admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-03T22:00:26.306309+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-03 22:00:29 +00:00
parent 542e60c829
commit f66ebe079f
41 changed files with 1216 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2020/CVE-2020-221xx/CVE-2020-22151.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-22151",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.240",
"lastModified": "2023-07-03T21:15:09.240",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/daylightstudio/FUEL-CMS/issues/551",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-221xx/CVE-2020-22152.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-22152",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.293",
"lastModified": "2023-07-03T21:15:09.293",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/daylightstudio/FUEL-CMS/issues/552",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-221xx/CVE-2020-22153.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-22153",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.340",
"lastModified": "2023-07-03T21:15:09.340",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/daylightstudio/FUEL-CMS/issues/553",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-225xx/CVE-2020-22597.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-22597",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.383",
"lastModified": "2023-07-03T21:15:09.383",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/jerryscript-project/jerryscript/issues/3637",
"source": "cve@mitre.org"
}
]
}

4
CVE-2022/CVE-2022-218xx/CVE-2022-21816.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-21816",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-02-07T20:15:07.943",
"lastModified": "2022-09-03T03:54:17.577",
"lastModified": "2023-07-03T20:35:17.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-306"
}
]
},

4
CVE-2022/CVE-2022-218xx/CVE-2022-21817.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-21817",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-02-02T13:15:08.340",
"lastModified": "2022-02-07T16:03:16.460",
"lastModified": "2023-07-03T20:34:54.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-668"
"value": "CWE-426"
}
]
}

4
CVE-2022/CVE-2022-237xx/CVE-2022-23708.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-23708",
"sourceIdentifier": "bressers@elastic.co",
"published": "2022-03-03T22:15:08.800",
"lastModified": "2022-11-09T21:38:27.293",
"lastModified": "2023-07-03T20:34:44.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-269"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-237xx/CVE-2022-23714.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-23714",
"sourceIdentifier": "bressers@elastic.co",
"published": "2022-07-06T14:15:18.460",
"lastModified": "2022-07-14T18:04:27.113",
"lastModified": "2023-07-03T20:34:29.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-269"
"value": "NVD-CWE-noinfo"
}
]
},

4
CVE-2022/CVE-2022-237xx/CVE-2022-23719.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-23719",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2022-06-30T20:15:08.310",
"lastModified": "2022-07-11T19:15:52.617",
"lastModified": "2023-07-03T20:34:16.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-287"
"value": "CWE-306"
}
]
},

4
CVE-2022/CVE-2022-237xx/CVE-2022-23727.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-23727",
"sourceIdentifier": "product.security@lge.com",
"published": "2022-01-28T20:15:12.913",
"lastModified": "2022-02-03T19:48:14.520",
"lastModified": "2023-07-03T20:34:03.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-269"
"value": "NVD-CWE-noinfo"
}
]
}

4
CVE-2022/CVE-2022-237xx/CVE-2022-23730.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-23730",
"sourceIdentifier": "product.security@lge.com",
"published": "2022-03-11T18:15:32.000",
"lastModified": "2022-03-18T20:17:58.480",
"lastModified": "2023-07-03T20:33:45.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

20
CVE-2022/CVE-2022-247xx/CVE-2022-24719.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24719",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-03-01T21:15:07.923",
"lastModified": "2022-03-14T18:46:35.930",
"lastModified": "2023-07-03T20:33:34.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-601"
"value": "CWE-212"
}
]
},
@ -114,13 +114,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fluture-node_project:fluture-node:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45C6924D-F90A-4129-AF75-420DF6FB9A5F"
"criteria": "cpe:2.3:a:fluture-node_project:fluture-node:4.0.0:*:*:*:*:node.js:*:*",
"matchCriteriaId": "9E134C6B-520E-4721-92D9-C128A97DD5D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fluture-node_project:fluture-node:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C01C43F-7542-4990-8644-E70043810F16"
"criteria": "cpe:2.3:a:fluture-node_project:fluture-node:4.0.1:*:*:*:*:node.js:*:*",
"matchCriteriaId": "EDE49B85-4FA8-45EE-8C14-47E835A658D9"
}
]
}
@ -132,16 +132,14 @@
"url": "https://github.com/fluture-js/fluture-node/commit/0c99bc511533d48be17dc6bfe641f7d0aeb34d77",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
"Patch"
]
},
{
"url": "https://github.com/fluture-js/fluture-node/commit/125e4474f910c1507f8ec3232848626fbc0f55c4",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
"Patch"
]
},
{
@ -149,7 +147,7 @@
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
"Vendor Advisory"
]
},
{

10
CVE-2022/CVE-2022-247xx/CVE-2022-24720.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24720",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-03-01T23:15:08.993",
"lastModified": "2023-02-22T17:49:00.657",
"lastModified": "2023-07-03T20:35:53.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,22 +85,22 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "NVD-CWE-Other"
}
]
},
{
"source": "nvd@nist.gov",
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
"value": "CWE-20"
}
]
}

14
CVE-2022/CVE-2022-247xx/CVE-2022-24723.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24723",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-03-03T21:15:07.813",
"lastModified": "2022-11-29T15:00:51.357",
"lastModified": "2023-07-03T20:35:47.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",

10
CVE-2022/CVE-2022-247xx/CVE-2022-24754.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24754",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-03-11T20:15:08.873",
"lastModified": "2022-11-16T19:26:42.193",
"lastModified": "2023-07-03T20:35:39.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,22 +85,22 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
"value": "CWE-1284"
}
]
},
{
"source": "nvd@nist.gov",
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
"value": "CWE-120"
}
]
}

14
CVE-2022/CVE-2022-247xx/CVE-2022-24762.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24762",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-03-14T23:15:08.427",
"lastModified": "2022-03-21T18:48:38.580",
"lastModified": "2023-07-03T20:35:28.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",

53
CVE-2022/CVE-2022-41xx/CVE-2022-4115.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2022-4115",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:10.077",
"lastModified": "2023-06-27T16:15:38.897",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T20:37:29.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Editorial Calendar WordPress plugin through 3.7.12 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:editorial_calendar_project:editorial_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.7.12",
"matchCriteriaId": "A66D4176-1FDA-4F4E-913C-0DAB74158EBC"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/2b5071e1-9532-4a6c-9da4-d07932474ca4",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-05xx/CVE-2023-0588.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-0588",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:10.150",
"lastModified": "2023-06-27T16:15:38.897",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T20:28:13.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:catalystconnect:zoho_crm_client_portal:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.0",
"matchCriteriaId": "B80D9973-704C-4832-A8FD-8D13DE7242E8"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/84be272e-0891-461c-91ad-496b64f92f8f",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-23xx/CVE-2023-2326.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2326",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:10.600",
"lastModified": "2023-06-27T16:15:38.897",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T20:23:43.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gsheetconnector:gravity_forms_google_sheets_connector:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.5",
"matchCriteriaId": "CF2C6A01-7557-48D0-A21C-A79D8775247E"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/f922695a-b803-4edf-aadc-80c79d99bebb",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-24xx/CVE-2023-2482.json
View File

@ -2,18 +2,41 @@
"id": "CVE-2023-2482",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:10.663",
"lastModified": "2023-06-27T16:15:38.897",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T20:07:45.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -21,12 +44,44 @@
"value": "CWE-89"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpwox:responsive_css_editor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0",
"matchCriteriaId": "0B35C7E9-12F6-42F3-8FAA-C1B84ADD9408"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/c0f73781-be7e-482e-91de-ad7991ad4bd5",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-25xx/CVE-2023-2580.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2580",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:10.730",
"lastModified": "2023-06-27T16:15:38.897",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T20:05:34.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ai_engine_project:ai_engine:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6.83",
"matchCriteriaId": "11AC00F2-23A9-48B2-B944-998E0E35C7A0"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/7ee1efb1-9969-40b2-8ab2-ea427091bbd8",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

100
CVE-2023/CVE-2023-262xx/CVE-2023-26273.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26273",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-27T18:15:12.640",
"lastModified": "2023-06-27T18:34:43.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T20:48:51.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +76,76 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "DACA17CC-8B71-4E71-B075-BFFB65AD989C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "BA60FDE5-8C40-4C7A-97CF-BA2A64BF307D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "AB518E06-00BA-48F3-8AEC-6E1E97CAA2CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "289027A2-178C-45DE-A86F-1207F23D13B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "5047AECF-879B-427A-ACF7-ECB10965E1B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_5:*:*:*:*:*:*",
"matchCriteriaId": "CD448AB8-E3CC-41A1-9D32-B1B35C68FA5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248134",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7006083",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-27xx/CVE-2023-2727.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2727",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-07-03T21:15:09.480",
"lastModified": "2023-07-03T21:15:09.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "jordan@liggitt.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "jordan@liggitt.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/118640",
"source": "jordan@liggitt.net"
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8",
"source": "jordan@liggitt.net"
}
]
}

59
CVE-2023/CVE-2023-27xx/CVE-2023-2728.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2728",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-07-03T21:15:09.557",
"lastModified": "2023-07-03T21:15:09.557",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account\u2019s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "jordan@liggitt.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "jordan@liggitt.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/118640",
"source": "jordan@liggitt.net"
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8",
"source": "jordan@liggitt.net"
}
]
}

55
CVE-2023/CVE-2023-33xx/CVE-2023-3395.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3395",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-03T21:15:10.107",
"lastModified": "2023-07-03T21:15:10.107",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-256"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03",
"source": "ics-cert@hq.dhs.gov"
}
]
}

69
CVE-2023/CVE-2023-359xx/CVE-2023-35925.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35925",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T16:15:09.477",
"lastModified": "2023-06-23T17:21:14.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T20:46:49.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,20 +64,57 @@
"value": "CWE-400"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intellectualsites:fastasyncworldedit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.6.3",
"matchCriteriaId": "FC7A135E-1B28-4070-AB2D-14BAC7CD983D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/IntellectualSites/FastAsyncWorldEdit/pull/2285",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/IntellectualSites/FastAsyncWorldEdit/releases/tag/2.6.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/IntellectualSites/FastAsyncWorldEdit/security/advisories/GHSA-whj9-m24x-qhhp",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-361xx/CVE-2023-36162.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-36162",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.620",
"lastModified": "2023-07-03T21:15:09.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remote attacker to gain privileges via the add function in adminlist.php."
}
],
"metrics": {},
"references": [
{
"url": "http://www.zzcms.net/about/download.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/forget-code/zzcms/issues/6",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-361xx/CVE-2023-36183.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36183",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.663",
"lastModified": "2023-07-03T21:15:09.663",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/OpenImageIO/oiio/issues/3871",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-362xx/CVE-2023-36222.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-36222",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.707",
"lastModified": "2023-07-03T21:15:09.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function."
}
],
"metrics": {},
"references": [
{
"url": "http://bbs-go.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/mlogclub/bbs-go",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/mlogclub/bbs-go/issues/206",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-362xx/CVE-2023-36223.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-36223",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.750",
"lastModified": "2023-07-03T21:15:09.750",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function."
}
],
"metrics": {},
"references": [
{
"url": "http://bbs-go.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/mlogclub/bbs-go",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/mlogclub/bbs-go/issues/208",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-362xx/CVE-2023-36258.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36258",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.797",
"lastModified": "2023-07-03T21:15:09.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/hwchase17/langchain/issues/5872",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-362xx/CVE-2023-36262.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36262",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.837",
"lastModified": "2023-07-03T21:15:09.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in OBS Studio OBS-Studio v.29.1.2 allows a local attack to obtain sensitive information via the password parameter in locale/ca-ini."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/obsproject/obs-studio/issues/8966",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-362xx/CVE-2023-36291.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36291",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.883",
"lastModified": "2023-07-03T21:15:09.883",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/maxsite/cms/issues/500",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-363xx/CVE-2023-36377.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-36377",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.923",
"lastModified": "2023-07-03T21:15:09.923",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/mtrojnar/osslsigncode/compare/2.2...2.3",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/mtrojnar/osslsigncode/releases/tag/2.3",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-366xx/CVE-2023-36608.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36608",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-03T20:15:09.450",
"lastModified": "2023-07-03T20:31:37.327",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nThe affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-366xx/CVE-2023-36609.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36609",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-03T20:15:09.537",
"lastModified": "2023-07-03T20:31:37.327",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nThe affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-829"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-366xx/CVE-2023-36610.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36610",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-03T21:15:09.967",
"lastModified": "2023-07-03T21:15:09.967",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-331"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-366xx/CVE-2023-36611.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36611",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-03T21:15:10.037",
"lastModified": "2023-07-03T21:15:10.037",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nThe affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with \u201cuser\u201d privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03",
"source": "ics-cert@hq.dhs.gov"
}
]
}

4
CVE-2023/CVE-2023-368xx/CVE-2023-36819.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36819",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-03T19:15:09.183",
"lastModified": "2023-07-03T19:15:09.183",
"vulnStatus": "Received",
"lastModified": "2023-07-03T20:31:37.327",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

40
CVE-2023/CVE-2023-373xx/CVE-2023-37378.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-37378",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T20:15:09.620",
"lastModified": "2023-07-03T20:31:37.327",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory."
}
],
"metrics": {},
"references": [
{
"url": "http://sf.net/p/nsis/bugs/1296",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0",
"source": "cve@mitre.org"
},
{
"url": "https://nsis.sourceforge.io/Docs/AppendixF.html#v3.09",
"source": "cve@mitre.org"
},
{
"url": "https://sourceforge.net/p/nsis/news/2023/07/nsis-309-released/",
"source": "cve@mitre.org"
}
]
}

78
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-03T20:00:28.709051+00:00
2023-07-03T22:00:26.306309+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-03T19:38:57.370000+00:00
2023-07-03T21:15:10.107000+00:00
```
### Last Data Feed Release
@ -29,47 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
219067
219087
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `20`
* [CVE-2023-36815](CVE-2023/CVE-2023-368xx/CVE-2023-36815.json) (`2023-07-03T18:15:09.653`)
* [CVE-2023-36817](CVE-2023/CVE-2023-368xx/CVE-2023-36817.json) (`2023-07-03T18:15:09.733`)
* [CVE-2023-36819](CVE-2023/CVE-2023-368xx/CVE-2023-36819.json) (`2023-07-03T19:15:09.183`)
* [CVE-2020-22151](CVE-2020/CVE-2020-221xx/CVE-2020-22151.json) (`2023-07-03T21:15:09.240`)
* [CVE-2020-22152](CVE-2020/CVE-2020-221xx/CVE-2020-22152.json) (`2023-07-03T21:15:09.293`)
* [CVE-2020-22153](CVE-2020/CVE-2020-221xx/CVE-2020-22153.json) (`2023-07-03T21:15:09.340`)
* [CVE-2020-22597](CVE-2020/CVE-2020-225xx/CVE-2020-22597.json) (`2023-07-03T21:15:09.383`)
* [CVE-2023-36608](CVE-2023/CVE-2023-366xx/CVE-2023-36608.json) (`2023-07-03T20:15:09.450`)
* [CVE-2023-36609](CVE-2023/CVE-2023-366xx/CVE-2023-36609.json) (`2023-07-03T20:15:09.537`)
* [CVE-2023-37378](CVE-2023/CVE-2023-373xx/CVE-2023-37378.json) (`2023-07-03T20:15:09.620`)
* [CVE-2023-2727](CVE-2023/CVE-2023-27xx/CVE-2023-2727.json) (`2023-07-03T21:15:09.480`)
* [CVE-2023-2728](CVE-2023/CVE-2023-27xx/CVE-2023-2728.json) (`2023-07-03T21:15:09.557`)
* [CVE-2023-36162](CVE-2023/CVE-2023-361xx/CVE-2023-36162.json) (`2023-07-03T21:15:09.620`)
* [CVE-2023-36183](CVE-2023/CVE-2023-361xx/CVE-2023-36183.json) (`2023-07-03T21:15:09.663`)
* [CVE-2023-36222](CVE-2023/CVE-2023-362xx/CVE-2023-36222.json) (`2023-07-03T21:15:09.707`)
* [CVE-2023-36223](CVE-2023/CVE-2023-362xx/CVE-2023-36223.json) (`2023-07-03T21:15:09.750`)
* [CVE-2023-36258](CVE-2023/CVE-2023-362xx/CVE-2023-36258.json) (`2023-07-03T21:15:09.797`)
* [CVE-2023-36262](CVE-2023/CVE-2023-362xx/CVE-2023-36262.json) (`2023-07-03T21:15:09.837`)
* [CVE-2023-36291](CVE-2023/CVE-2023-362xx/CVE-2023-36291.json) (`2023-07-03T21:15:09.883`)
* [CVE-2023-36377](CVE-2023/CVE-2023-363xx/CVE-2023-36377.json) (`2023-07-03T21:15:09.923`)
* [CVE-2023-36610](CVE-2023/CVE-2023-366xx/CVE-2023-36610.json) (`2023-07-03T21:15:09.967`)
* [CVE-2023-36611](CVE-2023/CVE-2023-366xx/CVE-2023-36611.json) (`2023-07-03T21:15:10.037`)
* [CVE-2023-3395](CVE-2023/CVE-2023-33xx/CVE-2023-3395.json) (`2023-07-03T21:15:10.107`)
### CVEs modified in the last Commit
Recently modified CVEs: `59`
Recently modified CVEs: `20`
* [CVE-2023-34242](CVE-2023/CVE-2023-342xx/CVE-2023-34242.json) (`2023-07-03T19:12:59.533`)
* [CVE-2023-25515](CVE-2023/CVE-2023-255xx/CVE-2023-25515.json) (`2023-07-03T19:15:31.923`)
* [CVE-2023-23344](CVE-2023/CVE-2023-233xx/CVE-2023-23344.json) (`2023-07-03T19:16:21.420`)
* [CVE-2023-28016](CVE-2023/CVE-2023-280xx/CVE-2023-28016.json) (`2023-07-03T19:17:06.243`)
* [CVE-2023-36301](CVE-2023/CVE-2023-363xx/CVE-2023-36301.json) (`2023-07-03T19:18:49.437`)
* [CVE-2023-25307](CVE-2023/CVE-2023-253xx/CVE-2023-25307.json) (`2023-07-03T19:19:20.030`)
* [CVE-2023-29423](CVE-2023/CVE-2023-294xx/CVE-2023-29423.json) (`2023-07-03T19:19:39.733`)
* [CVE-2023-2533](CVE-2023/CVE-2023-25xx/CVE-2023-2533.json) (`2023-07-03T19:19:40.983`)
* [CVE-2023-29093](CVE-2023/CVE-2023-290xx/CVE-2023-29093.json) (`2023-07-03T19:19:55.117`)
* [CVE-2023-36675](CVE-2023/CVE-2023-366xx/CVE-2023-36675.json) (`2023-07-03T19:20:19.150`)
* [CVE-2023-36660](CVE-2023/CVE-2023-366xx/CVE-2023-36660.json) (`2023-07-03T19:20:47.360`)
* [CVE-2023-28485](CVE-2023/CVE-2023-284xx/CVE-2023-28485.json) (`2023-07-03T19:22:57.320`)
* [CVE-2023-3432](CVE-2023/CVE-2023-34xx/CVE-2023-3432.json) (`2023-07-03T19:24:13.527`)
* [CVE-2023-3431](CVE-2023/CVE-2023-34xx/CVE-2023-3431.json) (`2023-07-03T19:24:51.337`)
* [CVE-2023-2996](CVE-2023/CVE-2023-29xx/CVE-2023-2996.json) (`2023-07-03T19:26:05.237`)
* [CVE-2023-2877](CVE-2023/CVE-2023-28xx/CVE-2023-2877.json) (`2023-07-03T19:26:43.103`)
* [CVE-2023-2842](CVE-2023/CVE-2023-28xx/CVE-2023-2842.json) (`2023-07-03T19:27:16.967`)
* [CVE-2023-25520](CVE-2023/CVE-2023-255xx/CVE-2023-25520.json) (`2023-07-03T19:27:23.943`)
* [CVE-2023-2795](CVE-2023/CVE-2023-27xx/CVE-2023-2795.json) (`2023-07-03T19:28:20.887`)
* [CVE-2023-34839](CVE-2023/CVE-2023-348xx/CVE-2023-34839.json) (`2023-07-03T19:29:43.347`)
* [CVE-2023-34838](CVE-2023/CVE-2023-348xx/CVE-2023-34838.json) (`2023-07-03T19:30:00.057`)
* [CVE-2023-34837](CVE-2023/CVE-2023-348xx/CVE-2023-34837.json) (`2023-07-03T19:30:12.097`)
* [CVE-2023-34836](CVE-2023/CVE-2023-348xx/CVE-2023-34836.json) (`2023-07-03T19:30:27.440`)
* [CVE-2023-34835](CVE-2023/CVE-2023-348xx/CVE-2023-34835.json) (`2023-07-03T19:30:38.090`)
* [CVE-2023-35171](CVE-2023/CVE-2023-351xx/CVE-2023-35171.json) (`2023-07-03T19:38:57.370`)
* [CVE-2022-24719](CVE-2022/CVE-2022-247xx/CVE-2022-24719.json) (`2023-07-03T20:33:34.237`)
* [CVE-2022-23730](CVE-2022/CVE-2022-237xx/CVE-2022-23730.json) (`2023-07-03T20:33:45.863`)
* [CVE-2022-23727](CVE-2022/CVE-2022-237xx/CVE-2022-23727.json) (`2023-07-03T20:34:03.637`)
* [CVE-2022-23719](CVE-2022/CVE-2022-237xx/CVE-2022-23719.json) (`2023-07-03T20:34:16.163`)
* [CVE-2022-23714](CVE-2022/CVE-2022-237xx/CVE-2022-23714.json) (`2023-07-03T20:34:29.593`)
* [CVE-2022-23708](CVE-2022/CVE-2022-237xx/CVE-2022-23708.json) (`2023-07-03T20:34:44.583`)
* [CVE-2022-21817](CVE-2022/CVE-2022-218xx/CVE-2022-21817.json) (`2023-07-03T20:34:54.417`)
* [CVE-2022-21816](CVE-2022/CVE-2022-218xx/CVE-2022-21816.json) (`2023-07-03T20:35:17.977`)
* [CVE-2022-24762](CVE-2022/CVE-2022-247xx/CVE-2022-24762.json) (`2023-07-03T20:35:28.853`)
* [CVE-2022-24754](CVE-2022/CVE-2022-247xx/CVE-2022-24754.json) (`2023-07-03T20:35:39.967`)
* [CVE-2022-24723](CVE-2022/CVE-2022-247xx/CVE-2022-24723.json) (`2023-07-03T20:35:47.993`)
* [CVE-2022-24720](CVE-2022/CVE-2022-247xx/CVE-2022-24720.json) (`2023-07-03T20:35:53.343`)
* [CVE-2022-4115](CVE-2022/CVE-2022-41xx/CVE-2022-4115.json) (`2023-07-03T20:37:29.117`)
* [CVE-2023-2580](CVE-2023/CVE-2023-25xx/CVE-2023-2580.json) (`2023-07-03T20:05:34.090`)
* [CVE-2023-2482](CVE-2023/CVE-2023-24xx/CVE-2023-2482.json) (`2023-07-03T20:07:45.610`)
* [CVE-2023-2326](CVE-2023/CVE-2023-23xx/CVE-2023-2326.json) (`2023-07-03T20:23:43.963`)
* [CVE-2023-0588](CVE-2023/CVE-2023-05xx/CVE-2023-0588.json) (`2023-07-03T20:28:13.577`)
* [CVE-2023-36819](CVE-2023/CVE-2023-368xx/CVE-2023-36819.json) (`2023-07-03T20:31:37.327`)
* [CVE-2023-35925](CVE-2023/CVE-2023-359xx/CVE-2023-35925.json) (`2023-07-03T20:46:49.440`)
* [CVE-2023-26273](CVE-2023/CVE-2023-262xx/CVE-2023-26273.json) (`2023-07-03T20:48:51.157`)
## Download and Usage