admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-29T22:00:24.708258+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-29 22:00:28 +00:00
parent 949fdab24d
commit eb82ea73af
37 changed files with 2662 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2020/CVE-2020-267xx/CVE-2020-26708.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-26708",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T21:15:09.197",
"lastModified": "2023-06-29T21:15:09.197",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/erinxocon/requests-xml/issues/7",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-267xx/CVE-2020-26709.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-26709",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T21:15:09.247",
"lastModified": "2023-06-29T21:15:09.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/PinaeOS/py-xml/issues/2",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-267xx/CVE-2020-26710.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-26710",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T21:15:09.300",
"lastModified": "2023-06-29T21:15:09.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/uncmath25/easy-parse/issues/3",
"source": "cve@mitre.org"
}
]
}

24
CVE-2022/CVE-2022-447xx/CVE-2022-44719.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-44719",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T20:15:09.727",
"lastModified": "2023-06-29T20:15:09.727",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions."
}
],
"metrics": {},
"references": [
{
"url": "https://www.synacktiv.com/sites/default/files/2023-06/synacktiv-ucopia-multiple-vulnerabilities-2022.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://www.ucopia.com/en/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2022/CVE-2022-447xx/CVE-2022-44720.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-44720",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T20:15:09.780",
"lastModified": "2023-06-29T20:15:09.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot."
}
],
"metrics": {},
"references": [
{
"url": "https://www.synacktiv.com/sites/default/files/2023-06/synacktiv-ucopia-multiple-vulnerabilities-2022.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://www.ucopia.com/en/",
"source": "cve@mitre.org"
}
]
}

220
CVE-2023/CVE-2023-208xx/CVE-2023-20892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20892",
"sourceIdentifier": "security@vmware.com",
"published": "2023-06-22T12:15:09.870",
"lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:40:56.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -34,10 +54,204 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"matchCriteriaId": "22B93342-5BD7-49A8-83E7-8B6D547F2EE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-254xx/CVE-2023-25433.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-25433",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T20:15:09.830",
"lastModified": "2023-06-29T20:15:09.830",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV."
}
],
"metrics": {},
"references": [
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/520",
"source": "cve@mitre.org"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/467",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-269xx/CVE-2023-26966.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-26966",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T20:15:09.873",
"lastModified": "2023-06-29T20:15:09.873",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian."
}
],
"metrics": {},
"references": [
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/530",
"source": "cve@mitre.org"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/473",
"source": "cve@mitre.org"
}
]
}

58
CVE-2023/CVE-2023-291xx/CVE-2023-29158.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29158",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-19T21:15:42.033",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:14:11.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,42 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:subnet:powersystem_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020",
"matchCriteriaId": "D5778648-23B8-4022-904D-E8B631E5FFD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:subnet:powersystem_center:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "7EDB93B1-836B-47CD-8D4A-4DFF281DEC91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:subnet:powersystem_center:2020:u10:*:*:*:*:*:*",
"matchCriteriaId": "F5575977-3DFF-44B4-A0E1-4C3C9E92CD3E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

41
CVE-2023/CVE-2023-29xx/CVE-2023-2904.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-2904",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-07T22:15:09.963",
"lastModified": "2023-06-16T00:13:57.597",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-29T21:15:09.393",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The External Visitor Manager portal of HID\u2019s SAFE versions 5.8.0 through\n 5.11.3 are vulnerable to manipulation within web fields in the \napplication programmable interface (API). An attacker could log in using\n account credentials available through a request generated by an \ninternal user and then manipulate the visitor-id within the web API to \naccess the personal data of other users. There is no limit on the number\n of requests that can be made to the HID SAFE Web Server, so an attacker\n could also exploit this vulnerability to create a denial-of-service \ncondition.\n\n"
"value": "The External Visitor Manager portal of HID\u2019s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.\n\n"
}
],
"metrics": {
@ -31,47 +31,27 @@
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-471"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-471"
"value": "NVD-CWE-noinfo"
}
]
}
@ -103,13 +83,6 @@
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.hidglobal.com/security-center",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-303xx/CVE-2023-30347.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-30347",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T21:15:09.240",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:37:57.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stl:neox_dial_centre:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "71BF8339-B9D3-4F91-82A6-459396F31C8E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/huzefa2212/CVE-2023-30347/blob/main/poc.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-323xx/CVE-2023-32353.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-32353",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-06-23T18:15:11.470",
"lastModified": "2023-06-23T19:24:43.457",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:42:38.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "12.12.9",
"matchCriteriaId": "C7BC7AE9-F068-415C-983F-CF04643FC7AB"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213763",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

98
CVE-2023/CVE-2023-339xx/CVE-2023-33919.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33919",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.620",
"lastModified": "2023-06-13T13:00:42.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:14:54.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -46,10 +76,72 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:cpci85_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v05",
"matchCriteriaId": "59D83EB4-A263-4070-A864-56EB7B120CE2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:cp-8031_master_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E84CEC33-3B34-42EF-A698-164AF0343316"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:cpci85_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v05",
"matchCriteriaId": "59D83EB4-A263-4070-A864-56EB7B120CE2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:cp-8050_master_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7686251-7011-46F9-9CEB-CC5DADCB5284"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

98
CVE-2023/CVE-2023-339xx/CVE-2023-33920.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33920",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.677",
"lastModified": "2023-06-13T13:00:37.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:14:03.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -46,10 +76,72 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:cpci85_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v05",
"matchCriteriaId": "59D83EB4-A263-4070-A864-56EB7B120CE2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:cp-8050_master_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7686251-7011-46F9-9CEB-CC5DADCB5284"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:cpci85_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v05",
"matchCriteriaId": "59D83EB4-A263-4070-A864-56EB7B120CE2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:cp-8031_master_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E84CEC33-3B34-42EF-A698-164AF0343316"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

98
CVE-2023/CVE-2023-339xx/CVE-2023-33921.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33921",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.733",
"lastModified": "2023-06-13T13:00:37.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:12:44.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -46,10 +76,72 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:cpci85_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v05",
"matchCriteriaId": "59D83EB4-A263-4070-A864-56EB7B120CE2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:cp-8050_master_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7686251-7011-46F9-9CEB-CC5DADCB5284"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:cpci85_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v05",
"matchCriteriaId": "59D83EB4-A263-4070-A864-56EB7B120CE2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:cp-8031_master_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E84CEC33-3B34-42EF-A698-164AF0343316"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-34xx/CVE-2023-3464.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-3464",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-29T21:15:09.977",
"lastModified": "2023-06-29T21:15:09.977",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been classified as problematic. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation of the argument p leads to cross site scripting. It is possible to launch the attack remotely. It is recommended to upgrade the affected component. VDB-232710 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://simplephpscripts.com/guestbook-script-php/guestbook/preview.php",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.232710",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.232710",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-34xx/CVE-2023-3465.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-3465",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-29T21:15:10.047",
"lastModified": "2023-06-29T21:15:10.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file user.php of the component HTTP POST Request Handler. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232711."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://simplephpscripts.com/guestbook-script-php/guestbook/preview.php",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.232711",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.232711",
"source": "cna@vuldb.com"
}
]
}

83
CVE-2023/CVE-2023-351xx/CVE-2023-35131.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-35131",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-06-22T21:15:09.413",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:37:43.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -23,10 +56,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.15",
"matchCriteriaId": "FCE449AA-EFF4-4DF1-8647-918525C5ED67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.9",
"matchCriteriaId": "313613B7-C1E7-4C71-A593-9A15ABB1F60B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.4",
"matchCriteriaId": "ECBE65E3-FBFE-4C81-95AF-57AB8A34610D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D167ACE-2D5B-4EEC-A2B5-D68708B3F593"
}
]
}
]
}
],
"references": [
{
"url": "https://moodle.org/mod/forum/discuss.php?d=447829",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

89
CVE-2023/CVE-2023-351xx/CVE-2023-35132.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-35132",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-06-22T21:15:09.470",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:36:59.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -23,10 +56,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.22",
"matchCriteriaId": "B76C4747-9047-4FD2-AC44-4C14C3AD5DFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.15",
"matchCriteriaId": "FCE449AA-EFF4-4DF1-8647-918525C5ED67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.9",
"matchCriteriaId": "313613B7-C1E7-4C71-A593-9A15ABB1F60B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.4",
"matchCriteriaId": "ECBE65E3-FBFE-4C81-95AF-57AB8A34610D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D167ACE-2D5B-4EEC-A2B5-D68708B3F593"
}
]
}
]
}
],
"references": [
{
"url": "https://moodle.org/mod/forum/discuss.php?d=447830",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

89
CVE-2023/CVE-2023-351xx/CVE-2023-35133.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-35133",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-06-22T21:15:09.520",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:27:24.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -23,10 +56,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.22",
"matchCriteriaId": "B76C4747-9047-4FD2-AC44-4C14C3AD5DFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.15",
"matchCriteriaId": "FCE449AA-EFF4-4DF1-8647-918525C5ED67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.9",
"matchCriteriaId": "313613B7-C1E7-4C71-A593-9A15ABB1F60B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.4",
"matchCriteriaId": "ECBE65E3-FBFE-4C81-95AF-57AB8A34610D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D167ACE-2D5B-4EEC-A2B5-D68708B3F593"
}
]
}
]
}
],
"references": [
{
"url": "https://moodle.org/mod/forum/discuss.php?d=447831",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-351xx/CVE-2023-35170.json
View File

@ -2,70 +2,14 @@
"id": "CVE-2023-35170",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-26T20:15:10.437",
"lastModified": "2023-06-26T22:13:24.933",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T21:15:09.657",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Sliver is an open source cross-platform adversary emulation/red team framework. The cryptography implementation in Sliver up to and including version 1.5.39 allows a man in the middle (MitM) attack with access to the corresponding implant binary to execute arbitrary codes on implanted devices via intercepted and crafted responses. A successful attack grants the attacker permission to execute arbitrary code on the implanted device. Users are advised to upgrade. There are no known workarounds for this vulnerability."
"value": "** REJECT ** This CVE is a duplicate of another CVE."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"references": [
{
"url": "https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/crypto.go",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/implant.go",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/BishopFox/sliver/commit/2d1ea6192cac2ff9d6450b2d96043fdbf8561516",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/BishopFox/sliver/releases/tag/v1.5.40",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-8jxm-xp43-qh3q",
"source": "security-advisories@github.com"
}
]
"metrics": {},
"references": []
}

99
CVE-2023/CVE-2023-351xx/CVE-2023-35174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35174",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-22T14:15:09.517",
"lastModified": "2023-06-22T14:49:18.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:20:14.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,28 +64,91 @@
"value": "CWE-78"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:livebook:livebook:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.8.0",
"versionEndExcluding": "0.8.2",
"matchCriteriaId": "0BFE3DF8-01D2-4B07-A6D3-161E54A3AA22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:livebook:livebook:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.9.0",
"versionEndExcluding": "0.9.3",
"matchCriteriaId": "1417F052-3C0B-4BF5-AA92-2154895E67DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-359xx/CVE-2023-35926.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35926",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-22T14:15:09.607",
"lastModified": "2023-06-22T14:49:18.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:54:47.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,20 +64,57 @@
"value": "CWE-94"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:backstage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.15.0",
"matchCriteriaId": "41D3145E-0089-49C3-AFAA-7994C26E230A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/backstage/backstage/commit/fb7375507d56faedcb7bb3665480070593c8949a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/backstage/backstage/releases/tag/v1.15.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-wg6p-jmpc-xjmr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-359xx/CVE-2023-35938.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-35938",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T20:15:09.923",
"lastModified": "2023-06-29T20:15:09.923",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": " Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. This issue has been resolved in Tuleap version 14.9.99.63. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"references": [
{
"url": "https://github.com/Enalean/tuleap/commit/a108186e7538676c4bf6e615f793f3b787a09b91",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-rq42-cv6q-3m9q",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a108186e7538676c4bf6e615f793f3b787a09b91",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=32278",
"source": "security-advisories@github.com"
}
]
}

65
CVE-2023/CVE-2023-362xx/CVE-2023-36239.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-36239",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T19:15:09.037",
"lastModified": "2023-06-22T20:05:36.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:58:32.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libming:libming:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18B4A4AA-DE48-45A4-AE25-1C83C1CDC743"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/libming/libming/issues/273",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-362xx/CVE-2023-36243.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2023-36243",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T19:15:09.090",
"lastModified": "2023-06-22T20:05:36.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T21:02:42.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flvmeta:flvmeta:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3887D703-BBA1-4EF1-983F-D2911A5ECACE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/noirotm/flvmeta/issues/19",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-362xx/CVE-2023-36287.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-36287",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T16:15:09.630",
"lastModified": "2023-06-23T17:21:14.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:41:22.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webkul:qloapps:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB4AD3B-CE71-45A3-A6C6-A8B0E73B876D"
}
]
}
]
}
],
"references": [
{
"url": "https://flashy-lemonade-192.notion.site/Cross-site-scripting-via-controller-parameter-in-QloApps-1-6-0-97e409ce164f40d195b625b9bf719900?pvs=4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-362xx/CVE-2023-36288.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-36288",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T15:15:10.323",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:40:42.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webkul:qloapps:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB4AD3B-CE71-45A3-A6C6-A8B0E73B876D"
}
]
}
]
}
],
"references": [
{
"url": "https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-admin-dashboard-via-configure-parameter-in-QloApps-1-6-0-b6303661ac6a47e4b7a6f23cf2818a52?pvs=4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-362xx/CVE-2023-36289.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-36289",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T15:15:10.537",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:39:34.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webkul:qloapps:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB4AD3B-CE71-45A3-A6C6-A8B0E73B876D"
}
]
}
]
}
],
"references": [
{
"url": "https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-POST-Request-via-email_create-and-back-parameter-in-QloApps-1-6-0-e05548203d744daf9047d82fc94b19b7?pvs=4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

292
CVE-2023/CVE-2023-363xx/CVE-2023-36354.json
View File

@ -2,19 +2,303 @@
"id": "CVE-2023-36354",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T20:15:09.687",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:45:07.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "2537DC7E-8024-45B5-924C-18C9B702DAFC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F95370-1001-4194-A0CB-B3CEA027AB6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:v8:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9738A0-4CC4-4C8C-A4BA-843395B0AA55"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F95370-1001-4194-A0CB-B3CEA027AB6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:v10:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4230D-3A3A-4D0E-BBD3-79C3054E90F8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr740n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13CA99B0-BE20-4850-9D5E-2CC6020C4775"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:v1:*:*:*:*:*:*:*",
"matchCriteriaId": "89AF2EC8-F679-4A9D-BB1C-E3EABCC7A086"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr740n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13CA99B0-BE20-4850-9D5E-2CC6020C4775"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CA5AB9-F342-4E8D-9658-569198DDE8F9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "029B4B03-94CE-41FF-A635-41682AE4B26D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF722F24-7D43-4535-B013-545109CB1D98"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr941nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7600C377-2A63-4127-8958-32E04E7983CA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr941nd:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0FC0E0-6C5B-49CA-95E3-D4AAC9D51518"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr941nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7600C377-2A63-4127-8958-32E04E7983CA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr941nd:v6:*:*:*:*:*:*:*",
"matchCriteriaId": "111123CC-8945-4BB2-AD6B-08E80B1A2AD6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/7/TL-WR940N_TL-WR841N_TL-WR740N_TL-WR941ND_userRpm_AccessCtrlTimeSchedRpm.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

238
CVE-2023/CVE-2023-363xx/CVE-2023-36359.json
View File

@ -2,19 +2,249 @@
"id": "CVE-2023-36359",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T20:15:09.920",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T20:44:26.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "2537DC7E-8024-45B5-924C-18C9B702DAFC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F95370-1001-4194-A0CB-B3CEA027AB6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:v8:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9738A0-4CC4-4C8C-A4BA-843395B0AA55"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F95370-1001-4194-A0CB-B3CEA027AB6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:v10:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4230D-3A3A-4D0E-BBD3-79C3054E90F8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "029B4B03-94CE-41FF-A635-41682AE4B26D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF722F24-7D43-4535-B013-545109CB1D98"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr941nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7600C377-2A63-4127-8958-32E04E7983CA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr941nd:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0FC0E0-6C5B-49CA-95E3-D4AAC9D51518"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr941nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7600C377-2A63-4127-8958-32E04E7983CA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr941nd:v6:*:*:*:*:*:*:*",
"matchCriteriaId": "111123CC-8945-4BB2-AD6B-08E80B1A2AD6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/8/TP-Link%20TL-WR940N%20TL-WR841N%20TL-WR941ND%20wireless%20router%20userRpmQoSRuleListRpm%20buffer%20read%20out-of-bounds%20vulnerability.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-364xx/CVE-2023-36468.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-36468",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T21:15:09.703",
"lastModified": "2023-06-29T21:15:09.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still possible to exploit the vulnerability that was fixed in the new version. The severity of this depends on the fixed vulnerability, for the purpose of this advisory take CVE-2022-36100/GHSA-2g5c-228j-p52x as example - it is easily exploitable with just view rights and critical. When XWiki is upgraded from a version before the fix for it (e.g., 14.3) to a version including the fix (e.g., 14.4), the vulnerability can still be reproduced by adding `rev=1.1` to the URL used in the reproduction steps so remote code execution is possible even after upgrading. Therefore, this affects the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability also affects manually added script macros that contained security vulnerabilities that were later fixed by changing the script macro without deleting the versions with the security vulnerability from the history. This vulnerability doesn't affect freshly installed versions of XWiki. Further, this vulnerability doesn't affect content that is only loaded from the current version of a document like the code of wiki macros or UI extensions. This vulnerability has been patched in XWiki 14.10.7 and 15.2RC1 by forcing old revisions to be executed in a restricted mode that disables all script macros. As a workaround, admins can manually delete old revisions of affected documents. A script could be used to identify all installed documents and delete the history for them. However, also manually added and later corrected code may be affected by this vulnerability so it is easy to miss documents."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-459"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8q9q-r9v2-644m",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20594",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2023/CVE-2023-364xx/CVE-2023-36469.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-36469",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T21:15:09.773",
"lastModified": "2023-06-29T21:15:09.773",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.6 and 15.2RC1. Users are advised to update. As a workaround the main security fix can be manually applied by patching the affected document `XWiki.Notifications.Code.NotificationRSSService`. This will break the link to the differences, though as this requires additional changes to Velocity templates as shown in the patch. While the default template is available in the instance and can be easily patched, the template for mentions is contained in a `.jar`-file and thus cannot be fixed without replacing that jar."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-7221a548809fa2ba34348556f4b5bd436463c559ebdf691197932ee7ce4478ca",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-b261c6eac3108c3e6e734054c28a78f59d3439ab72fe8582dadf87670a0d15a4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-94pf-92hw-2hjc",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20610",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2023/CVE-2023-364xx/CVE-2023-36470.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-36470",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T21:15:09.843",
"lastModified": "2023-06-29T21:15:09.843",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and thus allows remote code execution. There are different attack vectors, the simplest is the Velocity code in the icon set's HTML or XWiki syntax definition. The [icon picker](https://extensions.xwiki.org/xwiki/bin/view/Extension/Icon%20Theme%20Application#HIconPicker) can be used to trigger the rendering of any icon set. The XWiki syntax variant of the icon set is also used without any escaping in some documents, allowing to inject XWiki syntax including script macros into a document that might have programming right, for this the currently used icon theme needs to be edited. Further, the HTML output of the icon set is output as JSON in the icon picker and this JSON is interpreted as XWiki syntax, allowing again the injection of script macros into a document with programming right and thus allowing remote code execution. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This issue has been patched in XWiki 14.10.6 and 15.1. Icon themes now require script right and the code in the icon theme is executed within the context of the icon theme, preventing any rights escalation. A macro for displaying icons has been introduced to avoid injecting the raw wiki syntax of an icon set into another document. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/46b542854978e9caa687a5c2b8817b8b17877d94",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/79418dd92ca11941b46987ef881bf50424898ff4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fm68-j7ww-h9xf",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20524",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-364xx/CVE-2023-36471.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-36471",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T20:15:10.003",
"lastModified": "2023-06-29T20:15:10.003",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishing attacks or also in the context of a sheet, the attacker could add an input like `{{html}}<input type=\"hidden\" name=\"content\" value=\"{{groovy}}println(&quot;Hello from Groovy!&quot;)\" />{{/html}}` that would allow remote code execution when it is submitted by an admin (the sheet is rendered as part of the edit form). The attacker would need to ensure that the edit form looks plausible, though, which can be non-trivial as without script right the attacker cannot display the regular content of the document. This has been patched in XWiki 14.10.6 and 15.2RC1 by removing the central form-related tags from the list of allowed tags. Users are advised to upgrade. As a workaround an admin can manually disallow the tags by adding `form, input, select, textarea, button` to the configuration option `xml.htmlElementSanitizer.forbidTags` in the `xwiki.properties` configuration file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-commons/commit/99484d48e899a68a1b6e33d457825b776c6fe8c3",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-6pqf-c99p-758v",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XCOMMONS-2634",
"source": "security-advisories@github.com"
}
]
}

32
CVE-2023/CVE-2023-366xx/CVE-2023-36607.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-36607",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-29T21:15:09.917",
"lastModified": "2023-06-29T21:15:09.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03",
"source": "ics-cert@hq.dhs.gov"
}
]
}

75
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-29T20:00:27.037174+00:00
2023-06-29T22:00:24.708258+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-29T20:00:00.027000+00:00
2023-06-29T21:15:10.047000+00:00
```
### Last Data Feed Release
@ -29,48 +29,55 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
218900
218915
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `15`
* [CVE-2023-30946](CVE-2023/CVE-2023-309xx/CVE-2023-30946.json) (`2023-06-29T19:15:08.837`)
* [CVE-2023-30955](CVE-2023/CVE-2023-309xx/CVE-2023-30955.json) (`2023-06-29T19:15:08.913`)
* [CVE-2023-33190](CVE-2023/CVE-2023-331xx/CVE-2023-33190.json) (`2023-06-29T19:15:08.977`)
* [CVE-2023-36484](CVE-2023/CVE-2023-364xx/CVE-2023-36484.json) (`2023-06-29T19:15:09.053`)
* [CVE-2020-26708](CVE-2020/CVE-2020-267xx/CVE-2020-26708.json) (`2023-06-29T21:15:09.197`)
* [CVE-2020-26709](CVE-2020/CVE-2020-267xx/CVE-2020-26709.json) (`2023-06-29T21:15:09.247`)
* [CVE-2020-26710](CVE-2020/CVE-2020-267xx/CVE-2020-26710.json) (`2023-06-29T21:15:09.300`)
* [CVE-2022-44719](CVE-2022/CVE-2022-447xx/CVE-2022-44719.json) (`2023-06-29T20:15:09.727`)
* [CVE-2022-44720](CVE-2022/CVE-2022-447xx/CVE-2022-44720.json) (`2023-06-29T20:15:09.780`)
* [CVE-2023-25433](CVE-2023/CVE-2023-254xx/CVE-2023-25433.json) (`2023-06-29T20:15:09.830`)
* [CVE-2023-26966](CVE-2023/CVE-2023-269xx/CVE-2023-26966.json) (`2023-06-29T20:15:09.873`)
* [CVE-2023-35938](CVE-2023/CVE-2023-359xx/CVE-2023-35938.json) (`2023-06-29T20:15:09.923`)
* [CVE-2023-36471](CVE-2023/CVE-2023-364xx/CVE-2023-36471.json) (`2023-06-29T20:15:10.003`)
* [CVE-2023-36468](CVE-2023/CVE-2023-364xx/CVE-2023-36468.json) (`2023-06-29T21:15:09.703`)
* [CVE-2023-36469](CVE-2023/CVE-2023-364xx/CVE-2023-36469.json) (`2023-06-29T21:15:09.773`)
* [CVE-2023-36470](CVE-2023/CVE-2023-364xx/CVE-2023-36470.json) (`2023-06-29T21:15:09.843`)
* [CVE-2023-36607](CVE-2023/CVE-2023-366xx/CVE-2023-36607.json) (`2023-06-29T21:15:09.917`)
* [CVE-2023-3464](CVE-2023/CVE-2023-34xx/CVE-2023-3464.json) (`2023-06-29T21:15:09.977`)
* [CVE-2023-3465](CVE-2023/CVE-2023-34xx/CVE-2023-3465.json) (`2023-06-29T21:15:10.047`)
### CVEs modified in the last Commit
Recently modified CVEs: `28`
Recently modified CVEs: `21`
* [CVE-2022-31636](CVE-2022/CVE-2022-316xx/CVE-2022-31636.json) (`2023-06-29T19:59:04.183`)
* [CVE-2022-31635](CVE-2022/CVE-2022-316xx/CVE-2022-31635.json) (`2023-06-29T20:00:00.027`)
* [CVE-2023-26612](CVE-2023/CVE-2023-266xx/CVE-2023-26612.json) (`2023-06-29T18:16:42.100`)
* [CVE-2023-26613](CVE-2023/CVE-2023-266xx/CVE-2023-26613.json) (`2023-06-29T18:16:42.100`)
* [CVE-2023-26616](CVE-2023/CVE-2023-266xx/CVE-2023-26616.json) (`2023-06-29T18:16:42.100`)
* [CVE-2023-31222](CVE-2023/CVE-2023-312xx/CVE-2023-31222.json) (`2023-06-29T18:16:42.100`)
* [CVE-2023-33277](CVE-2023/CVE-2023-332xx/CVE-2023-33277.json) (`2023-06-29T18:16:42.100`)
* [CVE-2023-35830](CVE-2023/CVE-2023-358xx/CVE-2023-35830.json) (`2023-06-29T18:16:42.100`)
* [CVE-2023-37251](CVE-2023/CVE-2023-372xx/CVE-2023-37251.json) (`2023-06-29T18:16:42.100`)
* [CVE-2023-37254](CVE-2023/CVE-2023-372xx/CVE-2023-37254.json) (`2023-06-29T18:16:42.100`)
* [CVE-2023-37255](CVE-2023/CVE-2023-372xx/CVE-2023-37255.json) (`2023-06-29T18:16:42.100`)
* [CVE-2023-37256](CVE-2023/CVE-2023-372xx/CVE-2023-37256.json) (`2023-06-29T18:16:42.100`)
* [CVE-2023-26085](CVE-2023/CVE-2023-260xx/CVE-2023-26085.json) (`2023-06-29T18:16:42.100`)
* [CVE-2023-34658](CVE-2023/CVE-2023-346xx/CVE-2023-34658.json) (`2023-06-29T18:16:42.100`)
* [CVE-2023-36487](CVE-2023/CVE-2023-364xx/CVE-2023-36487.json) (`2023-06-29T18:16:42.100`)
* [CVE-2023-29931](CVE-2023/CVE-2023-299xx/CVE-2023-29931.json) (`2023-06-29T18:17:31.473`)
* [CVE-2023-2976](CVE-2023/CVE-2023-29xx/CVE-2023-2976.json) (`2023-06-29T18:22:00.287`)
* [CVE-2023-3320](CVE-2023/CVE-2023-33xx/CVE-2023-3320.json) (`2023-06-29T18:57:46.367`)
* [CVE-2023-36488](CVE-2023/CVE-2023-364xx/CVE-2023-36488.json) (`2023-06-29T19:15:09.100`)
* [CVE-2023-25187](CVE-2023/CVE-2023-251xx/CVE-2023-25187.json) (`2023-06-29T19:17:48.053`)
* [CVE-2023-27535](CVE-2023/CVE-2023-275xx/CVE-2023-27535.json) (`2023-06-29T19:29:03.043`)
* [CVE-2023-31410](CVE-2023/CVE-2023-314xx/CVE-2023-31410.json) (`2023-06-29T19:37:30.677`)
* [CVE-2023-1862](CVE-2023/CVE-2023-18xx/CVE-2023-1862.json) (`2023-06-29T19:44:33.407`)
* [CVE-2023-31411](CVE-2023/CVE-2023-314xx/CVE-2023-31411.json) (`2023-06-29T19:54:48.750`)
* [CVE-2023-32659](CVE-2023/CVE-2023-326xx/CVE-2023-32659.json) (`2023-06-29T19:58:00.653`)
* [CVE-2023-33921](CVE-2023/CVE-2023-339xx/CVE-2023-33921.json) (`2023-06-29T20:12:44.373`)
* [CVE-2023-33920](CVE-2023/CVE-2023-339xx/CVE-2023-33920.json) (`2023-06-29T20:14:03.950`)
* [CVE-2023-29158](CVE-2023/CVE-2023-291xx/CVE-2023-29158.json) (`2023-06-29T20:14:11.297`)
* [CVE-2023-33919](CVE-2023/CVE-2023-339xx/CVE-2023-33919.json) (`2023-06-29T20:14:54.990`)
* [CVE-2023-35174](CVE-2023/CVE-2023-351xx/CVE-2023-35174.json) (`2023-06-29T20:20:14.797`)
* [CVE-2023-35133](CVE-2023/CVE-2023-351xx/CVE-2023-35133.json) (`2023-06-29T20:27:24.947`)
* [CVE-2023-35132](CVE-2023/CVE-2023-351xx/CVE-2023-35132.json) (`2023-06-29T20:36:59.997`)
* [CVE-2023-35131](CVE-2023/CVE-2023-351xx/CVE-2023-35131.json) (`2023-06-29T20:37:43.530`)
* [CVE-2023-30347](CVE-2023/CVE-2023-303xx/CVE-2023-30347.json) (`2023-06-29T20:37:57.037`)
* [CVE-2023-36289](CVE-2023/CVE-2023-362xx/CVE-2023-36289.json) (`2023-06-29T20:39:34.890`)
* [CVE-2023-36288](CVE-2023/CVE-2023-362xx/CVE-2023-36288.json) (`2023-06-29T20:40:42.003`)
* [CVE-2023-20892](CVE-2023/CVE-2023-208xx/CVE-2023-20892.json) (`2023-06-29T20:40:56.387`)
* [CVE-2023-36287](CVE-2023/CVE-2023-362xx/CVE-2023-36287.json) (`2023-06-29T20:41:22.900`)
* [CVE-2023-32353](CVE-2023/CVE-2023-323xx/CVE-2023-32353.json) (`2023-06-29T20:42:38.890`)
* [CVE-2023-36359](CVE-2023/CVE-2023-363xx/CVE-2023-36359.json) (`2023-06-29T20:44:26.790`)
* [CVE-2023-36354](CVE-2023/CVE-2023-363xx/CVE-2023-36354.json) (`2023-06-29T20:45:07.187`)
* [CVE-2023-35926](CVE-2023/CVE-2023-359xx/CVE-2023-35926.json) (`2023-06-29T20:54:47.117`)
* [CVE-2023-36239](CVE-2023/CVE-2023-362xx/CVE-2023-36239.json) (`2023-06-29T20:58:32.827`)
* [CVE-2023-36243](CVE-2023/CVE-2023-362xx/CVE-2023-36243.json) (`2023-06-29T21:02:42.490`)
* [CVE-2023-2904](CVE-2023/CVE-2023-29xx/CVE-2023-2904.json) (`2023-06-29T21:15:09.393`)
* [CVE-2023-35170](CVE-2023/CVE-2023-351xx/CVE-2023-35170.json) (`2023-06-29T21:15:09.657`)
## Download and Usage