admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-29T22:00:25.129210+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-29 22:00:28 +00:00
parent 98e6a9c25d
commit ebd1aac28d
41 changed files with 1861 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2021/CVE-2021-293xx/CVE-2021-29390.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-29390",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:20.237",
"lastModified": "2023-08-29T19:15:26.667",
"lastModified": "2023-08-29T20:15:08.987",
"vulnStatus": "Modified",
"descriptions": [
{
@ -74,6 +74,10 @@
{
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c",
"source": "cve@mitre.org"
}
]
}

28
CVE-2021/CVE-2021-32xx/CVE-2021-3262.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2021-3262",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-29T20:15:09.487",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the \"Student Busing Information\" search queries."
}
],
"metrics": {},
"references": [
{
"url": "http://tripspark.com",
"source": "cve@mitre.org"
},
{
"url": "http://veo.com",
"source": "cve@mitre.org"
},
{
"url": "https://susos.co/blog/f/cve-disclosureuncovered-sql-injection-in-tripspark-veo-transport",
"source": "cve@mitre.org"
}
]
}

11
CVE-2022/CVE-2022-287xx/CVE-2022-28796.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28796",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-08T05:15:07.067",
"lastModified": "2022-05-12T20:06:19.163",
"lastModified": "2023-08-29T21:02:02.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,14 +70,13 @@
"description": [
{
"lang": "en",
"value": "CWE-416"
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -86,15 +85,15 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.1",
"matchCriteriaId": "C4C36454-2CDC-4F8D-A717-878F1C39CAD1"
"matchCriteriaId": "3004D9BF-0093-4C9C-8560-F3E91AFAE409"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -115,7 +114,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -131,7 +129,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",

4
CVE-2023/CVE-2023-208xx/CVE-2023-20890.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20890",
"sourceIdentifier": "security@vmware.com",
"published": "2023-08-29T18:15:08.570",
"lastModified": "2023-08-29T18:15:08.570",
"vulnStatus": "Received",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

12
CVE-2023/CVE-2023-264xx/CVE-2023-26462.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26462",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-23T06:15:10.340",
"lastModified": "2023-03-03T02:29:16.507",
"lastModified": "2023-08-29T20:18:02.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]

55
CVE-2023/CVE-2023-322xx/CVE-2023-32241.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32241",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-29T21:15:09.670",
"lastModified": "2023-08-29T21:15:09.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <=\u00a05.4.8 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/essential-addons-elementor/wordpress-essential-addons-for-elementor-pro-plugin-5-4-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

26
CVE-2023/CVE-2023-327xx/CVE-2023-32756.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32756",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-08-25T08:15:07.747",
"lastModified": "2023-08-25T12:47:00.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:22:34.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:edetw:u-office_force:20.0.7668d:*:*:*:*:*:*:*",
"matchCriteriaId": "E126F0A9-0B99-408C-84B9-9326613FF6FF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7329-d8e4c-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

26
CVE-2023/CVE-2023-327xx/CVE-2023-32757.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32757",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-08-25T08:15:07.850",
"lastModified": "2023-08-25T12:47:00.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:22:23.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:edetw:u-office_force:20.0.7668d:*:*:*:*:*:*:*",
"matchCriteriaId": "E126F0A9-0B99-408C-84B9-9326613FF6FF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7330-94442-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-32xx/CVE-2023-3251.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3251",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-08-29T19:15:27.023",
"lastModified": "2023-08-29T19:15:27.023",
"vulnStatus": "Received",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-32xx/CVE-2023-3252.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3252",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-08-29T19:15:27.467",
"lastModified": "2023-08-29T19:15:27.467",
"vulnStatus": "Received",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

43
CVE-2023/CVE-2023-32xx/CVE-2023-3253.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-3253",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-08-29T20:15:10.213",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability exists where an authenticated, \nlow privileged remote attacker could view a list of all the users \navailable in the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.tenable.com/security/tns-2023-29",
"source": "vulnreport@tenable.com"
}
]
}

4
CVE-2023/CVE-2023-340xx/CVE-2023-34039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34039",
"sourceIdentifier": "security@vmware.com",
"published": "2023-08-29T18:15:08.680",
"lastModified": "2023-08-29T18:15:08.680",
"vulnStatus": "Received",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
CVE-2023/CVE-2023-361xx/CVE-2023-36198.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-36198",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T20:15:08.193",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-29T20:53:49.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:skale:sgxwallet:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE703687-AEA5-4907-A024-416EFA865D05"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/skalenetwork/sgxwallet/issues/419",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-361xx/CVE-2023-36199.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2023-36199",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T20:15:08.253",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-29T20:53:23.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:skale:sgxwallet:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.9.0",
"matchCriteriaId": "C937A19D-E630-4FEB-B7ED-C8C75C44290B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/skalenetwork/sgxwallet/issues/419",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-374xx/CVE-2023-37425.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37425",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-22T19:16:37.097",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:18:00.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +54,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.5",
"matchCriteriaId": "5E893AD7-C02C-4608-AF2E-01FDF300DFF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndIncluding": "9.1.7",
"matchCriteriaId": "A49FCAD2-9EAA-4A38-9416-96C130C6E3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.5",
"matchCriteriaId": "7B72D752-0E1E-4D9F-8DE7-848EA8161402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "141D0310-AE35-48FA-953A-1F2019370717"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-374xx/CVE-2023-37427.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37427",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-22T19:16:37.310",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:32:01.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +54,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.5",
"matchCriteriaId": "5E893AD7-C02C-4608-AF2E-01FDF300DFF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndIncluding": "9.1.7",
"matchCriteriaId": "A49FCAD2-9EAA-4A38-9416-96C130C6E3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.5",
"matchCriteriaId": "7B72D752-0E1E-4D9F-8DE7-848EA8161402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "141D0310-AE35-48FA-953A-1F2019370717"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-374xx/CVE-2023-37428.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37428",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-22T19:16:37.423",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:36:16.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +54,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.5",
"matchCriteriaId": "5E893AD7-C02C-4608-AF2E-01FDF300DFF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndIncluding": "9.1.7",
"matchCriteriaId": "A49FCAD2-9EAA-4A38-9416-96C130C6E3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.5",
"matchCriteriaId": "7B72D752-0E1E-4D9F-8DE7-848EA8161402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "141D0310-AE35-48FA-953A-1F2019370717"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-374xx/CVE-2023-37429.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37429",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-22T19:16:37.580",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:23:33.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +54,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.5",
"matchCriteriaId": "5E893AD7-C02C-4608-AF2E-01FDF300DFF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndIncluding": "9.1.7",
"matchCriteriaId": "A49FCAD2-9EAA-4A38-9416-96C130C6E3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.5",
"matchCriteriaId": "7B72D752-0E1E-4D9F-8DE7-848EA8161402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "141D0310-AE35-48FA-953A-1F2019370717"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-374xx/CVE-2023-37430.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37430",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-22T19:16:37.737",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:23:56.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +54,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.5",
"matchCriteriaId": "5E893AD7-C02C-4608-AF2E-01FDF300DFF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndIncluding": "9.1.7",
"matchCriteriaId": "A49FCAD2-9EAA-4A38-9416-96C130C6E3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.5",
"matchCriteriaId": "7B72D752-0E1E-4D9F-8DE7-848EA8161402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "141D0310-AE35-48FA-953A-1F2019370717"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-374xx/CVE-2023-37431.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37431",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-22T19:16:37.833",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:26:39.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +54,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.5",
"matchCriteriaId": "5E893AD7-C02C-4608-AF2E-01FDF300DFF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndIncluding": "9.1.7",
"matchCriteriaId": "A49FCAD2-9EAA-4A38-9416-96C130C6E3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.5",
"matchCriteriaId": "7B72D752-0E1E-4D9F-8DE7-848EA8161402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "141D0310-AE35-48FA-953A-1F2019370717"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-374xx/CVE-2023-37432.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37432",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-22T19:16:38.070",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:26:53.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +54,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.5",
"matchCriteriaId": "5E893AD7-C02C-4608-AF2E-01FDF300DFF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndIncluding": "9.1.7",
"matchCriteriaId": "A49FCAD2-9EAA-4A38-9416-96C130C6E3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.5",
"matchCriteriaId": "7B72D752-0E1E-4D9F-8DE7-848EA8161402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "141D0310-AE35-48FA-953A-1F2019370717"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-374xx/CVE-2023-37433.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37433",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-22T19:16:38.253",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:27:05.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +54,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.5",
"matchCriteriaId": "5E893AD7-C02C-4608-AF2E-01FDF300DFF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndIncluding": "9.1.7",
"matchCriteriaId": "A49FCAD2-9EAA-4A38-9416-96C130C6E3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.5",
"matchCriteriaId": "7B72D752-0E1E-4D9F-8DE7-848EA8161402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "141D0310-AE35-48FA-953A-1F2019370717"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-374xx/CVE-2023-37434.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37434",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-22T19:16:38.360",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:27:13.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +54,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.5",
"matchCriteriaId": "5E893AD7-C02C-4608-AF2E-01FDF300DFF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndIncluding": "9.1.7",
"matchCriteriaId": "A49FCAD2-9EAA-4A38-9416-96C130C6E3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.5",
"matchCriteriaId": "7B72D752-0E1E-4D9F-8DE7-848EA8161402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "141D0310-AE35-48FA-953A-1F2019370717"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-392xx/CVE-2023-39266.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-39266",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-29T20:15:09.637",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-392xx/CVE-2023-39267.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-39267",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-29T20:15:09.743",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-392xx/CVE-2023-39268.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-39268",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-29T20:15:09.830",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt",
"source": "security-alert@hpe.com"
}
]
}

69
CVE-2023/CVE-2023-392xx/CVE-2023-39291.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-39291",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T22:15:11.193",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:49:42.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.6.2304.102",
"matchCriteriaId": "6474C127-C923-4AC2-B9E1-BF3FCA0C2677"
}
]
}
]
}
],
"references": [
{
"url": "https://www.mitel.com/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0013",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-395xx/CVE-2023-39522.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39522",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-29T18:15:08.753",
"lastModified": "2023-08-29T18:15:08.753",
"vulnStatus": "Received",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
CVE-2023/CVE-2023-395xx/CVE-2023-39578.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-39578",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T20:15:08.207",
"lastModified": "2023-08-29T05:18:54.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:28:14.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribalsystems:zenario:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D286E7B5-A87E-4B50-8BCD-DDD571CBD8C1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/anh91/Zenario-xss/issues/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-396xx/CVE-2023-39600.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-39600",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T20:15:08.380",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-29T20:51:52.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icewarp:icewarp:11.4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA47D262-3C30-4F45-8C16-D940AA3F30D8"
}
]
}
]
}
],
"references": [
{
"url": "http://icewrap.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://medium.com/@katikitala.sushmitha078/cross-site-scripting-reflected-xss-in-icewarp-server-cve-2023-39600-310a7e1c8817",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

20
CVE-2023/CVE-2023-396xx/CVE-2023-39663.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39663",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-29T20:15:09.990",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/mathjax/MathJax/issues/3074",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-396xx/CVE-2023-39678.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39678",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-29T20:15:10.133",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://telegra.ph/XSS-in-BDCOM-OLT-P3310D-2AC-07-29",
"source": "cve@mitre.org"
}
]
}

74
CVE-2023/CVE-2023-397xx/CVE-2023-39707.json
View File

@ -2,27 +2,89 @@
"id": "CVE-2023-39707",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T20:15:08.443",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-29T20:50:37.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:free_and_open_source_inventory_management_system_project:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4E30A0-0847-427A-9B08-FB699FCC7958"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Arajawat007/b94d7ce74fcf16014e282a9b525f4555#file-cve-2023-39707",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

76
CVE-2023/CVE-2023-408xx/CVE-2023-40846.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-40846",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T14:15:09.197",
"lastModified": "2023-08-28T19:28:54.367",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:22:01.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/9/9.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-43xx/CVE-2023-4346.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4346",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-08-29T20:15:10.300",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nKNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, an attacker with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, an attacker with physical access to the device could also exploit this vulnerability in the same way. \n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-645"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

62
CVE-2023/CVE-2023-45xx/CVE-2023-4543.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4543",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-25T22:15:11.610",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:48:48.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibos:ibos:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F678D76-48AA-4940-833F-5567D196DB7D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/spcck/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.238048",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.238048",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

62
CVE-2023/CVE-2023-45xx/CVE-2023-4545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4545",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-26T07:15:10.067",
"lastModified": "2023-08-28T05:16:07.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:48:10.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibos:ibos:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F678D76-48AA-4940-833F-5567D196DB7D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/siyu15/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.238056",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.238056",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2023/CVE-2023-45xx/CVE-2023-4547.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4547",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-26T09:15:09.057",
"lastModified": "2023-08-28T18:15:09.063",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:47:26.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +83,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +91,61 @@
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spa-cart:ecommerce_cms:1.9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93B7AD74-6F1F-4634-A073-725D49E7B93F"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174343/SPA-Cart-eCommerce-CMS-1.9.0.3-Cross-Site-Scripting.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?ctiid.238058",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.238058",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

63
CVE-2023/CVE-2023-45xx/CVE-2023-4548.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4548",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-26T10:15:11.277",
"lastModified": "2023-08-28T18:15:09.227",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-29T20:42:49.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spa-cart:ecommerce_cms:1.9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93B7AD74-6F1F-4634-A073-725D49E7B93F"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174344/SPA-Cart-eCommerce-CMS-1.9.0.3-SQL-Injection.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?ctiid.238059",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.238059",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

24
CVE-2023/CVE-2023-45xx/CVE-2023-4572.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-4572",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-29T20:15:10.480",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1472492",
"source": "chrome-cve-admin@google.com"
}
]
}

75
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-29T20:00:24.895475+00:00
2023-08-29T22:00:25.129210+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-29T19:55:51.197000+00:00
2023-08-29T21:15:09.670000+00:00
```
### Last Data Feed Release
@ -29,49 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223622
223632
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `10`
* [CVE-2023-20890](CVE-2023/CVE-2023-208xx/CVE-2023-20890.json) (`2023-08-29T18:15:08.570`)
* [CVE-2023-34039](CVE-2023/CVE-2023-340xx/CVE-2023-34039.json) (`2023-08-29T18:15:08.680`)
* [CVE-2023-39522](CVE-2023/CVE-2023-395xx/CVE-2023-39522.json) (`2023-08-29T18:15:08.753`)
* [CVE-2023-3251](CVE-2023/CVE-2023-32xx/CVE-2023-3251.json) (`2023-08-29T19:15:27.023`)
* [CVE-2023-3252](CVE-2023/CVE-2023-32xx/CVE-2023-3252.json) (`2023-08-29T19:15:27.467`)
* [CVE-2021-3262](CVE-2021/CVE-2021-32xx/CVE-2021-3262.json) (`2023-08-29T20:15:09.487`)
* [CVE-2023-39266](CVE-2023/CVE-2023-392xx/CVE-2023-39266.json) (`2023-08-29T20:15:09.637`)
* [CVE-2023-39267](CVE-2023/CVE-2023-392xx/CVE-2023-39267.json) (`2023-08-29T20:15:09.743`)
* [CVE-2023-39268](CVE-2023/CVE-2023-392xx/CVE-2023-39268.json) (`2023-08-29T20:15:09.830`)
* [CVE-2023-39663](CVE-2023/CVE-2023-396xx/CVE-2023-39663.json) (`2023-08-29T20:15:09.990`)
* [CVE-2023-39678](CVE-2023/CVE-2023-396xx/CVE-2023-39678.json) (`2023-08-29T20:15:10.133`)
* [CVE-2023-3253](CVE-2023/CVE-2023-32xx/CVE-2023-3253.json) (`2023-08-29T20:15:10.213`)
* [CVE-2023-4346](CVE-2023/CVE-2023-43xx/CVE-2023-4346.json) (`2023-08-29T20:15:10.300`)
* [CVE-2023-4572](CVE-2023/CVE-2023-45xx/CVE-2023-4572.json) (`2023-08-29T20:15:10.480`)
* [CVE-2023-32241](CVE-2023/CVE-2023-322xx/CVE-2023-32241.json) (`2023-08-29T21:15:09.670`)
### CVEs modified in the last Commit
Recently modified CVEs: `37`
Recently modified CVEs: `30`
* [CVE-2023-24548](CVE-2023/CVE-2023-245xx/CVE-2023-24548.json) (`2023-08-29T18:14:25.027`)
* [CVE-2023-39615](CVE-2023/CVE-2023-396xx/CVE-2023-39615.json) (`2023-08-29T18:14:25.027`)
* [CVE-2023-39616](CVE-2023/CVE-2023-396xx/CVE-2023-39616.json) (`2023-08-29T18:14:25.027`)
* [CVE-2023-3646](CVE-2023/CVE-2023-36xx/CVE-2023-3646.json) (`2023-08-29T18:14:25.027`)
* [CVE-2023-40889](CVE-2023/CVE-2023-408xx/CVE-2023-40889.json) (`2023-08-29T18:14:25.027`)
* [CVE-2023-40890](CVE-2023/CVE-2023-408xx/CVE-2023-40890.json) (`2023-08-29T18:14:25.027`)
* [CVE-2023-41037](CVE-2023/CVE-2023-410xx/CVE-2023-41037.json) (`2023-08-29T18:14:25.027`)
* [CVE-2023-4559](CVE-2023/CVE-2023-45xx/CVE-2023-4559.json) (`2023-08-29T18:16:34.183`)
* [CVE-2023-40892](CVE-2023/CVE-2023-408xx/CVE-2023-40892.json) (`2023-08-29T18:17:47.427`)
* [CVE-2023-40893](CVE-2023/CVE-2023-408xx/CVE-2023-40893.json) (`2023-08-29T18:22:17.173`)
* [CVE-2023-40305](CVE-2023/CVE-2023-403xx/CVE-2023-40305.json) (`2023-08-29T18:28:13.013`)
* [CVE-2023-40894](CVE-2023/CVE-2023-408xx/CVE-2023-40894.json) (`2023-08-29T18:36:37.477`)
* [CVE-2023-40895](CVE-2023/CVE-2023-408xx/CVE-2023-40895.json) (`2023-08-29T18:39:04.257`)
* [CVE-2023-40896](CVE-2023/CVE-2023-408xx/CVE-2023-40896.json) (`2023-08-29T18:39:43.853`)
* [CVE-2023-40897](CVE-2023/CVE-2023-408xx/CVE-2023-40897.json) (`2023-08-29T18:56:12.353`)
* [CVE-2023-34540](CVE-2023/CVE-2023-345xx/CVE-2023-34540.json) (`2023-08-29T18:57:58.473`)
* [CVE-2023-34541](CVE-2023/CVE-2023-345xx/CVE-2023-34541.json) (`2023-08-29T18:58:03.620`)
* [CVE-2023-35991](CVE-2023/CVE-2023-359xx/CVE-2023-35991.json) (`2023-08-29T18:58:15.803`)
* [CVE-2023-40898](CVE-2023/CVE-2023-408xx/CVE-2023-40898.json) (`2023-08-29T18:58:58.077`)
* [CVE-2023-40899](CVE-2023/CVE-2023-408xx/CVE-2023-40899.json) (`2023-08-29T19:14:34.473`)
* [CVE-2023-40900](CVE-2023/CVE-2023-409xx/CVE-2023-40900.json) (`2023-08-29T19:15:29.877`)
* [CVE-2023-40901](CVE-2023/CVE-2023-409xx/CVE-2023-40901.json) (`2023-08-29T19:19:51.567`)
* [CVE-2023-37422](CVE-2023/CVE-2023-374xx/CVE-2023-37422.json) (`2023-08-29T19:28:27.770`)
* [CVE-2023-37423](CVE-2023/CVE-2023-374xx/CVE-2023-37423.json) (`2023-08-29T19:44:45.850`)
* [CVE-2023-37424](CVE-2023/CVE-2023-374xx/CVE-2023-37424.json) (`2023-08-29T19:55:51.197`)
* [CVE-2023-32757](CVE-2023/CVE-2023-327xx/CVE-2023-32757.json) (`2023-08-29T20:22:23.300`)
* [CVE-2023-32756](CVE-2023/CVE-2023-327xx/CVE-2023-32756.json) (`2023-08-29T20:22:34.167`)
* [CVE-2023-37429](CVE-2023/CVE-2023-374xx/CVE-2023-37429.json) (`2023-08-29T20:23:33.733`)
* [CVE-2023-37430](CVE-2023/CVE-2023-374xx/CVE-2023-37430.json) (`2023-08-29T20:23:56.680`)
* [CVE-2023-37431](CVE-2023/CVE-2023-374xx/CVE-2023-37431.json) (`2023-08-29T20:26:39.703`)
* [CVE-2023-37432](CVE-2023/CVE-2023-374xx/CVE-2023-37432.json) (`2023-08-29T20:26:53.907`)
* [CVE-2023-37433](CVE-2023/CVE-2023-374xx/CVE-2023-37433.json) (`2023-08-29T20:27:05.560`)
* [CVE-2023-37434](CVE-2023/CVE-2023-374xx/CVE-2023-37434.json) (`2023-08-29T20:27:13.843`)
* [CVE-2023-39578](CVE-2023/CVE-2023-395xx/CVE-2023-39578.json) (`2023-08-29T20:28:14.970`)
* [CVE-2023-37427](CVE-2023/CVE-2023-374xx/CVE-2023-37427.json) (`2023-08-29T20:32:01.987`)
* [CVE-2023-37428](CVE-2023/CVE-2023-374xx/CVE-2023-37428.json) (`2023-08-29T20:36:16.033`)
* [CVE-2023-20890](CVE-2023/CVE-2023-208xx/CVE-2023-20890.json) (`2023-08-29T20:41:07.003`)
* [CVE-2023-34039](CVE-2023/CVE-2023-340xx/CVE-2023-34039.json) (`2023-08-29T20:41:07.003`)
* [CVE-2023-39522](CVE-2023/CVE-2023-395xx/CVE-2023-39522.json) (`2023-08-29T20:41:07.003`)
* [CVE-2023-3251](CVE-2023/CVE-2023-32xx/CVE-2023-3251.json) (`2023-08-29T20:41:07.003`)
* [CVE-2023-3252](CVE-2023/CVE-2023-32xx/CVE-2023-3252.json) (`2023-08-29T20:41:07.003`)
* [CVE-2023-4548](CVE-2023/CVE-2023-45xx/CVE-2023-4548.json) (`2023-08-29T20:42:49.530`)
* [CVE-2023-4547](CVE-2023/CVE-2023-45xx/CVE-2023-4547.json) (`2023-08-29T20:47:26.337`)
* [CVE-2023-4545](CVE-2023/CVE-2023-45xx/CVE-2023-4545.json) (`2023-08-29T20:48:10.567`)
* [CVE-2023-4543](CVE-2023/CVE-2023-45xx/CVE-2023-4543.json) (`2023-08-29T20:48:48.177`)
* [CVE-2023-39291](CVE-2023/CVE-2023-392xx/CVE-2023-39291.json) (`2023-08-29T20:49:42.797`)
* [CVE-2023-39707](CVE-2023/CVE-2023-397xx/CVE-2023-39707.json) (`2023-08-29T20:50:37.223`)
* [CVE-2023-39600](CVE-2023/CVE-2023-396xx/CVE-2023-39600.json) (`2023-08-29T20:51:52.543`)
* [CVE-2023-36199](CVE-2023/CVE-2023-361xx/CVE-2023-36199.json) (`2023-08-29T20:53:23.417`)
* [CVE-2023-36198](CVE-2023/CVE-2023-361xx/CVE-2023-36198.json) (`2023-08-29T20:53:49.233`)
## Download and Usage