admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-23T22:00:28.895218+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-23 22:00:32 +00:00
parent 38ae763943
commit f66ea586e1
41 changed files with 1952 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2022/CVE-2022-239xx/CVE-2022-23994.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-23994",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-02-11T18:15:11.890",
"lastModified": "2022-02-22T14:15:21.270",
"lastModified": "2023-06-23T20:25:30.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-240xx/CVE-2022-24002.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24002",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-02-11T18:15:12.307",
"lastModified": "2022-02-18T20:54:51.203",
"lastModified": "2023-06-23T20:29:06.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

14
CVE-2022/CVE-2022-240xx/CVE-2022-24063.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24063",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2022-02-18T20:15:18.487",
"lastModified": "2022-02-28T17:43:00.817",
"lastModified": "2023-06-23T20:24:12.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -87,8 +87,18 @@
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2022/CVE-2022-249xx/CVE-2022-24915.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24915",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-03-10T17:46:38.743",
"lastModified": "2022-03-17T18:18:09.263",
"lastModified": "2023-06-23T20:25:06.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-94"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-249xx/CVE-2022-24923.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24923",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-02-11T18:15:12.483",
"lastModified": "2022-02-22T20:05:20.493",
"lastModified": "2023-06-23T20:29:11.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-249xx/CVE-2022-24924.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24924",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-02-11T18:15:12.543",
"lastModified": "2022-02-22T20:27:33.930",
"lastModified": "2023-06-23T20:29:15.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

77
CVE-2022/CVE-2022-285xx/CVE-2022-28550.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2022-28550",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T20:15:08.907",
"lastModified": "2023-06-13T21:27:45.680",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T20:10:56.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c64290b2fc167",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://github.com/Matthias-Wandel/jhead/issues/51",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jhead_project:jhead:3.06:*:*:*:*:*:*:*",
"matchCriteriaId": "D05C20ED-B09A-43EE-8D82-0524C33E0E60"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c64290b2fc167",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Matthias-Wandel/jhead/issues/51",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-259xx/CVE-2023-25974.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25974",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-16T12:15:09.190",
"lastModified": "2023-06-16T12:47:13.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T21:27:01.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/wp2syslog/wordpress-wp2syslog-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp2syslog_project:wp2syslog:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.5",
"matchCriteriaId": "9A18FEED-9C33-4334-8683-823AEACD2D96"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp2syslog/wordpress-wp2syslog-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-274xx/CVE-2023-27420.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27420",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-16T11:15:08.923",
"lastModified": "2023-06-16T12:47:13.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T21:27:11.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/arya-multipurpose/wordpress-arya-multipurpose-theme-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:everestthemes:arya_multipurpose:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.5",
"matchCriteriaId": "D3901EE4-0052-4706-932D-4A237BD4E2D2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/arya-multipurpose/wordpress-arya-multipurpose-theme-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-279xx/CVE-2023-27908.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-27908",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-06-23T20:15:08.997",
"lastModified": "2023-06-23T20:15:08.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0010",
"source": "psirt@autodesk.com"
}
]
}

80
CVE-2023/CVE-2023-295xx/CVE-2023-29562.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-29562",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T20:15:09.027",
"lastModified": "2023-06-13T21:27:45.680",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T20:04:20.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/lzd521/IOT/tree/main/TP-Link%20WPA7510",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wpa7510_firmware:190125:*:*:*:*:*:*:*",
"matchCriteriaId": "3008E9A7-1E0F-4B67-8F71-FE926C216620"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wpa7510:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "866F9BBC-7CF2-4B9E-98B6-F4DFD9E1ACE4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/lzd521/IOT/tree/main/TP-Link%20WPA7510",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

102
CVE-2023/CVE-2023-323xx/CVE-2023-32369.json
View File

@ -2,27 +2,107 @@
"id": "CVE-2023-32369",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-06-23T18:15:11.870",
"lastModified": "2023-06-23T19:24:43.457",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-06-23T20:21:15.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://support.apple.com/en-us/HT213758",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
{
"url": "https://support.apple.com/en-us/HT213759",
"source": "product-security@apple.com"
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"url": "https://support.apple.com/en-us/HT213760",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "11.7.7",
"matchCriteriaId": "B59D22F2-6EBD-4943-A009-F740265938AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.6.6",
"matchCriteriaId": "250A8AAA-1213-4237-921D-71B0B0B0ED3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.4",
"matchCriteriaId": "DA07361B-D827-471F-9443-4BE4265D6A3B"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213758",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213759",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213760",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-32xx/CVE-2023-3212.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-3212",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-23T20:15:09.563",
"lastModified": "2023-06-23T20:15:09.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214348",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636",
"source": "secalert@redhat.com"
}
]
}

63
CVE-2023/CVE-2023-32xx/CVE-2023-3294.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3294",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-16T12:15:09.393",
"lastModified": "2023-06-16T12:47:13.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T21:26:49.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/saleor/react-storefront/commit/c29aab226f07ca980cc19787dcef101e11b83ef7",
"source": "security@huntr.dev"
},
"nodes": [
{
"url": "https://huntr.dev/bounties/9d308ebb-4289-411f-ac22-990383d98932",
"source": "security@huntr.dev"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:saleor:react-storefront:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-06-16",
"matchCriteriaId": "27BF056E-56C0-494A-8932-1AC1BF4FDA23"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/saleor/react-storefront/commit/c29aab226f07ca980cc19787dcef101e11b83ef7",
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/9d308ebb-4289-411f-ac22-990383d98932",
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

92
CVE-2023/CVE-2023-333xx/CVE-2023-33306.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33306",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-16T10:15:09.467",
"lastModified": "2023-06-16T12:47:13.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T21:27:39.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +54,72 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-015",
"source": "psirt@fortinet.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.10",
"matchCriteriaId": "5E6D4C77-6D88-4DD2-8A5C-610DE901EBBB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.4",
"matchCriteriaId": "9A0AB0B8-819F-46EE-A921-119B76A138B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "6.4.13",
"matchCriteriaId": "B153B056-24AE-41C4-B644-65E080C18360"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.11",
"matchCriteriaId": "8870AB06-C50F-452A-952C-30DE7860264E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.5",
"matchCriteriaId": "4562BDF7-D894-4CD8-95AC-9409FDEBE73F"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-015",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

92
CVE-2023/CVE-2023-333xx/CVE-2023-33307.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33307",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-16T10:15:09.523",
"lastModified": "2023-06-16T12:47:13.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T21:27:26.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +54,72 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-015",
"source": "psirt@fortinet.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.9",
"matchCriteriaId": "DAC18F7E-5242-4F36-BB42-FEC33B3AC075"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.3",
"matchCriteriaId": "3A99FF48-370E-4D2A-B5CC-889EA21AB213"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.11",
"matchCriteriaId": "8870AB06-C50F-452A-952C-30DE7860264E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.5",
"matchCriteriaId": "4562BDF7-D894-4CD8-95AC-9409FDEBE73F"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/258201",
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://fortiguard.com/psirt/FG-IR-23-015",
"source": "psirt@fortinet.com",
"tags": [
"Not Applicable"
]
}
]
}

74
CVE-2023/CVE-2023-334xx/CVE-2023-33438.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-33438",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T21:15:09.247",
"lastModified": "2023-06-17T02:32:29.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T21:19:32.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "http://wolters.com",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"url": "https://github.com/justas-dee/CVEs/blob/main/CVE-2023-33438/README.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wolterskluwer:teammate\\+:35.0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3431B790-83FD-4B6F-8CB1-B8BCCC31174E"
}
]
}
]
}
],
"references": [
{
"url": "http://wolters.com",
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/justas-dee/CVEs/blob/main/CVE-2023-33438/README.md",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

28
CVE-2023/CVE-2023-341xx/CVE-2023-34188.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-34188",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T20:15:09.053",
"lastModified": "2023-06-23T20:15:09.053",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/cesanta/mongoose/compare/7.9...7.10",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/cesanta/mongoose/pull/2197",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-342xx/CVE-2023-34203.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-34203",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T20:15:09.103",
"lastModified": "2023-06-23T20:15:09.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7."
}
],
"metrics": {},
"references": [
{
"url": "https://www.progress.com/openedge",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-342xx/CVE-2023-34254.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-34254",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T21:15:09.320",
"lastModified": "2023-06-23T21:15:09.320",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi-agent/blob/dd313ee0914becf74c0e48cb512765210043b478/Changes#L98",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-39vc-hxgm-j465",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-344xx/CVE-2023-34460.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-34460",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T20:15:09.147",
"lastModified": "2023-06-23T20:15:09.147",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://github.com/tauri-apps/tauri/commit/066c09a6ea06f42f550d090715e06beb65cd5564",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tauri-apps/tauri/pull/6969#discussion_r1232018347",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tauri-apps/tauri/pull/7227",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-wmff-grcw-jcfm",
"source": "security-advisories@github.com"
}
]
}

73
CVE-2023/CVE-2023-346xx/CVE-2023-34659.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-34659",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T18:15:09.437",
"lastModified": "2023-06-16T18:24:22.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T21:25:28.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/jeecgboot/jeecg-boot/issues/4976",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jeecg:jeecg_boot:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDFF952-7B1F-44EB-98BA-265CB22D6FB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jeecg:jeecg_boot:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52891D2B-E0C4-4263-9804-45F1551B5142"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jeecgboot/jeecg-boot/issues/4976",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-346xx/CVE-2023-34660.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-34660",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T18:15:09.483",
"lastModified": "2023-06-16T18:24:22.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T21:24:20.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/jeecgboot/jeecg-boot/issues/4990",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jeecg:jeecg_boot:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDFF952-7B1F-44EB-98BA-265CB22D6FB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jeecg:jeecg_boot:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52891D2B-E0C4-4263-9804-45F1551B5142"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jeecgboot/jeecg-boot/issues/4990",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

100
CVE-2023/CVE-2023-348xx/CVE-2023-34832.json
View File

@ -2,31 +2,103 @@
"id": "CVE-2023-34832",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T18:15:09.523",
"lastModified": "2023-06-16T19:15:14.657",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T21:19:44.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "http://archer.com",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
{
"url": "http://packetstormsecurity.com/files/172989/TP-Link-Archer-AX10-EU-_V1.2_230220-Buffer-Overflow.html",
"source": "cve@mitre.org"
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "http://tp-link.com",
"source": "cve@mitre.org"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://gist.github.com/jhacker91/2026e080a42514255e758d64b465d1d5",
"source": "cve@mitre.org"
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:archer_ax10_firmware:230220:*:*:*:*:*:*:*",
"matchCriteriaId": "6E17A5B6-49DB-439E-8688-975E70553FCD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:archer_ax10:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B35C7-62F8-4B0F-B038-DE128C058279"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172989/TP-Link-Archer-AX10-EU-_V1.2_230220-Buffer-Overflow.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://tp-link.com",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/jhacker91/2026e080a42514255e758d64b465d1d5",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-351xx/CVE-2023-35154.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35154",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T21:15:09.400",
"lastModified": "2023-06-23T21:15:09.400",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-48hp-jvv8-cf62",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-351xx/CVE-2023-35163.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-35163",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T21:15:09.473",
"lastModified": "2023-06-23T21:15:09.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega\u2019s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party\u2019s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party\u2019s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network.\n\nA patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.2,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/vegaprotocol/vega/commit/56b09bf57af8cd9eca5996252d86f469a3e34c68",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vegaprotocol/vega/releases/tag/v0.71.6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vegaprotocol/vega/security/advisories/GHSA-8rc9-vxjh-qjf2",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-351xx/CVE-2023-35165.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-35165",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T21:15:09.553",
"lastModified": "2023-06-23T21:15:09.553",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and `@aws-cdk/aws-eks` 1.57.0 until 1.202.0, `eks.Cluster` and `eks.FargateCluster` constructs create two roles, `CreationRole` and `default MastersRole`, that have an overly permissive trust policy. \n \nThe first, referred to as the `CreationRole`, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g `KubernetesManifest`, `HelmChart`, ...) onto it. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected.\n \nThe second, referred to as the `default MastersRole`, is provisioned only if the `mastersRole` property isn't provided and has permissions to execute `kubectl` commands on the cluster. Users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected.\n\nThe issue has been fixed in `@aws-cdk/aws-eks` v1.202.0 and `aws-cdk-lib` v2.80.0. These versions no longer use the account root principal. Instead, they restrict the trust policy to the specific roles of lambda handlers that need it. There is no workaround available for CreationRole. To avoid creating the `default MastersRole`, use the `mastersRole` property to explicitly provide a role."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/aws/aws-cdk/issues/25674",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aws/aws-cdk/security/advisories/GHSA-rx28-r23p-2qc3",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-351xx/CVE-2023-35167.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-35167",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T20:15:09.227",
"lastModified": "2023-06-23T20:15:09.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/remult/remult/commit/6892ae97134126d8710ef7302bb2fc37730994c5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/remult/remult/releases/tag/v0.20.6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/remult/remult/security/advisories/GHSA-7hh3-3x64-v2g9",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2023/CVE-2023-351xx/CVE-2023-35169.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-35169",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T21:15:09.627",
"lastModified": "2023-06-23T21:15:09.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code execution vulnerability. Every application that stores attachments with `Attachment::save()` without providing a `$filename` or passing unsanitized user input is affected by this attack.\n\nAn attacker can send an email with a malicious attachment to the inbox, which gets crawled with `webklex/php-imap` or `webklex/laravel-imap`. Prerequisite for the vulnerability is that the script stores the attachments without providing a `$filename`, or providing an unsanitized `$filename`, in `src/Attachment::save(string $path, string $filename = null)`. In this case, where no `$filename` gets passed into the `Attachment::save()` method, the package would use a series of unsanitized and insecure input values from the mail as fallback. Even if a developer passes a `$filename` into the `Attachment::save()` method, e.g. by passing the name or filename of the mail attachment itself (from email headers), the input values never get sanitized by the package. There is also no restriction about the file extension (e.g. \".php\") or the contents of a file. This allows an attacker to upload malicious code of any type and content at any location where the underlying user has write permissions. The attacker can also overwrite existing files and inject malicious code into files that, e.g. get executed by the system via cron or requests.\n\nVersion 5.3.0 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/Webklex/php-imap/blob/5.2.0/src/Attachment.php#L251-L255",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Webklex/php-imap/blob/5.2.0/src/Attachment.php#L252",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Webklex/php-imap/pull/414",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Webklex/php-imap/releases/tag/5.3.0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Webklex/php-imap/security/advisories/GHSA-47p7-xfcc-4pv9",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-351xx/CVE-2023-35171.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-35171",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T21:15:09.703",
"lastModified": "2023-06-23T21:15:09.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h353-vvwv-j2r4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/server/pull/38194",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/1977222",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-351xx/CVE-2023-35172.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-35172",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T21:15:09.777",
"lastModified": "2023-06-23T21:15:09.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mjf5-p765-qmr6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/server/pull/38267",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/1987062",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-351xx/CVE-2023-35173.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-35173",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T21:15:09.853",
"lastModified": "2023-06-23T21:15:09.853",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/end_to_end_encryption/pull/435",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x7c7-v5r3-mg37",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/1914115",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2023/CVE-2023-357xx/CVE-2023-35759.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35759",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T20:15:09.307",
"lastModified": "2023-06-23T20:15:09.307",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS."
}
],
"metrics": {},
"references": [
{
"url": "https://community.progress.com/s/article/Product-Alert-Bulletin-June-2023",
"source": "cve@mitre.org"
}
]
}

96
CVE-2023/CVE-2023-357xx/CVE-2023-35788.json
View File

@ -2,31 +2,99 @@
"id": "CVE-2023-35788",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T21:15:09.340",
"lastModified": "2023-06-17T09:15:34.950",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T21:19:19.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/17/1",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7",
"source": "cve@mitre.org"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c",
"source": "cve@mitre.org"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://www.openwall.com/lists/oss-security/2023/06/07/1",
"source": "cve@mitre.org"
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.7",
"matchCriteriaId": "458D0E92-34CE-4D5D-8C84-6A674079459F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/17/1",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List"
]
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/06/07/1",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List"
]
}
]
}

63
CVE-2023/CVE-2023-359xx/CVE-2023-35927.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-35927",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T21:15:09.927",
"lastModified": "2023-06-23T21:15:09.927",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, when two server are registered as trusted servers for each other and successfully exchanged the share secrets, the malicious server could modify or delete VCards in the system addressbook on the origin server. This would impact the available and shown information in certain places, such as the user search and avatar menu. If a manipulated user modifies their own data in the personal settings the entry is fixed again.\n\nNextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. A workaround is available. Remove all trusted servers in the \"Administration\" > \"Sharing\" settings `\u2026/index.php/settings/admin/sharing`. Afterwards, trigger a recreation of the local system addressbook with the following `occ dav:sync-system-addressbook`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h7f7-535f-7q87",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/server/pull/38247",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/1976754",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-359xx/CVE-2023-35928.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-35928",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T21:15:10.007",
"lastModified": "2023-06-23T21:15:10.007",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, a user could use this functionality to get access to the login credentials of another user and take over their account. This issue has been patched in Nextcloud Server versions 25.0.7 and 26.0.2 and NextCloud Enterprise Server versions 19.0.13.9, 20.0.14.14, 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2.\n\nThree workarounds are available. Disable app files_external. Change config setting \"Allow users to mount external storage\" to disabled in \"Administration\" > \"External storage\" settings `\u2026/index.php/settings/admin/externalstorages`. Change config setting to disallow users to create external storages in \"Administration\" > \"External storage\" settings `\u2026/index.php/settings/admin/externalstorages` with the types FTP, Nextcloud, SFTP, and/or WebDAV."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-274"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-637g-xp2c-qh5h",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/server/pull/38265",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/1978882",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-359xx/CVE-2023-35931.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-35931",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T20:15:09.357",
"lastModified": "2023-06-23T20:15:09.357",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-526"
}
]
}
],
"references": [
{
"url": "https://github.com/ericcornelissen/shescape/commit/d0fce70f987ac0d8331f93cb45d47e79436173ac",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ericcornelissen/shescape/pull/982",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-3g7p-8qhx-mc8r",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2023/CVE-2023-363xx/CVE-2023-36345.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36345",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T20:15:09.427",
"lastModified": "2023-06-23T20:15:09.427",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://youtu.be/KxjsEqNWU9E",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-363xx/CVE-2023-36346.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36346",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T20:15:09.473",
"lastModified": "2023-06-23T20:15:09.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php."
}
],
"metrics": {},
"references": [
{
"url": "https://www.youtube.com/watch?v=bbbA-q1syrA",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-363xx/CVE-2023-36348.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36348",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T20:15:09.517",
"lastModified": "2023-06-23T20:15:09.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://www.youtube.com/watch?v=Ge0zqY0sGiQ",
"source": "cve@mitre.org"
}
]
}

100
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-23T20:00:27.060629+00:00
2023-06-23T22:00:28.895218+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-23T19:49:50.537000+00:00
2023-06-23T21:27:39.787000+00:00
```
### Last Data Feed Release
@ -29,69 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
218481
218502
```
### CVEs added in the last Commit
Recently added CVEs: `90`
Recently added CVEs: `21`
* [CVE-2023-32397](CVE-2023/CVE-2023-323xx/CVE-2023-32397.json) (`2023-06-23T18:15:12.743`)
* [CVE-2023-32398](CVE-2023/CVE-2023-323xx/CVE-2023-32398.json) (`2023-06-23T18:15:12.783`)
* [CVE-2023-25518](CVE-2023/CVE-2023-255xx/CVE-2023-25518.json) (`2023-06-23T18:15:10.970`)
* [CVE-2023-25520](CVE-2023/CVE-2023-255xx/CVE-2023-25520.json) (`2023-06-23T18:15:11.033`)
* [CVE-2023-27930](CVE-2023/CVE-2023-279xx/CVE-2023-27930.json) (`2023-06-23T18:15:11.097`)
* [CVE-2023-27940](CVE-2023/CVE-2023-279xx/CVE-2023-27940.json) (`2023-06-23T18:15:11.147`)
* [CVE-2023-27964](CVE-2023/CVE-2023-279xx/CVE-2023-27964.json) (`2023-06-23T18:15:11.197`)
* [CVE-2023-28191](CVE-2023/CVE-2023-281xx/CVE-2023-28191.json) (`2023-06-23T18:15:11.240`)
* [CVE-2023-28202](CVE-2023/CVE-2023-282xx/CVE-2023-28202.json) (`2023-06-23T18:15:11.290`)
* [CVE-2023-28204](CVE-2023/CVE-2023-282xx/CVE-2023-28204.json) (`2023-06-23T18:15:11.333`)
* [CVE-2023-32351](CVE-2023/CVE-2023-323xx/CVE-2023-32351.json) (`2023-06-23T18:15:11.383`)
* [CVE-2023-32352](CVE-2023/CVE-2023-323xx/CVE-2023-32352.json) (`2023-06-23T18:15:11.427`)
* [CVE-2023-32353](CVE-2023/CVE-2023-323xx/CVE-2023-32353.json) (`2023-06-23T18:15:11.470`)
* [CVE-2023-32354](CVE-2023/CVE-2023-323xx/CVE-2023-32354.json) (`2023-06-23T18:15:11.513`)
* [CVE-2023-32355](CVE-2023/CVE-2023-323xx/CVE-2023-32355.json) (`2023-06-23T18:15:11.553`)
* [CVE-2023-32357](CVE-2023/CVE-2023-323xx/CVE-2023-32357.json) (`2023-06-23T18:15:11.600`)
* [CVE-2023-32360](CVE-2023/CVE-2023-323xx/CVE-2023-32360.json) (`2023-06-23T18:15:11.647`)
* [CVE-2023-32363](CVE-2023/CVE-2023-323xx/CVE-2023-32363.json) (`2023-06-23T18:15:11.693`)
* [CVE-2023-32365](CVE-2023/CVE-2023-323xx/CVE-2023-32365.json) (`2023-06-23T18:15:11.733`)
* [CVE-2023-32367](CVE-2023/CVE-2023-323xx/CVE-2023-32367.json) (`2023-06-23T18:15:11.777`)
* [CVE-2023-32368](CVE-2023/CVE-2023-323xx/CVE-2023-32368.json) (`2023-06-23T18:15:11.823`)
* [CVE-2023-32369](CVE-2023/CVE-2023-323xx/CVE-2023-32369.json) (`2023-06-23T18:15:11.870`)
* [CVE-2023-23516](CVE-2023/CVE-2023-235xx/CVE-2023-23516.json) (`2023-06-23T18:15:10.797`)
* [CVE-2023-23539](CVE-2023/CVE-2023-235xx/CVE-2023-23539.json) (`2023-06-23T18:15:10.843`)
* [CVE-2023-25515](CVE-2023/CVE-2023-255xx/CVE-2023-25515.json) (`2023-06-23T18:15:10.887`)
* [CVE-2023-27908](CVE-2023/CVE-2023-279xx/CVE-2023-27908.json) (`2023-06-23T20:15:08.997`)
* [CVE-2023-34188](CVE-2023/CVE-2023-341xx/CVE-2023-34188.json) (`2023-06-23T20:15:09.053`)
* [CVE-2023-34203](CVE-2023/CVE-2023-342xx/CVE-2023-34203.json) (`2023-06-23T20:15:09.103`)
* [CVE-2023-34460](CVE-2023/CVE-2023-344xx/CVE-2023-34460.json) (`2023-06-23T20:15:09.147`)
* [CVE-2023-35167](CVE-2023/CVE-2023-351xx/CVE-2023-35167.json) (`2023-06-23T20:15:09.227`)
* [CVE-2023-35759](CVE-2023/CVE-2023-357xx/CVE-2023-35759.json) (`2023-06-23T20:15:09.307`)
* [CVE-2023-35931](CVE-2023/CVE-2023-359xx/CVE-2023-35931.json) (`2023-06-23T20:15:09.357`)
* [CVE-2023-36345](CVE-2023/CVE-2023-363xx/CVE-2023-36345.json) (`2023-06-23T20:15:09.427`)
* [CVE-2023-36346](CVE-2023/CVE-2023-363xx/CVE-2023-36346.json) (`2023-06-23T20:15:09.473`)
* [CVE-2023-36348](CVE-2023/CVE-2023-363xx/CVE-2023-36348.json) (`2023-06-23T20:15:09.517`)
* [CVE-2023-3212](CVE-2023/CVE-2023-32xx/CVE-2023-3212.json) (`2023-06-23T20:15:09.563`)
* [CVE-2023-34254](CVE-2023/CVE-2023-342xx/CVE-2023-34254.json) (`2023-06-23T21:15:09.320`)
* [CVE-2023-35154](CVE-2023/CVE-2023-351xx/CVE-2023-35154.json) (`2023-06-23T21:15:09.400`)
* [CVE-2023-35163](CVE-2023/CVE-2023-351xx/CVE-2023-35163.json) (`2023-06-23T21:15:09.473`)
* [CVE-2023-35165](CVE-2023/CVE-2023-351xx/CVE-2023-35165.json) (`2023-06-23T21:15:09.553`)
* [CVE-2023-35169](CVE-2023/CVE-2023-351xx/CVE-2023-35169.json) (`2023-06-23T21:15:09.627`)
* [CVE-2023-35171](CVE-2023/CVE-2023-351xx/CVE-2023-35171.json) (`2023-06-23T21:15:09.703`)
* [CVE-2023-35172](CVE-2023/CVE-2023-351xx/CVE-2023-35172.json) (`2023-06-23T21:15:09.777`)
* [CVE-2023-35173](CVE-2023/CVE-2023-351xx/CVE-2023-35173.json) (`2023-06-23T21:15:09.853`)
* [CVE-2023-35927](CVE-2023/CVE-2023-359xx/CVE-2023-35927.json) (`2023-06-23T21:15:09.927`)
* [CVE-2023-35928](CVE-2023/CVE-2023-359xx/CVE-2023-35928.json) (`2023-06-23T21:15:10.007`)
### CVEs modified in the last Commit
Recently modified CVEs: `58`
Recently modified CVEs: `19`
* [CVE-2023-34241](CVE-2023/CVE-2023-342xx/CVE-2023-34241.json) (`2023-06-23T18:15:13.860`)
* [CVE-2023-34101](CVE-2023/CVE-2023-341xx/CVE-2023-34101.json) (`2023-06-23T18:18:09.143`)
* [CVE-2023-34115](CVE-2023/CVE-2023-341xx/CVE-2023-34115.json) (`2023-06-23T18:18:54.580`)
* [CVE-2023-34868](CVE-2023/CVE-2023-348xx/CVE-2023-34868.json) (`2023-06-23T18:34:10.497`)
* [CVE-2023-34867](CVE-2023/CVE-2023-348xx/CVE-2023-34867.json) (`2023-06-23T18:46:59.963`)
* [CVE-2023-31975](CVE-2023/CVE-2023-319xx/CVE-2023-31975.json) (`2023-06-23T18:49:42.833`)
* [CVE-2023-34845](CVE-2023/CVE-2023-348xx/CVE-2023-34845.json) (`2023-06-23T18:54:20.387`)
* [CVE-2023-34249](CVE-2023/CVE-2023-342xx/CVE-2023-34249.json) (`2023-06-23T18:57:26.500`)
* [CVE-2023-26541](CVE-2023/CVE-2023-265xx/CVE-2023-26541.json) (`2023-06-23T19:00:12.567`)
* [CVE-2023-34247](CVE-2023/CVE-2023-342xx/CVE-2023-34247.json) (`2023-06-23T19:05:57.207`)
* [CVE-2023-31439](CVE-2023/CVE-2023-314xx/CVE-2023-31439.json) (`2023-06-23T19:15:39.693`)
* [CVE-2023-31438](CVE-2023/CVE-2023-314xx/CVE-2023-31438.json) (`2023-06-23T19:16:18.397`)
* [CVE-2023-31437](CVE-2023/CVE-2023-314xx/CVE-2023-31437.json) (`2023-06-23T19:16:38.727`)
* [CVE-2023-33621](CVE-2023/CVE-2023-336xx/CVE-2023-33621.json) (`2023-06-23T19:18:31.097`)
* [CVE-2023-35064](CVE-2023/CVE-2023-350xx/CVE-2023-35064.json) (`2023-06-23T19:21:19.787`)
* [CVE-2023-33568](CVE-2023/CVE-2023-335xx/CVE-2023-33568.json) (`2023-06-23T19:22:43.680`)
* [CVE-2023-24470](CVE-2023/CVE-2023-244xx/CVE-2023-24470.json) (`2023-06-23T19:23:32.700`)
* [CVE-2023-24469](CVE-2023/CVE-2023-244xx/CVE-2023-24469.json) (`2023-06-23T19:28:17.867`)
* [CVE-2023-33986](CVE-2023/CVE-2023-339xx/CVE-2023-33986.json) (`2023-06-23T19:33:00.763`)
* [CVE-2023-26515](CVE-2023/CVE-2023-265xx/CVE-2023-26515.json) (`2023-06-23T19:33:57.187`)
* [CVE-2023-29501](CVE-2023/CVE-2023-295xx/CVE-2023-29501.json) (`2023-06-23T19:34:28.727`)
* [CVE-2023-32546](CVE-2023/CVE-2023-325xx/CVE-2023-32546.json) (`2023-06-23T19:35:41.590`)
* [CVE-2023-35141](CVE-2023/CVE-2023-351xx/CVE-2023-35141.json) (`2023-06-23T19:36:43.300`)
* [CVE-2023-2784](CVE-2023/CVE-2023-27xx/CVE-2023-2784.json) (`2023-06-23T19:38:31.707`)
* [CVE-2023-2807](CVE-2023/CVE-2023-28xx/CVE-2023-2807.json) (`2023-06-23T19:49:50.537`)
* [CVE-2022-28550](CVE-2022/CVE-2022-285xx/CVE-2022-28550.json) (`2023-06-23T20:10:56.137`)
* [CVE-2022-24063](CVE-2022/CVE-2022-240xx/CVE-2022-24063.json) (`2023-06-23T20:24:12.420`)
* [CVE-2022-24915](CVE-2022/CVE-2022-249xx/CVE-2022-24915.json) (`2023-06-23T20:25:06.257`)
* [CVE-2022-23994](CVE-2022/CVE-2022-239xx/CVE-2022-23994.json) (`2023-06-23T20:25:30.300`)
* [CVE-2022-24002](CVE-2022/CVE-2022-240xx/CVE-2022-24002.json) (`2023-06-23T20:29:06.967`)
* [CVE-2022-24923](CVE-2022/CVE-2022-249xx/CVE-2022-24923.json) (`2023-06-23T20:29:11.290`)
* [CVE-2022-24924](CVE-2022/CVE-2022-249xx/CVE-2022-24924.json) (`2023-06-23T20:29:15.917`)
* [CVE-2023-29562](CVE-2023/CVE-2023-295xx/CVE-2023-29562.json) (`2023-06-23T20:04:20.847`)
* [CVE-2023-32369](CVE-2023/CVE-2023-323xx/CVE-2023-32369.json) (`2023-06-23T20:21:15.293`)
* [CVE-2023-35788](CVE-2023/CVE-2023-357xx/CVE-2023-35788.json) (`2023-06-23T21:19:19.510`)
* [CVE-2023-33438](CVE-2023/CVE-2023-334xx/CVE-2023-33438.json) (`2023-06-23T21:19:32.180`)
* [CVE-2023-34832](CVE-2023/CVE-2023-348xx/CVE-2023-34832.json) (`2023-06-23T21:19:44.893`)
* [CVE-2023-34660](CVE-2023/CVE-2023-346xx/CVE-2023-34660.json) (`2023-06-23T21:24:20.913`)
* [CVE-2023-34659](CVE-2023/CVE-2023-346xx/CVE-2023-34659.json) (`2023-06-23T21:25:28.887`)
* [CVE-2023-3294](CVE-2023/CVE-2023-32xx/CVE-2023-3294.json) (`2023-06-23T21:26:49.927`)
* [CVE-2023-25974](CVE-2023/CVE-2023-259xx/CVE-2023-25974.json) (`2023-06-23T21:27:01.080`)
* [CVE-2023-27420](CVE-2023/CVE-2023-274xx/CVE-2023-27420.json) (`2023-06-23T21:27:11.370`)
* [CVE-2023-33307](CVE-2023/CVE-2023-333xx/CVE-2023-33307.json) (`2023-06-23T21:27:26.713`)
* [CVE-2023-33306](CVE-2023/CVE-2023-333xx/CVE-2023-33306.json) (`2023-06-23T21:27:39.787`)
## Download and Usage