admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-28T18:00:25.157865+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-28 18:00:28 +00:00
parent d450576399
commit db2765c2fc
15 changed files with 658 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
CVE-2020/CVE-2020-215xx/CVE-2020-21583.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2020-21583",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:13.890",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T16:35:03.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.27",
"matchCriteriaId": "91FF39A0-BF03-46E2-98B4-8F16A5CB611F"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786804",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://packetstormsecurity.com/files/132061/hwclock-Privilege-Escalation.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2020/CVE-2020-266xx/CVE-2020-26683.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-26683",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:19.997",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T16:44:27.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artifex:mupdf:1.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "10D59FD7-8E87-448D-9CDF-52C50C23B53A"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=702566",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

131
CVE-2021/CVE-2021-341xx/CVE-2021-34193.json
View File

@ -2,63 +2,164 @@
"id": "CVE-2021-34193",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:20.913",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T17:04:48.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.23.0",
"matchCriteriaId": "1B74AA73-8F23-4675-9206-1806EBE8BE23"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27719",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List"
]
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List"
]
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List"
]
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28768",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List"
]
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List"
]
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28855",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List"
]
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List"
]
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30112",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List"
]
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30800",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List"
]
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31448",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List"
]
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31540",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List"
]
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32149",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List"
]
}
]
}

68
CVE-2021/CVE-2021-353xx/CVE-2021-35309.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2021-35309",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:21.367",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T17:23:51.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:syncthru_web_service:5.93:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC9CA86-B778-40A8-AEBF-74B43F6F1BB1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mustafa-turgut/cve-subscriptions/tree/main/samsung-stws",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2021/CVE-2021-402xx/CVE-2021-40263.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2021-40263",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:21.540",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T17:25:01.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freeimage_project:freeimage:1.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47981CCB-20F4-4EB7-8313-EA4CBEDE7BC4"
}
]
}
]
}
],
"references": [
{
"url": "https://sourceforge.net/p/freeimage/bugs/336/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

64
CVE-2021/CVE-2021-463xx/CVE-2021-46310.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2021-46310",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:21.940",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T17:46:02.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-369"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:djvulibre_project:djvulibre:3.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6AADCA-4B27-46ED-BFC8-391793461AB2"
}
]
}
]
}
],
"references": [
{
"url": "https://sourceforge.net/p/djvu/bugs/345/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

64
CVE-2021/CVE-2021-463xx/CVE-2021-46312.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2021-46312",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:21.993",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T17:40:07.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-369"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:djvulibre_project:djvulibre:3.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6AADCA-4B27-46ED-BFC8-391793461AB2"
}
]
}
]
}
],
"references": [
{
"url": "https://sourceforge.net/p/djvu/bugs/344/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

55
CVE-2023/CVE-2023-19xx/CVE-2023-1997.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-1997",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2023-08-28T16:15:08.627",
"lastModified": "2023-08-28T16:15:08.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories",
"source": "3DS.Information-Security@3ds.com"
}
]
}

60
CVE-2023/CVE-2023-202xx/CVE-2023-20232.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20232",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-16T22:15:12.597",
"lastModified": "2023-08-17T12:53:44.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T16:00:45.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +54,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.5\\(1\\)_su2_es05",
"matchCriteriaId": "03A8678A-D1C2-4C80-83C9-DD49873D09EA"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-wcp-JJeqDT3S",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-275xx/CVE-2023-27576.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-27576",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-18T15:15:09.723",
"lastModified": "2023-08-23T17:00:20.757",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-28T17:15:09.600",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission."
"value": "An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified request (manipulating both the ID parameter and the associated username) can bypass the intended email confirmation requirement. For example, the attacker can start from an updatepassword=1 request with their own ID number, and change the ID number to 1 (representing the super admin account) and change the username to admin2. In the first step, the attacker changes the super admin's email address to one under the attacker's control. In the second step, the attacker performs a password reset for the super admin account. The new password allows login as the super admin, i.e., a successful account takeover."
},
{
"lang": "es",

8
CVE-2023/CVE-2023-325xx/CVE-2023-32563.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32563",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-08-10T20:15:10.437",
"lastModified": "2023-08-15T20:10:36.940",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-28T16:15:09.003",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -93,6 +93,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://twitter.com/wvuuuuuuuuuuuuu/status/1694956245742923939",
"source": "support@hackerone.com"
}
]
}

87
CVE-2023/CVE-2023-371xx/CVE-2023-37151.json
View File

@ -2,91 +2,14 @@
"id": "CVE-2023-37151",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-10T16:15:53.513",
"lastModified": "2023-08-02T15:15:10.420",
"vulnStatus": "Modified",
"lastModified": "2023-08-28T16:15:09.600",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester Online Pizza Ordering System v1.0 allows the upload of malicious PHP files resulting in Remote Code Execution (RCE)."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2246. Reason: This candidate is a reservation duplicate of CVE-2023-2246. Notes: All CVE users should reference CVE-2023-2246 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_pizza_ordering_system_project:online_pizza_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E8E2F0-0703-41CF-B750-06DAD69757E5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Pizza%20Ordering%20System%201.0.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.chtsecurity.com/news/50227a91-34ee-4b2d-9c84-954860488202",
"source": "cve@mitre.org"
},
{
"url": "https://www.chtsecurity.com/news/8b7ace7d-c5b0-42a9-99b6-8fd0814ed7be",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploit-db.com/exploits/51431",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
"metrics": {},
"references": []
}

20
CVE-2023/CVE-2023-395xx/CVE-2023-39560.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39560",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T17:15:09.820",
"lastModified": "2023-08-28T17:15:09.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \\default\\helpers\\insert.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Luci4n555/cve_ectouch",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-42xx/CVE-2023-4273.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4273",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-09T15:15:09.823",
"lastModified": "2023-08-19T18:17:16.537",
"lastModified": "2023-08-28T16:15:09.860",
"vulnStatus": "Modified",
"descriptions": [
{
@ -151,6 +151,10 @@
"Third Party Advisory"
]
},
{
"url": "https://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF/",
"source": "secalert@redhat.com"

26
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-28T16:00:24.617354+00:00
2023-08-28T18:00:25.157865+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-28T15:32:49.990000+00:00
2023-08-28T17:46:02.613000+00:00
```
### Last Data Feed Release
@ -29,23 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223559
223561
```
### CVEs added in the last Commit
Recently added CVEs: `2`
* [CVE-2023-39708](CVE-2023/CVE-2023-397xx/CVE-2023-39708.json) (`2023-08-28T14:15:09.033`)
* [CVE-2023-40846](CVE-2023/CVE-2023-408xx/CVE-2023-40846.json) (`2023-08-28T14:15:09.197`)
* [CVE-2023-1997](CVE-2023/CVE-2023-19xx/CVE-2023-1997.json) (`2023-08-28T16:15:08.627`)
* [CVE-2023-39560](CVE-2023/CVE-2023-395xx/CVE-2023-39560.json) (`2023-08-28T17:15:09.820`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `12`
* [CVE-2023-22815](CVE-2023/CVE-2023-228xx/CVE-2023-22815.json) (`2023-08-28T14:49:34.977`)
* [CVE-2023-2234](CVE-2023/CVE-2023-22xx/CVE-2023-2234.json) (`2023-08-28T15:32:49.990`)
* [CVE-2020-21583](CVE-2020/CVE-2020-215xx/CVE-2020-21583.json) (`2023-08-28T16:35:03.030`)
* [CVE-2020-26683](CVE-2020/CVE-2020-266xx/CVE-2020-26683.json) (`2023-08-28T16:44:27.123`)
* [CVE-2021-34193](CVE-2021/CVE-2021-341xx/CVE-2021-34193.json) (`2023-08-28T17:04:48.407`)
* [CVE-2021-35309](CVE-2021/CVE-2021-353xx/CVE-2021-35309.json) (`2023-08-28T17:23:51.530`)
* [CVE-2021-40263](CVE-2021/CVE-2021-402xx/CVE-2021-40263.json) (`2023-08-28T17:25:01.043`)
* [CVE-2021-46312](CVE-2021/CVE-2021-463xx/CVE-2021-46312.json) (`2023-08-28T17:40:07.023`)
* [CVE-2021-46310](CVE-2021/CVE-2021-463xx/CVE-2021-46310.json) (`2023-08-28T17:46:02.613`)
* [CVE-2023-20232](CVE-2023/CVE-2023-202xx/CVE-2023-20232.json) (`2023-08-28T16:00:45.907`)
* [CVE-2023-32563](CVE-2023/CVE-2023-325xx/CVE-2023-32563.json) (`2023-08-28T16:15:09.003`)
* [CVE-2023-37151](CVE-2023/CVE-2023-371xx/CVE-2023-37151.json) (`2023-08-28T16:15:09.600`)
* [CVE-2023-4273](CVE-2023/CVE-2023-42xx/CVE-2023-4273.json) (`2023-08-28T16:15:09.860`)
* [CVE-2023-27576](CVE-2023/CVE-2023-275xx/CVE-2023-27576.json) (`2023-08-28T17:15:09.600`)
## Download and Usage