admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-12T20:00:24.653357+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-12 22:00:28 +02:00
parent d24eb8b9f9
commit f6fc1ca592
35 changed files with 11875 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5227
CVE-2022/CVE-2022-405xx/CVE-2022-40504.json
View File

File diff suppressed because it is too large Load Diff

65
CVE-2023/CVE-2023-09xx/CVE-2023-0948.json
View File

@ -2,18 +2,41 @@
"id": "CVE-2023-0948",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-08T14:15:12.277",
"lastModified": "2023-05-08T14:17:23.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T18:39:44.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -21,12 +44,44 @@
"value": "CWE-79"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artisanworkshop:japanized_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5.8",
"matchCriteriaId": "D9556FA3-C876-4507-8023-83DC7E15E061"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/a78d75b2-85a0-41eb-9720-c726ca2e8718",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-10xx/CVE-2023-1094.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-1094",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-05-08T20:15:16.007",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T19:16:33.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monicahq:monica:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "449F0227-5926-4949-8C63-CB9E2DFAEA1F"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/napoli",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.monicahq.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

62
CVE-2023/CVE-2023-19xx/CVE-2023-1979.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1979",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-05-08T17:15:11.843",
"lastModified": "2023-05-09T12:47:11.547",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T18:44:46.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:web_stories:*:*:*:*:wordpress:*:*:*",
"versionEndExcluding": "1.32.0",
"matchCriteriaId": "6B859155-2CE3-415A-96E7-883258BCF83D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/GoogleForCreators/web-stories-wp/releases/tag/v1.32.0",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Release Notes"
]
}
]
}

4553
CVE-2023/CVE-2023-216xx/CVE-2023-21666.json
View File

File diff suppressed because it is too large Load Diff

102
CVE-2023/CVE-2023-227xx/CVE-2023-22784.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22784",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:10.167",
"lastModified": "2023-05-08T16:35:01.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T18:34:16.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +54,86 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0.0",
"versionEndIncluding": "10.3.1.0",
"matchCriteriaId": "2C4069A9-344F-400B-8C26-8A3EB24C211B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0.0",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.0.0",
"versionEndIncluding": "6.5.4.23",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.4.0.0",
"versionEndExcluding": "8.6.0.0",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.6.0.0",
"versionEndIncluding": "8.6.0.19",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.7.0.0",
"versionEndIncluding": "8.9.0.0",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0.0",
"versionEndIncluding": "8.10.0.4",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

102
CVE-2023/CVE-2023-227xx/CVE-2023-22785.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22785",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:10.233",
"lastModified": "2023-05-08T16:35:01.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T18:29:12.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +54,86 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0.0",
"versionEndIncluding": "10.3.1.0",
"matchCriteriaId": "2C4069A9-344F-400B-8C26-8A3EB24C211B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0.0",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.0.0",
"versionEndIncluding": "6.5.4.23",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.4.0.0",
"versionEndExcluding": "8.6.0.0",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.6.0.0",
"versionEndIncluding": "8.6.0.19",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.7.0.0",
"versionEndIncluding": "8.9.0.0",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0.0",
"versionEndIncluding": "8.10.0.4",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

102
CVE-2023/CVE-2023-227xx/CVE-2023-22786.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22786",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-08T15:15:10.303",
"lastModified": "2023-05-08T16:35:01.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T18:25:20.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
@ -34,10 +54,86 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0.0",
"versionEndIncluding": "10.3.1.0",
"matchCriteriaId": "2C4069A9-344F-400B-8C26-8A3EB24C211B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0.0",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.0.0",
"versionEndIncluding": "6.5.4.23",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.4.0.0",
"versionEndExcluding": "8.6.0.0",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.6.0.0",
"versionEndIncluding": "8.6.0.19",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.7.0.0",
"versionEndIncluding": "8.9.0.0",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.10.0.0",
"versionEndIncluding": "8.10.0.4",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-24xx/CVE-2023-2457.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-2457",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-12T18:15:09.530",
"lastModified": "2023-05-12T18:15:09.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-chromeos.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1420790",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2023/CVE-2023-24xx/CVE-2023-2458.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-2458",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-12T18:15:09.573",
"lastModified": "2023-05-12T18:15:09.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-chromeos.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1430692",
"source": "chrome-cve-admin@google.com"
}
]
}

59
CVE-2023/CVE-2023-259xx/CVE-2023-25927.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-25927",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-12T18:15:09.450",
"lastModified": "2023-05-12T18:15:09.450",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247635",
"source": "psirt@us.ibm.com"
},
{
"url": "https://https://www.ibm.com/support/pages/node/6989653",
"source": "psirt@us.ibm.com"
}
]
}

8
CVE-2023/CVE-2023-25xx/CVE-2023-2573.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2573",
"sourceIdentifier": "office@cyberdanube.com",
"published": "2023-05-08T13:15:09.710",
"lastModified": "2023-05-12T14:58:39.517",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-12T18:15:09.617",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -163,6 +163,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html",
"source": "office@cyberdanube.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/May/4",
"source": "office@cyberdanube.com",

8
CVE-2023/CVE-2023-25xx/CVE-2023-2574.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2574",
"sourceIdentifier": "office@cyberdanube.com",
"published": "2023-05-08T13:15:09.790",
"lastModified": "2023-05-12T14:58:59.900",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-12T18:15:09.703",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -163,6 +163,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html",
"source": "office@cyberdanube.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/May/4",
"source": "office@cyberdanube.com",

8
CVE-2023/CVE-2023-25xx/CVE-2023-2575.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2575",
"sourceIdentifier": "office@cyberdanube.com",
"published": "2023-05-08T13:15:09.847",
"lastModified": "2023-05-12T14:59:28.827",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-12T18:15:09.827",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -163,6 +163,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html",
"source": "office@cyberdanube.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/May/4",
"source": "office@cyberdanube.com",

59
CVE-2023/CVE-2023-278xx/CVE-2023-27863.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-27863",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-12T19:15:08.827",
"lastModified": "2023-05-12T19:15:08.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249325",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6965812",
"source": "psirt@us.ibm.com"
}
]
}

107
CVE-2023/CVE-2023-279xx/CVE-2023-27929.json
View File

@ -2,31 +2,124 @@
"id": "CVE-2023-27929",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.130",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T18:52:07.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "EE68C5EC-5829-481D-BFF7-0A501018A3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.3",
"matchCriteriaId": "F58DAF22-8807-445A-AD05-8510829526CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "B55C90FB-21A2-4066-9FFD-04ABA57E68F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4",
"matchCriteriaId": "B5DA93B3-CA76-4932-84EE-40445A6505EA"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213674",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213678",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

113
CVE-2023/CVE-2023-279xx/CVE-2023-27931.json
View File

@ -2,39 +2,134 @@
"id": "CVE-2023-27931",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.197",
"lastModified": "2023-05-12T09:15:10.157",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-05-12T19:10:07.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "EE68C5EC-5829-481D-BFF7-0A501018A3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.3",
"matchCriteriaId": "F58DAF22-8807-445A-AD05-8510829526CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "B55C90FB-21A2-4066-9FFD-04ABA57E68F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4",
"matchCriteriaId": "B5DA93B3-CA76-4932-84EE-40445A6505EA"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213674",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213678",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213603",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213604",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-279xx/CVE-2023-27943.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-27943",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.790",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T19:05:15.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine flag applied"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "EE68C5EC-5829-481D-BFF7-0A501018A3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.3",
"matchCriteriaId": "F58DAF22-8807-445A-AD05-8510829526CB"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

89
CVE-2023/CVE-2023-279xx/CVE-2023-27953.json
View File

@ -2,27 +2,104 @@
"id": "CVE-2023-27953",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:18.207",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T18:47:57.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "11.7.5",
"matchCriteriaId": "408DDE09-2478-4109-B4DA-AEEA7B3BE51A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.6.4",
"matchCriteriaId": "3C93428C-C9B4-464F-8A4A-0CE8D7BB2BAA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

155
CVE-2023/CVE-2023-279xx/CVE-2023-27954.json
View File

@ -2,43 +2,178 @@
"id": "CVE-2023-27954",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:18.267",
"lastModified": "2023-05-12T12:15:09.340",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-05-12T18:55:06.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "EE589B89-C395-4840-9EE5-B644EC1C637C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.7.4",
"matchCriteriaId": "909D85BE-B03C-469D-B7A0-B15B6366EDAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.4",
"matchCriteriaId": "D54C540A-5D01-4710-BBF9-EDD8BBAEE16E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.7.4",
"matchCriteriaId": "C75E4307-6CF3-4835-8E5F-96BF060658C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.4",
"matchCriteriaId": "E33C3BC5-6CFC-4B58-8642-80A9FE00DB24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "B55C90FB-21A2-4066-9FFD-04ABA57E68F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4",
"matchCriteriaId": "B5DA93B3-CA76-4932-84EE-40445A6505EA"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00011.html",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213671",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213673",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213674",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213678",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-279xx/CVE-2023-27955.json
View File

@ -2,31 +2,123 @@
"id": "CVE-2023-27955",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:18.317",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T19:23:18.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4. An app may be able to read arbitrary files"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "1223E832-EAEB-4549-83B5-C77FB7055AD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "11.7.5",
"matchCriteriaId": "408DDE09-2478-4109-B4DA-AEEA7B3BE51A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.6.4",
"matchCriteriaId": "3C93428C-C9B4-464F-8A4A-0CE8D7BB2BAA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-279xx/CVE-2023-27957.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-27957",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:18.433",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T19:15:24.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-279xx/CVE-2023-27959.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-27959",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:18.547",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T19:22:37.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "1223E832-EAEB-4549-83B5-C77FB7055AD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-279xx/CVE-2023-27967.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-27967",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:18.937",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T19:46:50.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.3",
"matchCriteriaId": "37EC667B-49B0-4210-9B73-9795D603EF78"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213679",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-279xx/CVE-2023-27968.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-27968",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:19.000",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T19:47:30.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-296xx/CVE-2023-29693.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-29693",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T15:15:10.983",
"lastModified": "2023-05-08T16:35:01.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T19:39:08.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:h3c:gr-1200w_firmware:minigrw1a0v100r006:*:*:*:*:*:*:*",
"matchCriteriaId": "947EC9F7-504E-4596-AC79-2555107D93B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:h3c:gr-1200w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4ECDCE3-0655-43A0-A6C5-658E7C4F5470"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Stevenbaga/fengsha/blob/main/H3C/GR-1200W/SetTftpUpgrad.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-296xx/CVE-2023-29696.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-29696",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T15:15:11.033",
"lastModified": "2023-05-08T16:35:01.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T19:39:04.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_set."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:h3c:gr-1200w_firmware:minigrw1a0v100r006:*:*:*:*:*:*:*",
"matchCriteriaId": "947EC9F7-504E-4596-AC79-2555107D93B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:h3c:gr-1200w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4ECDCE3-0655-43A0-A6C5-658E7C4F5470"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Stevenbaga/fengsha/blob/main/H3C/GR-1200W/aVersionSet.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-302xx/CVE-2023-30247.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-30247",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-12T19:15:08.907",
"lastModified": "2023-05-12T19:15:08.907",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/qingning988/cve_report/blob/main/storage-unit-rental-management-system/RCE-1.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.github.com",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-307xx/CVE-2023-30787.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-30787",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-05-08T20:15:20.030",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T19:57:42.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monicahq:monica:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "449F0227-5926-4949-8C63-CB9E2DFAEA1F"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/napoli",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.monicahq.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-307xx/CVE-2023-30788.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-30788",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-05-08T20:15:20.087",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T19:57:33.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monicahq:monica:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "449F0227-5926-4949-8C63-CB9E2DFAEA1F"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/napoli",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.monicahq.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-307xx/CVE-2023-30789.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-30789",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-05-08T20:15:20.150",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T19:57:22.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monicahq:monica:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "449F0227-5926-4949-8C63-CB9E2DFAEA1F"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/napoli",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.monicahq.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-307xx/CVE-2023-30790.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-30790",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-05-08T20:15:20.207",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-12T19:57:12.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monicahq:monica:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "449F0227-5926-4949-8C63-CB9E2DFAEA1F"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/napoli",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.monicahq.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-323xx/CVE-2023-32305.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-32305",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-12T19:15:08.953",
"lastModified": "2023-05-12T19:15:08.953",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
},
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/aiven/aiven-extras/commit/8682ae01bec0791708bf25791786d776e2fb0250",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aiven/aiven-extras/security/advisories/GHSA-7r4w-fw4h-67gp",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-323xx/CVE-2023-32306.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32306",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-12T19:15:09.023",
"lastModified": "2023-05-12T19:15:09.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in `ttReportHelper.class.php` from version 1.22.13.5792."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/anuko/timetracker/security/advisories/GHSA-758x-vg7g-j9j3",
"source": "security-advisories@github.com"
}
]
}

81
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-12T18:00:24.249347+00:00
2023-05-12T20:00:24.653357+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-12T17:54:13.413000+00:00
2023-05-12T19:57:42.243000+00:00
```
### Last Data Feed Release
@ -29,56 +29,53 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
215157
215164
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `7`
* [CVE-2022-48020](CVE-2022/CVE-2022-480xx/CVE-2022-48020.json) (`2023-05-12T16:15:09.340`)
* [CVE-2023-22685](CVE-2023/CVE-2023-226xx/CVE-2023-22685.json) (`2023-05-12T16:15:09.393`)
* [CVE-2023-23810](CVE-2023/CVE-2023-238xx/CVE-2023-23810.json) (`2023-05-12T16:15:09.453`)
* [CVE-2023-25428](CVE-2023/CVE-2023-254xx/CVE-2023-25428.json) (`2023-05-12T16:15:09.513`)
* [CVE-2023-25460](CVE-2023/CVE-2023-254xx/CVE-2023-25460.json) (`2023-05-12T16:15:09.550`)
* [CVE-2023-25958](CVE-2023/CVE-2023-259xx/CVE-2023-25958.json) (`2023-05-12T16:15:09.610`)
* [CVE-2023-28414](CVE-2023/CVE-2023-284xx/CVE-2023-28414.json) (`2023-05-12T16:15:09.743`)
* [CVE-2023-31983](CVE-2023/CVE-2023-319xx/CVE-2023-31983.json) (`2023-05-12T16:15:09.820`)
* [CVE-2023-2457](CVE-2023/CVE-2023-24xx/CVE-2023-2457.json) (`2023-05-12T18:15:09.530`)
* [CVE-2023-2458](CVE-2023/CVE-2023-24xx/CVE-2023-2458.json) (`2023-05-12T18:15:09.573`)
* [CVE-2023-25927](CVE-2023/CVE-2023-259xx/CVE-2023-25927.json) (`2023-05-12T18:15:09.450`)
* [CVE-2023-27863](CVE-2023/CVE-2023-278xx/CVE-2023-27863.json) (`2023-05-12T19:15:08.827`)
* [CVE-2023-30247](CVE-2023/CVE-2023-302xx/CVE-2023-30247.json) (`2023-05-12T19:15:08.907`)
* [CVE-2023-32305](CVE-2023/CVE-2023-323xx/CVE-2023-32305.json) (`2023-05-12T19:15:08.953`)
* [CVE-2023-32306](CVE-2023/CVE-2023-323xx/CVE-2023-32306.json) (`2023-05-12T19:15:09.023`)
### CVEs modified in the last Commit
Recently modified CVEs: `29`
Recently modified CVEs: `27`
* [CVE-2016-15031](CVE-2016/CVE-2016-150xx/CVE-2016-15031.json) (`2023-05-12T16:22:35.657`)
* [CVE-2022-47334](CVE-2022/CVE-2022-473xx/CVE-2022-47334.json) (`2023-05-12T16:14:47.110`)
* [CVE-2022-47490](CVE-2022/CVE-2022-474xx/CVE-2022-47490.json) (`2023-05-12T16:09:17.543`)
* [CVE-2022-47492](CVE-2022/CVE-2022-474xx/CVE-2022-47492.json) (`2023-05-12T16:06:50.920`)
* [CVE-2022-47493](CVE-2022/CVE-2022-474xx/CVE-2022-47493.json) (`2023-05-12T16:06:45.267`)
* [CVE-2022-48384](CVE-2022/CVE-2022-483xx/CVE-2022-48384.json) (`2023-05-12T16:09:33.377`)
* [CVE-2023-0544](CVE-2023/CVE-2023-05xx/CVE-2023-0544.json) (`2023-05-12T16:03:27.027`)
* [CVE-2023-0603](CVE-2023/CVE-2023-06xx/CVE-2023-0603.json) (`2023-05-12T16:02:52.940`)
* [CVE-2023-0768](CVE-2023/CVE-2023-07xx/CVE-2023-0768.json) (`2023-05-12T16:03:07.467`)
* [CVE-2023-1384](CVE-2023/CVE-2023-13xx/CVE-2023-1384.json) (`2023-05-12T16:06:10.987`)
* [CVE-2023-1385](CVE-2023/CVE-2023-13xx/CVE-2023-1385.json) (`2023-05-12T16:07:46.433`)
* [CVE-2023-1905](CVE-2023/CVE-2023-19xx/CVE-2023-1905.json) (`2023-05-12T17:19:42.843`)
* [CVE-2023-2114](CVE-2023/CVE-2023-21xx/CVE-2023-2114.json) (`2023-05-12T17:28:26.297`)
* [CVE-2023-22779](CVE-2023/CVE-2023-227xx/CVE-2023-22779.json) (`2023-05-12T17:41:54.173`)
* [CVE-2023-22780](CVE-2023/CVE-2023-227xx/CVE-2023-22780.json) (`2023-05-12T17:44:35.967`)
* [CVE-2023-22781](CVE-2023/CVE-2023-227xx/CVE-2023-22781.json) (`2023-05-12T17:50:28.227`)
* [CVE-2023-22782](CVE-2023/CVE-2023-227xx/CVE-2023-22782.json) (`2023-05-12T17:54:13.413`)
* [CVE-2023-22788](CVE-2023/CVE-2023-227xx/CVE-2023-22788.json) (`2023-05-12T16:04:24.783`)
* [CVE-2023-22789](CVE-2023/CVE-2023-227xx/CVE-2023-22789.json) (`2023-05-12T16:04:46.210`)
* [CVE-2023-22790](CVE-2023/CVE-2023-227xx/CVE-2023-22790.json) (`2023-05-12T16:03:22.980`)
* [CVE-2023-22791](CVE-2023/CVE-2023-227xx/CVE-2023-22791.json) (`2023-05-12T16:02:10.253`)
* [CVE-2023-25289](CVE-2023/CVE-2023-252xx/CVE-2023-25289.json) (`2023-05-12T16:16:45.117`)
* [CVE-2023-2583](CVE-2023/CVE-2023-25xx/CVE-2023-2583.json) (`2023-05-12T17:05:14.390`)
* [CVE-2023-27043](CVE-2023/CVE-2023-270xx/CVE-2023-27043.json) (`2023-05-12T16:15:09.677`)
* [CVE-2023-30065](CVE-2023/CVE-2023-300xx/CVE-2023-30065.json) (`2023-05-12T17:44:41.157`)
* [CVE-2023-30092](CVE-2023/CVE-2023-300xx/CVE-2023-30092.json) (`2023-05-12T16:38:42.767`)
* [CVE-2023-30399](CVE-2023/CVE-2023-303xx/CVE-2023-30399.json) (`2023-05-12T17:38:01.150`)
* [CVE-2023-30551](CVE-2023/CVE-2023-305xx/CVE-2023-30551.json) (`2023-05-12T16:27:55.070`)
* [CVE-2023-30855](CVE-2023/CVE-2023-308xx/CVE-2023-30855.json) (`2023-05-12T16:51:53.013`)
* [CVE-2022-40504](CVE-2022/CVE-2022-405xx/CVE-2022-40504.json) (`2023-05-12T18:23:13.213`)
* [CVE-2023-0948](CVE-2023/CVE-2023-09xx/CVE-2023-0948.json) (`2023-05-12T18:39:44.400`)
* [CVE-2023-1094](CVE-2023/CVE-2023-10xx/CVE-2023-1094.json) (`2023-05-12T19:16:33.580`)
* [CVE-2023-1979](CVE-2023/CVE-2023-19xx/CVE-2023-1979.json) (`2023-05-12T18:44:46.457`)
* [CVE-2023-21666](CVE-2023/CVE-2023-216xx/CVE-2023-21666.json) (`2023-05-12T18:22:35.247`)
* [CVE-2023-22784](CVE-2023/CVE-2023-227xx/CVE-2023-22784.json) (`2023-05-12T18:34:16.503`)
* [CVE-2023-22785](CVE-2023/CVE-2023-227xx/CVE-2023-22785.json) (`2023-05-12T18:29:12.533`)
* [CVE-2023-22786](CVE-2023/CVE-2023-227xx/CVE-2023-22786.json) (`2023-05-12T18:25:20.053`)
* [CVE-2023-2573](CVE-2023/CVE-2023-25xx/CVE-2023-2573.json) (`2023-05-12T18:15:09.617`)
* [CVE-2023-2574](CVE-2023/CVE-2023-25xx/CVE-2023-2574.json) (`2023-05-12T18:15:09.703`)
* [CVE-2023-2575](CVE-2023/CVE-2023-25xx/CVE-2023-2575.json) (`2023-05-12T18:15:09.827`)
* [CVE-2023-27929](CVE-2023/CVE-2023-279xx/CVE-2023-27929.json) (`2023-05-12T18:52:07.350`)
* [CVE-2023-27931](CVE-2023/CVE-2023-279xx/CVE-2023-27931.json) (`2023-05-12T19:10:07.780`)
* [CVE-2023-27943](CVE-2023/CVE-2023-279xx/CVE-2023-27943.json) (`2023-05-12T19:05:15.243`)
* [CVE-2023-27953](CVE-2023/CVE-2023-279xx/CVE-2023-27953.json) (`2023-05-12T18:47:57.807`)
* [CVE-2023-27954](CVE-2023/CVE-2023-279xx/CVE-2023-27954.json) (`2023-05-12T18:55:06.177`)
* [CVE-2023-27955](CVE-2023/CVE-2023-279xx/CVE-2023-27955.json) (`2023-05-12T19:23:18.690`)
* [CVE-2023-27957](CVE-2023/CVE-2023-279xx/CVE-2023-27957.json) (`2023-05-12T19:15:24.030`)
* [CVE-2023-27959](CVE-2023/CVE-2023-279xx/CVE-2023-27959.json) (`2023-05-12T19:22:37.343`)
* [CVE-2023-27967](CVE-2023/CVE-2023-279xx/CVE-2023-27967.json) (`2023-05-12T19:46:50.930`)
* [CVE-2023-27968](CVE-2023/CVE-2023-279xx/CVE-2023-27968.json) (`2023-05-12T19:47:30.860`)
* [CVE-2023-29693](CVE-2023/CVE-2023-296xx/CVE-2023-29693.json) (`2023-05-12T19:39:08.083`)
* [CVE-2023-29696](CVE-2023/CVE-2023-296xx/CVE-2023-29696.json) (`2023-05-12T19:39:04.933`)
* [CVE-2023-30787](CVE-2023/CVE-2023-307xx/CVE-2023-30787.json) (`2023-05-12T19:57:42.243`)
* [CVE-2023-30788](CVE-2023/CVE-2023-307xx/CVE-2023-30788.json) (`2023-05-12T19:57:33.550`)
* [CVE-2023-30789](CVE-2023/CVE-2023-307xx/CVE-2023-30789.json) (`2023-05-12T19:57:22.307`)
* [CVE-2023-30790](CVE-2023/CVE-2023-307xx/CVE-2023-30790.json) (`2023-05-12T19:57:12.793`)
## Download and Usage