023-39947](CVE-2023/CVE-2023-399xx/CVE-2023-39947.json) (`2023-08-11T14:15:13.587`)
* [CVE-2023-39948](CVE-2023/CVE-2023-399xx/CVE-2023-39948.json) (`2023-08-11T14:15:13.693`)
* [CVE-2023-39949](CVE-2023/CVE-2023-399xx/CVE-2023-39949.json) (`2023-08-11T14:15:13.807`)
### CVEs modified in the last Commit
Recently modified CVEs: `33`
Recently modified CVEs: `22`
* [CVE-2023-40267](CVE-2023/CVE-2023-402xx/CVE-2023-40267.json) (`2023-08-11T12:58:22.393`)
* [CVE-2023-4105](CVE-2023/CVE-2023-41xx/CVE-2023-4105.json) (`2023-08-11T12:58:22.393`)
* [CVE-2023-4106](CVE-2023/CVE-2023-41xx/CVE-2023-4106.json) (`2023-08-11T12:58:22.393`)
* [CVE-2023-4107](CVE-2023/CVE-2023-41xx/CVE-2023-4107.json) (`2023-08-11T12:58:22.393`)
* [CVE-2023-4108](CVE-2023/CVE-2023-41xx/CVE-2023-4108.json) (`2023-08-11T12:58:22.393`)
* [CVE-2023-39553](CVE-2023/CVE-2023-395xx/CVE-2023-39553.json) (`2023-08-11T12:58:22.393`)
* [CVE-2023-36891](CVE-2023/CVE-2023-368xx/CVE-2023-36891.json) (`2023-08-11T12:59:54.860`)
* [CVE-2023-36890](CVE-2023/CVE-2023-368xx/CVE-2023-36890.json) (`2023-08-11T13:00:08.793`)
* [CVE-2023-36889](CVE-2023/CVE-2023-368xx/CVE-2023-36889.json) (`2023-08-11T13:00:25.507`)
* [CVE-2023-36882](CVE-2023/CVE-2023-368xx/CVE-2023-36882.json) (`2023-08-11T13:00:45.427`)
* [CVE-2023-36881](CVE-2023/CVE-2023-368xx/CVE-2023-36881.json) (`2023-08-11T13:01:54.670`)
* [CVE-2023-36877](CVE-2023/CVE-2023-368xx/CVE-2023-36877.json) (`2023-08-11T13:02:14.477`)
* [CVE-2023-36876](CVE-2023/CVE-2023-368xx/CVE-2023-36876.json) (`2023-08-11T13:02:40.780`)
* [CVE-2023-36894](CVE-2023/CVE-2023-368xx/CVE-2023-36894.json) (`2023-08-11T13:03:09.540`)
* [CVE-2023-36893](CVE-2023/CVE-2023-368xx/CVE-2023-36893.json) (`2023-08-11T13:03:33.023`)
* [CVE-2023-36892](CVE-2023/CVE-2023-368xx/CVE-2023-36892.json) (`2023-08-11T13:03:56.097`)
* [CVE-2023-38154](CVE-2023/CVE-2023-381xx/CVE-2023-38154.json) (`2023-08-11T13:06:10.330`)
* [CVE-2023-36905](CVE-2023/CVE-2023-369xx/CVE-2023-36905.json) (`2023-08-11T13:16:38.847`)
* [CVE-2023-36869](CVE-2023/CVE-2023-368xx/CVE-2023-36869.json) (`2023-08-11T13:22:26.837`)
* [CVE-2023-36865](CVE-2023/CVE-2023-368xx/CVE-2023-36865.json) (`2023-08-11T13:26:10.220`)
* [CVE-2023-36866](CVE-2023/CVE-2023-368xx/CVE-2023-36866.json) (`2023-08-11T13:29:47.997`)
* [CVE-2023-35383](CVE-2023/CVE-2023-353xx/CVE-2023-35383.json) (`2023-08-11T13:38:48.340`)
* [CVE-2023-36533](CVE-2023/CVE-2023-365xx/CVE-2023-36533.json) (`2023-08-11T13:42:42.633`)
* [CVE-2023-36532](CVE-2023/CVE-2023-365xx/CVE-2023-36532.json) (`2023-08-11T13:51:15.367`)
* [CVE-2023-36534](CVE-2023/CVE-2023-365xx/CVE-2023-36534.json) (`2023-08-11T13:55:20.393`)
* [CVE-2021-41184](CVE-2021/CVE-2021-411xx/CVE-2021-41184.json) (`2023-08-11T14:47:10.267`)
* [CVE-2022-40982](CVE-2022/CVE-2022-409xx/CVE-2022-40982.json) (`2023-08-11T14:15:13.020`)
* [CVE-2022-47636](CVE-2022/CVE-2022-476xx/CVE-2022-47636.json) (`2023-08-11T15:15:09.490`)
* [CVE-2023-36535](CVE-2023/CVE-2023-365xx/CVE-2023-36535.json) (`2023-08-11T14:01:17.010`)
* [CVE-2023-36541](CVE-2023/CVE-2023-365xx/CVE-2023-36541.json) (`2023-08-11T14:09:26.950`)
* [CVE-2023-36540](CVE-2023/CVE-2023-365xx/CVE-2023-36540.json) (`2023-08-11T14:22:03.803`)
* [CVE-2023-30795](CVE-2023/CVE-2023-307xx/CVE-2023-30795.json) (`2023-08-11T14:22:05.067`)
* [CVE-2023-38182](CVE-2023/CVE-2023-381xx/CVE-2023-38182.json) (`2023-08-11T14:27:04.007`)
* [CVE-2023-38184](CVE-2023/CVE-2023-381xx/CVE-2023-38184.json) (`2023-08-11T14:47:17.930`)
* [CVE-2023-38181](CVE-2023/CVE-2023-381xx/CVE-2023-38181.json) (`2023-08-11T15:00:13.127`)
* [CVE-2023-35391](CVE-2023/CVE-2023-353xx/CVE-2023-35391.json) (`2023-08-11T15:11:06.947`)
* [CVE-2023-1389](CVE-2023/CVE-2023-13xx/CVE-2023-1389.json) (`2023-08-11T15:15:09.760`)
* [CVE-2023-26604](CVE-2023/CVE-2023-266xx/CVE-2023-26604.json) (`2023-08-11T15:15:10.040`)
* [CVE-2023-27163](CVE-2023/CVE-2023-271xx/CVE-2023-27163.json) (`2023-08-11T15:15:10.570`)
* [CVE-2023-39553](CVE-2023/CVE-2023-395xx/CVE-2023-39553.json) (`2023-08-11T15:15:10.837`)
* [CVE-2023-38176](CVE-2023/CVE-2023-381xx/CVE-2023-38176.json) (`2023-08-11T15:18:04.667`)
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-08-11T15:18:19.837`)
* [CVE-2023-39418](CVE-2023/CVE-2023-394xx/CVE-2023-39418.json) (`2023-08-11T15:18:19.837`)
* [CVE-2023-38178](CVE-2023/CVE-2023-381xx/CVE-2023-38178.json) (`2023-08-11T15:44:48.377`)
* [CVE-2023-38175](CVE-2023/CVE-2023-381xx/CVE-2023-38175.json) (`2023-08-11T15:53:42.797`)
* [CVE-2023-35388](CVE-2023/CVE-2023-353xx/CVE-2023-35388.json) (`2023-08-11T15:56:46.767`)
* [CVE-2023-35368](CVE-2023/CVE-2023-353xx/CVE-2023-35368.json) (`2023-08-11T15:58:03.063`)
## Download and Usage