admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-16T14:00:31.746165+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-16 14:00:35 +00:00
parent a7dfcb47a2
commit ed995057af
48 changed files with 1181 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2020/CVE-2020-260xx/CVE-2020-26037.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2020-26037",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-16T13:15:10.413",
"lastModified": "2023-08-16T13:15:10.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code."
}
],
"metrics": {},
"references": [
{
"url": "http://even.com",
"source": "cve@mitre.org"
},
{
"url": "http://punkbuster.com",
"source": "cve@mitre.org"
},
{
"url": "https://medium.com/@prizmant/hacking-punkbuster-e22e6cf2f36e",
"source": "cve@mitre.org"
}
]
}

32
CVE-2022/CVE-2022-47xx/CVE-2022-4782.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-4782",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:11.540",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d3a0468a-8405-4b6c-800f-abd5ce5387b5",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-00xx/CVE-2023-0058.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-0058",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:11.977",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0e677df9-2c49-42f0-a8e2-dbcf85bfc1a2",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-02xx/CVE-2023-0274.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0274",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.067",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/4f6197b6-6d4c-4986-b54c-453b17e94812",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-05xx/CVE-2023-0551.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-0551",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.150",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/de162a46-1fdb-47b9-9a61-f12a2c655a7d",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-05xx/CVE-2023-0579.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0579",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.233",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/574f7607-96d8-4ef8-b96c-0425ad7e7690",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-11xx/CVE-2023-1110.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1110",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.337",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/1830e829-4a43-4d98-8214-eecec6bef694",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-14xx/CVE-2023-1465.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1465",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.420",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/13f59eb4-0744-4fdb-94b5-886ee6bdd867",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-19xx/CVE-2023-1977.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1977",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.510",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/842f3b1f-395a-4ea2-b7df-a36f70e8c790",
"source": "contact@wpscan.com"
}
]
}

4
CVE-2023/CVE-2023-205xx/CVE-2023-20560.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20560",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-15T22:15:09.827",
"lastModified": "2023-08-15T22:15:09.827",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-205xx/CVE-2023-20564.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20564",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-15T22:15:11.597",
"lastModified": "2023-08-15T22:15:11.597",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

32
CVE-2023/CVE-2023-21xx/CVE-2023-2122.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2122",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.607",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/936fd93a-428d-4744-a4fc-c8da78dcbe78",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-21xx/CVE-2023-2123.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-2123",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.700",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/daniloalbuqrque/poc-cve-xss-encoded-wp-inventory-manager-plugin",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/44448888-cd5d-482e-859e-123e442ce5c1",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-22xx/CVE-2023-2225.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2225",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.797",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0af475ba-5c02-4f62-876d-6235a745bbd6",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-22xx/CVE-2023-2254.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2254",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.887",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8886ec5f-8465-448f-adbd-68a3e84c5dec",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-22xx/CVE-2023-2271.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2271",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.967",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/31512f33-c310-4b36-b665-19293097cc8b",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-22xx/CVE-2023-2272.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2272",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:13.053",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/dba60216-2753-40b7-8f2b-6caeba684b2e",
"source": "contact@wpscan.com"
}
]
}

4
CVE-2023/CVE-2023-261xx/CVE-2023-26140.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26140",
"sourceIdentifier": "report@snyk.io",
"published": "2023-08-16T05:15:09.810",
"lastModified": "2023-08-16T05:15:09.810",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-304xx/CVE-2023-30473.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30473",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-16T10:15:18.813",
"lastModified": "2023-08-16T10:15:18.813",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-307xx/CVE-2023-30779.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30779",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-16T11:15:10.617",
"lastModified": "2023-08-16T11:15:10.617",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-307xx/CVE-2023-30782.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30782",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-16T10:15:20.897",
"lastModified": "2023-08-16T10:15:20.897",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-307xx/CVE-2023-30784.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30784",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-16T10:15:21.073",
"lastModified": "2023-08-16T10:15:21.073",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-307xx/CVE-2023-30785.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30785",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-16T10:15:21.230",
"lastModified": "2023-08-16T10:15:21.230",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-307xx/CVE-2023-30786.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30786",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-16T10:15:21.380",
"lastModified": "2023-08-16T10:15:21.380",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-308xx/CVE-2023-30871.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30871",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-16T11:15:11.100",
"lastModified": "2023-08-16T11:15:11.100",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-314xx/CVE-2023-31448.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-31448",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T12:15:09.647",
"lastModified": "2023-08-15T17:35:56.743",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-16T12:15:13.193",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a HL7 Sensor. When creating this sensor, the user can set the HL7 message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system."
"value": "A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
}
],
"metrics": {

6
CVE-2023/CVE-2023-314xx/CVE-2023-31449.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-31449",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T12:15:09.823",
"lastModified": "2023-08-15T17:36:07.090",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-16T12:15:13.380",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a WMI Custom Sensor. When creating this sensor, the user can set the WQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system."
"value": "A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
}
],
"metrics": {

6
CVE-2023/CVE-2023-314xx/CVE-2023-31450.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-31450",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T12:15:09.897",
"lastModified": "2023-08-15T17:35:48.010",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-16T12:15:13.460",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a SQL Sensor. When creating this sensor, the user can set the SQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. They will be transmitted over the internet to the attacker's machine."
"value": "A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the SQL v2 sensors into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
}
],
"metrics": {

6
CVE-2023/CVE-2023-314xx/CVE-2023-31452.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-31452",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T12:15:09.970",
"lastModified": "2023-08-14T17:08:45.520",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-16T12:15:13.540",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. The NetApp Volume Sensor transmits cleartext credentials over the network when the HTTP protocol is selected. This can be triggered remotely via a CSRF by simply sending a controls/addsensor3.htm link to a logged-in victim."
"value": "A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"metrics": {

55
CVE-2023/CVE-2023-324xx/CVE-2023-32494.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32494",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-16T13:15:10.867",
"lastModified": "2023-08-16T13:15:10.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-274"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

61
CVE-2023/CVE-2023-325xx/CVE-2023-32560.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32560",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-08-10T20:15:10.200",
"lastModified": "2023-08-11T03:44:51.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T13:04:36.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +56,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.1",
"matchCriteriaId": "E1BB2A71-2815-4982-825E-3546E2A7FE83"
}
]
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-325xx/CVE-2023-32561.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32561",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-08-10T20:15:10.287",
"lastModified": "2023-08-11T03:44:51.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T13:04:53.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +56,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.1",
"matchCriteriaId": "E1BB2A71-2815-4982-825E-3546E2A7FE83"
}
]
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-327xx/CVE-2023-32781.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-32781",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T12:15:10.047",
"lastModified": "2023-08-15T17:36:12.360",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-16T12:15:13.637",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the HL7 sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution."
"value": "A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"metrics": {

6
CVE-2023/CVE-2023-327xx/CVE-2023-32782.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-32782",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T12:15:10.127",
"lastModified": "2023-08-15T17:37:04.170",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-16T12:15:13.717",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the DICOM sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution."
"value": "A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"metrics": {

47
CVE-2023/CVE-2023-365xx/CVE-2023-36530.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36530",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-10T12:15:11.347",
"lastModified": "2023-08-10T12:43:50.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T13:59:24.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smartypantsplugins:sp_project_\\&_document_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.67",
"matchCriteriaId": "F903DBFE-156F-4E2C-9D68-64C1505CA6D1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manager-plugin-4-67-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-375xx/CVE-2023-37581.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-37581",
"sourceIdentifier": "security@apache.org",
"published": "2023-08-06T08:15:09.013",
"lastModified": "2023-08-16T09:15:11.027",
"lastModified": "2023-08-16T12:15:13.800",
"vulnStatus": "Modified",
"descriptions": [
{
@ -75,6 +75,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/1",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/n9mjhhlm7z7b7to646tkvf3otkf21flp",
"source": "security@apache.org",

4
CVE-2023/CVE-2023-395xx/CVE-2023-39507.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39507",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-16T09:15:11.793",
"lastModified": "2023-08-16T09:15:11.793",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-398xx/CVE-2023-39849.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39849",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T22:15:13.937",
"lastModified": "2023-08-15T22:15:13.937",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-398xx/CVE-2023-39850.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39850",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T22:15:14.357",
"lastModified": "2023-08-15T22:15:14.357",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-398xx/CVE-2023-39851.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39851",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T22:15:14.407",
"lastModified": "2023-08-15T22:15:14.407",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

131
CVE-2023/CVE-2023-399xx/CVE-2023-39962.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39962",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-10T18:15:10.603",
"lastModified": "2023-08-11T03:44:51.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T13:54:56.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +66,119 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "19.0.0",
"versionEndExcluding": "19.0.13.10",
"matchCriteriaId": "D1FB21B8-187A-4F19-AE87-C5A08BA69616"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "20.0.0",
"versionEndExcluding": "20.0.14.15",
"matchCriteriaId": "F5FE3DB7-0047-4B58-879D-43FDDBEAD546"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "21.0.0",
"versionEndExcluding": "21.0.9.13",
"matchCriteriaId": "14CB262E-1288-40F8-ACC3-2F2E507B4362"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "22.0.0",
"versionEndExcluding": "22.2.10.14",
"matchCriteriaId": "916FDFBE-023F-4EC1-947B-8B2F2A0E5E84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.0.12.9",
"matchCriteriaId": "881A0D0D-1888-43D8-A22C-FD38D28EB601"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.0.12.5",
"matchCriteriaId": "B2AF81DA-6377-4051-AF70-141FC50E049F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.9",
"matchCriteriaId": "623D58E0-57A0-42B3-8ED6-DF3B988633AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.9",
"matchCriteriaId": "D60D3184-C289-49E8-9FBE-EDA8B927131A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.4",
"matchCriteriaId": "CA187E45-EB4B-468A-9291-FD66B360B2D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.4",
"matchCriteriaId": "2D0FA653-A595-4EC8-9F77-0AD1A4699B07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:*",
"matchCriteriaId": "13650329-BCD1-4FDB-9446-5133C0EDC905"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "DB1974B0-31C5-4E22-9E8C-BD40C6B54D0C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xwxx-2752-w3xm",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/39323",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://hackerone.com/reports/2047168",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

136
CVE-2023/CVE-2023-399xx/CVE-2023-39963.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39963",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-10T18:15:10.813",
"lastModified": "2023-08-11T03:44:51.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T13:39:48.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +76,112 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "20.0.0",
"versionEndExcluding": "20.0.14.15",
"matchCriteriaId": "F5FE3DB7-0047-4B58-879D-43FDDBEAD546"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "21.0.0",
"versionEndExcluding": "21.0.9.13",
"matchCriteriaId": "14CB262E-1288-40F8-ACC3-2F2E507B4362"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "22.0.0",
"versionEndExcluding": "22.2.10.14",
"matchCriteriaId": "916FDFBE-023F-4EC1-947B-8B2F2A0E5E84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.0.12.9",
"matchCriteriaId": "881A0D0D-1888-43D8-A22C-FD38D28EB601"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.0.12.5",
"matchCriteriaId": "B2AF81DA-6377-4051-AF70-141FC50E049F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.9",
"matchCriteriaId": "623D58E0-57A0-42B3-8ED6-DF3B988633AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.9",
"matchCriteriaId": "D60D3184-C289-49E8-9FBE-EDA8B927131A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.4",
"matchCriteriaId": "CA187E45-EB4B-468A-9291-FD66B360B2D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.4",
"matchCriteriaId": "2D0FA653-A595-4EC8-9F77-0AD1A4699B07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:*",
"matchCriteriaId": "13650329-BCD1-4FDB-9446-5133C0EDC905"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "DB1974B0-31C5-4E22-9E8C-BD40C6B54D0C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j4qm-5q5x-54m5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/39416",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://hackerone.com/reports/2067572",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-39xx/CVE-2023-3958.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3958",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-16T05:15:10.220",
"lastModified": "2023-08-16T05:15:10.220",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-402xx/CVE-2023-40224.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-40224",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-10T20:15:11.010",
"lastModified": "2023-08-11T03:44:51.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T13:40:53.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MISP 2.4174 allows XSS in app/View/Events/index.ctp."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:misp:misp:2.4.174:*:*:*:*:*:*:*",
"matchCriteriaId": "41B6B5F0-5F19-48A8-BD25-08E4D3FD7665"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MISP/MISP/commit/0274f8b6332e82317c9529b583d03897adf5883e",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

4
CVE-2023/CVE-2023-42xx/CVE-2023-4241.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4241",
"sourceIdentifier": "cna@cloudflare.com",
"published": "2023-08-16T11:15:11.377",
"lastModified": "2023-08-16T11:15:11.377",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-43xx/CVE-2023-4374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4374",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-16T05:15:10.357",
"lastModified": "2023-08-16T05:15:10.357",
"vulnStatus": "Received",
"lastModified": "2023-08-16T12:02:41.873",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-43xx/CVE-2023-4381.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4381",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-16T12:15:13.973",
"lastModified": "2023-08-16T12:16:08.247",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-620"
}
]
}
],
"references": [
{
"url": "https://github.com/instantsoft/icms2/commit/58f8b9941b53b606a1b15a4364005cd2b1965507",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/666c2617-e3e9-4955-9c97-2f8ed5262cc3",
"source": "security@huntr.dev"
}
]
}

60
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-16T12:00:29.517485+00:00
2023-08-16T14:00:31.746165+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-16T11:15:11.377000+00:00
2023-08-16T13:59:24.893000+00:00
```
### Last Data Feed Release
@ -29,27 +29,61 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
222779
222796
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `17`
* [CVE-2023-30473](CVE-2023/CVE-2023-304xx/CVE-2023-30473.json) (`2023-08-16T10:15:18.813`)
* [CVE-2023-30782](CVE-2023/CVE-2023-307xx/CVE-2023-30782.json) (`2023-08-16T10:15:20.897`)
* [CVE-2023-30784](CVE-2023/CVE-2023-307xx/CVE-2023-30784.json) (`2023-08-16T10:15:21.073`)
* [CVE-2023-30785](CVE-2023/CVE-2023-307xx/CVE-2023-30785.json) (`2023-08-16T10:15:21.230`)
* [CVE-2023-30786](CVE-2023/CVE-2023-307xx/CVE-2023-30786.json) (`2023-08-16T10:15:21.380`)
* [CVE-2023-30779](CVE-2023/CVE-2023-307xx/CVE-2023-30779.json) (`2023-08-16T11:15:10.617`)
* [CVE-2023-30871](CVE-2023/CVE-2023-308xx/CVE-2023-30871.json) (`2023-08-16T11:15:11.100`)
* [CVE-2023-4241](CVE-2023/CVE-2023-42xx/CVE-2023-4241.json) (`2023-08-16T11:15:11.377`)
* [CVE-2020-26037](CVE-2020/CVE-2020-260xx/CVE-2020-26037.json) (`2023-08-16T13:15:10.413`)
* [CVE-2022-4782](CVE-2022/CVE-2022-47xx/CVE-2022-4782.json) (`2023-08-16T12:15:11.540`)
* [CVE-2023-0058](CVE-2023/CVE-2023-00xx/CVE-2023-0058.json) (`2023-08-16T12:15:11.977`)
* [CVE-2023-0274](CVE-2023/CVE-2023-02xx/CVE-2023-0274.json) (`2023-08-16T12:15:12.067`)
* [CVE-2023-0551](CVE-2023/CVE-2023-05xx/CVE-2023-0551.json) (`2023-08-16T12:15:12.150`)
* [CVE-2023-0579](CVE-2023/CVE-2023-05xx/CVE-2023-0579.json) (`2023-08-16T12:15:12.233`)
* [CVE-2023-1110](CVE-2023/CVE-2023-11xx/CVE-2023-1110.json) (`2023-08-16T12:15:12.337`)
* [CVE-2023-1465](CVE-2023/CVE-2023-14xx/CVE-2023-1465.json) (`2023-08-16T12:15:12.420`)
* [CVE-2023-1977](CVE-2023/CVE-2023-19xx/CVE-2023-1977.json) (`2023-08-16T12:15:12.510`)
* [CVE-2023-2122](CVE-2023/CVE-2023-21xx/CVE-2023-2122.json) (`2023-08-16T12:15:12.607`)
* [CVE-2023-2123](CVE-2023/CVE-2023-21xx/CVE-2023-2123.json) (`2023-08-16T12:15:12.700`)
* [CVE-2023-2225](CVE-2023/CVE-2023-22xx/CVE-2023-2225.json) (`2023-08-16T12:15:12.797`)
* [CVE-2023-2254](CVE-2023/CVE-2023-22xx/CVE-2023-2254.json) (`2023-08-16T12:15:12.887`)
* [CVE-2023-2271](CVE-2023/CVE-2023-22xx/CVE-2023-2271.json) (`2023-08-16T12:15:12.967`)
* [CVE-2023-2272](CVE-2023/CVE-2023-22xx/CVE-2023-2272.json) (`2023-08-16T12:15:13.053`)
* [CVE-2023-4381](CVE-2023/CVE-2023-43xx/CVE-2023-4381.json) (`2023-08-16T12:15:13.973`)
* [CVE-2023-32494](CVE-2023/CVE-2023-324xx/CVE-2023-32494.json) (`2023-08-16T13:15:10.867`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `30`
* [CVE-2023-26140](CVE-2023/CVE-2023-261xx/CVE-2023-26140.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-3958](CVE-2023/CVE-2023-39xx/CVE-2023-3958.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-4374](CVE-2023/CVE-2023-43xx/CVE-2023-4374.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-39507](CVE-2023/CVE-2023-395xx/CVE-2023-39507.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30473](CVE-2023/CVE-2023-304xx/CVE-2023-30473.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30782](CVE-2023/CVE-2023-307xx/CVE-2023-30782.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30784](CVE-2023/CVE-2023-307xx/CVE-2023-30784.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30785](CVE-2023/CVE-2023-307xx/CVE-2023-30785.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30786](CVE-2023/CVE-2023-307xx/CVE-2023-30786.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30779](CVE-2023/CVE-2023-307xx/CVE-2023-30779.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30871](CVE-2023/CVE-2023-308xx/CVE-2023-30871.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-4241](CVE-2023/CVE-2023-42xx/CVE-2023-4241.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-31448](CVE-2023/CVE-2023-314xx/CVE-2023-31448.json) (`2023-08-16T12:15:13.193`)
* [CVE-2023-31449](CVE-2023/CVE-2023-314xx/CVE-2023-31449.json) (`2023-08-16T12:15:13.380`)
* [CVE-2023-31450](CVE-2023/CVE-2023-314xx/CVE-2023-31450.json) (`2023-08-16T12:15:13.460`)
* [CVE-2023-31452](CVE-2023/CVE-2023-314xx/CVE-2023-31452.json) (`2023-08-16T12:15:13.540`)
* [CVE-2023-32781](CVE-2023/CVE-2023-327xx/CVE-2023-32781.json) (`2023-08-16T12:15:13.637`)
* [CVE-2023-32782](CVE-2023/CVE-2023-327xx/CVE-2023-32782.json) (`2023-08-16T12:15:13.717`)
* [CVE-2023-37581](CVE-2023/CVE-2023-375xx/CVE-2023-37581.json) (`2023-08-16T12:15:13.800`)
* [CVE-2023-32560](CVE-2023/CVE-2023-325xx/CVE-2023-32560.json) (`2023-08-16T13:04:36.617`)
* [CVE-2023-32561](CVE-2023/CVE-2023-325xx/CVE-2023-32561.json) (`2023-08-16T13:04:53.757`)
* [CVE-2023-39963](CVE-2023/CVE-2023-399xx/CVE-2023-39963.json) (`2023-08-16T13:39:48.010`)
* [CVE-2023-40224](CVE-2023/CVE-2023-402xx/CVE-2023-40224.json) (`2023-08-16T13:40:53.350`)
* [CVE-2023-39962](CVE-2023/CVE-2023-399xx/CVE-2023-39962.json) (`2023-08-16T13:54:56.917`)
* [CVE-2023-36530](CVE-2023/CVE-2023-365xx/CVE-2023-36530.json) (`2023-08-16T13:59:24.893`)
## Download and Usage