admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-03T14:00:27.564855+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-03 14:00:31 +00:00
parent 482d3e44f8
commit f836cec237
132 changed files with 4311 additions and 389 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2020/CVE-2020-208xx/CVE-2020-20808.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-20808",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T02:15:09.257",
"lastModified": "2023-08-03T02:15:09.257",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

75
CVE-2020/CVE-2020-226xx/CVE-2020-22623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-22623",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-27T20:15:09.790",
"lastModified": "2023-07-28T13:44:36.087",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:59:09.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,82 @@
"value": "La vulnerabilidad de salto de directorios en Jinfornet Jreport v15.6 permite a atacantes no autenticados obtener informaci\u00f3n confidencial. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insightsoftware:jreport:15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "14091AF1-5186-49FC-A69D-3CC5606F1313"
}
]
}
]
}
],
"references": [
{
"url": "http://jinfornet.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://jreport.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://medium.com/@nguyenhongphu/cve-2020-22623-jinfornet-jreport-unauthenticated-path-traversal-arbitrary-file-download-83224cef32c8",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

64
CVE-2020/CVE-2020-356xx/CVE-2020-35698.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-35698",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T20:15:12.643",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:50:52.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: Affected Source code of the website CMS which is been used by many to host their online courses using the Thinkific Platform. The attack vector is: To exploit the vulnerability any user has to just visit the link - https://hacktify.thinkific.com/account/billing?success=%E2%80%AA%3Cscript%3Ealert(1)%3C/script%3E. \u00b6\u00b6 Thinkific is a Website based Learning Platform Product which is used by thousands of users worldwide. There is a Cross Site Scripting (XSS) based vulnerability in the code of the CMS where any attacker can execute a XSS attack. Proof of Concept & Steps to Reproduce: Step1 : Go to Google.com Step 2 : Search for this Dork site:thinkific.com -www Step 3 : You will get a list of websites which are running on the thinkific domains. Step 4 : Create account and signin in any of the website Step 5 : Add this endpoint at the end of the domain and you will see that there is a XSS Alert /account/billing?success=%E2%80%AA<script>alert(1)</script> Step 6 : Choose any domains from google for any website this exploit will work on all the websites as it is a code based flaw in the CMS Step 7 : Thousands of websites are vulnerable due to this vulnerable code in the CMS itself which is giving rise to the XSS attack."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thinkific:thinkific:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C98A745-98F6-46B4-B8D7-4C674A2AB9C4"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@rohitgautam26/cve-2020-35698-a922189c42ef",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

82
CVE-2021/CVE-2021-365xx/CVE-2021-36580.json
View File

@ -2,27 +2,97 @@
"id": "CVE-2021-36580",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-27T18:15:09.893",
"lastModified": "2023-07-27T18:49:00.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:36:43.673",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icewarp:icewarp_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.0.1.2",
"matchCriteriaId": "5E58B7FE-833A-48D9-B9A3-0DB2FD5F039A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.0.1.2",
"matchCriteriaId": "6A0DEA97-0B80-4322-97DD-5E5430DC5617"
}
]
}
]
}
],
"references": [
{
"url": "http://icewarp.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://mail.ziyan.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://medium.com/@rohitgautam26/cve-2021-36580-69219798231c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

69
CVE-2022/CVE-2022-312xx/CVE-2022-31200.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-31200",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-27T19:15:09.887",
"lastModified": "2023-07-28T13:44:40.847",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:37:51.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Atmail v5.62 permite ataques de tipo Cross-Site Scripting (XSS) a trav\u00e9s del campo \"mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&amp;FirstLoad=1&amp;HelpFile=file.html Search Terms\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atmail:atmail:5.62:*:*:*:*:*:*:*",
"matchCriteriaId": "4C60A069-AA9E-401E-A513-387534FC44AE"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@rohitgautam26/cve-2022-31200-5117bac8d548",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://portswigger.net/blog/exploiting-xss-in-post-requests",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
}
]
}

69
CVE-2022/CVE-2022-314xx/CVE-2022-31458.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2022-31458",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T20:15:12.783",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:51:26.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rtx_trap_project:rtx_trap:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "433D77C4-8521-4B27-BA06-6B8FA4E14ED0"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@rohitgautam26/cve-2022-31458-49b7818e8ac9",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/host-header-attack/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

55
CVE-2022/CVE-2022-344xx/CVE-2022-34453.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-34453",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-03T13:15:09.490",
"lastModified": "2023-08-03T13:15:09.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000204809/dsa-2022-290-dell-xtremio-x2-security-advisory-for-xms-gui?lang=en",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2022/CVE-2022-40xx/CVE-2022-4046.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-4046",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T13:15:09.627",
"lastModified": "2023-08-03T13:15:09.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-025/",
"source": "info@cert.vde.com"
}
]
}

4
CVE-2023/CVE-2023-14xx/CVE-2023-1437.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1437",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-08-02T23:15:10.153",
"lastModified": "2023-08-02T23:15:10.153",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-19xx/CVE-2023-1935.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1935",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-08-02T23:15:10.293",
"lastModified": "2023-08-02T23:15:10.293",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-214xx/CVE-2023-21407.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21407",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-08-03T07:15:12.517",
"lastModified": "2023-08-03T07:15:12.517",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-214xx/CVE-2023-21408.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21408",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-08-03T07:15:12.717",
"lastModified": "2023-08-03T07:15:12.717",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-214xx/CVE-2023-21409.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21409",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-08-03T07:15:12.840",
"lastModified": "2023-08-03T07:15:12.840",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-214xx/CVE-2023-21410.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21410",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-08-03T07:15:12.927",
"lastModified": "2023-08-03T07:15:12.927",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-214xx/CVE-2023-21411.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21411",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-08-03T07:15:13.003",
"lastModified": "2023-08-03T07:15:13.003",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-214xx/CVE-2023-21412.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21412",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-08-03T07:15:13.097",
"lastModified": "2023-08-03T07:15:13.097",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-223xx/CVE-2023-22314.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-22314",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-03T13:15:09.737",
"lastModified": "2023-08-03T13:15:09.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-04",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-223xx/CVE-2023-22317.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-22317",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-03T13:15:09.797",
"lastModified": "2023-08-03T13:15:09.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92877622/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-04",
"source": "vultures@jpcert.or.jp"
}
]
}

63
CVE-2023/CVE-2023-238xx/CVE-2023-23842.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23842",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-07-26T15:15:10.167",
"lastModified": "2023-07-26T19:28:23.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:49:06.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -46,14 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:network_configuration_monitor:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3.0",
"matchCriteriaId": "C5453E8E-48E2-44AC-AB26-02538097C35B"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-3_release_notes.htm",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23842",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-269xx/CVE-2023-26979.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26979",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T02:15:09.433",
"lastModified": "2023-08-03T02:15:09.433",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-332xx/CVE-2023-33225.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33225",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-07-26T14:15:10.417",
"lastModified": "2023-07-26T19:28:23.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:55:07.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -46,14 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3.0",
"matchCriteriaId": "9722CBBC-46EC-4167-8E98-AEBB8ACF74D8"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33225",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-332xx/CVE-2023-33229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33229",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-07-26T15:15:10.257",
"lastModified": "2023-07-26T19:28:23.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:27:41.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -46,14 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3.0",
"matchCriteriaId": "9722CBBC-46EC-4167-8E98-AEBB8ACF74D8"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33229",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-333xx/CVE-2023-33368.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33368",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T01:15:10.950",
"lastModified": "2023-08-03T01:15:10.950",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-333xx/CVE-2023-33369.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33369",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T01:15:11.123",
"lastModified": "2023-08-03T01:15:11.123",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-333xx/CVE-2023-33370.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33370",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T01:15:11.187",
"lastModified": "2023-08-03T01:15:11.187",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-333xx/CVE-2023-33371.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33371",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T01:15:11.260",
"lastModified": "2023-08-03T01:15:11.260",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3329.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3329",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-08-02T23:15:10.547",
"lastModified": "2023-08-02T23:15:10.547",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3346.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3346",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-08-03T05:15:10.603",
"lastModified": "2023-08-03T05:15:10.603",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

57
CVE-2023/CVE-2023-340xx/CVE-2023-34093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34093",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-25T15:15:13.377",
"lastModified": "2023-07-25T17:22:14.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:45:58.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +66,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.8",
"matchCriteriaId": "BA7C9D2E-E4B5-4BA7-9174-51A805D34E39"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/strapi/strapi/commit/2fa8f30371bfd1db44c15e5747860ee5789096de",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/strapi/strapi/releases/tag/v4.10.8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-chmr-rg2f-9jmf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
}
]
}

4
CVE-2023/CVE-2023-341xx/CVE-2023-34196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34196",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T03:15:10.480",
"lastModified": "2023-08-03T03:15:10.480",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

75
CVE-2023/CVE-2023-35xx/CVE-2023-3548.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3548",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2023-07-25T14:15:11.123",
"lastModified": "2023-07-25T17:22:14.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:44:45.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "productsecurity@jci.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
},
{
"source": "productsecurity@jci.com",
"type": "Secondary",
@ -46,14 +76,51 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:iq_wifi_6_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.2",
"matchCriteriaId": "0C3EC23F-AA4E-473B-A5C5-037190DEE5DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:johnsoncontrols:iq_wifi_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92A28D29-1960-4635-9AC7-AEB8EA927319"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04",
"source": "productsecurity@jci.com"
"source": "productsecurity@jci.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"source": "productsecurity@jci.com"
"source": "productsecurity@jci.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-360xx/CVE-2023-36082.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36082",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T01:15:11.437",
"lastModified": "2023-08-03T01:15:11.437",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-362xx/CVE-2023-36212.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36212",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T02:15:09.503",
"lastModified": "2023-08-03T02:15:09.503",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-362xx/CVE-2023-36255.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36255",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T02:15:09.577",
"lastModified": "2023-08-03T02:15:09.577",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

70
CVE-2023/CVE-2023-369xx/CVE-2023-36941.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-36941",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-27T18:15:10.353",
"lastModified": "2023-07-27T18:49:00.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:37:15.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name, leader, and member fields."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_fire_reporting_system_project:online_fire_reporting_system:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "129E6833-7098-4099-98FA-62F46C882ED2"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@ridheshgohil1092/cve-2023-36941-xss-on-online-fire-reporting-system-v-1-2-df84d7ac3fd1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://packetstormsecurity.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

71
CVE-2023/CVE-2023-369xx/CVE-2023-36942.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2023-36942",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-27T20:15:10.027",
"lastModified": "2023-07-28T13:44:36.087",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:59:32.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_fire_reporting_system_project:online_fire_reporting_system:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "129E6833-7098-4099-98FA-62F46C882ED2"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@ridheshgohil1092/cve-2023-36942-xss-on-online-fire-reporting-system-v-1-2-19357e54978c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://packetstormsecurity.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

4
CVE-2023/CVE-2023-36xx/CVE-2023-3662.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3662",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T11:15:09.977",
"lastModified": "2023-08-03T11:15:09.977",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-36xx/CVE-2023-3663.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3663",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T11:15:10.077",
"lastModified": "2023-08-03T11:15:10.077",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-36xx/CVE-2023-3669.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3669",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:11.067",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-023",
"source": "info@cert.vde.com"
}
]
}

4
CVE-2023/CVE-2023-373xx/CVE-2023-37364.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37364",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T03:15:10.630",
"lastModified": "2023-08-03T03:15:10.630",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

58
CVE-2023/CVE-2023-374xx/CVE-2023-37460.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37460",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-25T20:15:13.703",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:52:09.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codehaus-plexus:plexus-archiver:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.0",
"matchCriteriaId": "9C596F2F-8933-41D5-A4C9-25F5EC82D26A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-375xx/CVE-2023-37545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37545",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T11:15:09.837",
"lastModified": "2023-08-03T11:15:09.837",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-375xx/CVE-2023-37546.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37546",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:09.790",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37547.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37547",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:09.910",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37548.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37548",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:09.997",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546,\u00a0CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37549.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37549",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.083",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546,\u00a0CVE-2023-37547, CVE-2023-37548 and CVE-2023-37550\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37550.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37550",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.170",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546,\u00a0CVE-2023-37547, CVE-2023-37548 and CVE-2023-37549.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37551.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37551",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.257",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019/",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37552.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37552",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.353",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553,\u00a0CVE-2023-37554,\u00a0CVE-2023-37555 and\u00a0CVE-2023-37556.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019/",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37553.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37553",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.443",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to\u00a0CVE-2023-37552,\u00a0CVE-2023-37554,\u00a0CVE-2023-37555 and\u00a0CVE-2023-37556.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019/",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37554.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37554",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.530",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to\u00a0CVE-2023-37552,\u00a0CVE-2023-37553, CVE-2023-37555 and\u00a0CVE-2023-37556.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019/",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37555.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37555",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.620",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to\u00a0CVE-2023-37552,\u00a0CVE-2023-37553,\u00a0CVE-2023-37554 and\u00a0CVE-2023-37556.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019/",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37556.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37556",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.707",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to\u00a0CVE-2023-37552,\u00a0CVE-2023-37553,\u00a0CVE-2023-37554 and CVE-2023-37555.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019/",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37557.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37557",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.797",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019/",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37558.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37558",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.890",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019/",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37559.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37559",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.977",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019/",
"source": "info@cert.vde.com"
}
]
}

8
CVE-2023/CVE-2023-376xx/CVE-2023-37679.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37679",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T03:15:10.697",
"lastModified": "2023-08-03T03:15:10.697",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) en NextGen Mirth Connect v4.3.0 permite a los atacantes ejecutar comandos arbitrarios en el servidor de alojamiento. "
}
],
"metrics": {},

78
CVE-2023/CVE-2023-378xx/CVE-2023-37895.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-37895",
"sourceIdentifier": "security@apache.org",
"published": "2023-07-25T15:15:13.587",
"lastModified": "2023-07-26T07:15:10.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:46:25.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component \"commons-beanutils\", which contains a class that can be used for remote code execution over RMI.\n\nUsers are advised to immediately update to versions 2.20.11 or 2.21.18. Note that earlier stable branches (1.0.x .. 2.18.x) have been EOLd already and do not receive updates anymore.\n\nIn general, RMI support can expose vulnerabilities by the mere presence of an exploitable class on the classpath. Even if Jackrabbit itself does not contain any code known to be exploitable anymore, adding other components to your server can expose the same type of problem. We therefore recommend to disable RMI access altogether (see further below), and will discuss deprecating RMI support in future Jackrabbit releases.\n\nHow to check whether RMI support is enabledRMI support can be over an RMI-specific TCP port, and over an HTTP binding. Both are by default enabled in Jackrabbit webapp/standalone.\n\nThe native RMI protocol by default uses port 1099. To check whether it is enabled, tools like \"netstat\" can be used to check.\n\nRMI-over-HTTP in Jackrabbit by default uses the path \"/rmi\". So when running standalone on port 8080, check whether an HTTP GET request on localhost:8080/rmi returns 404 (not enabled) or 200 (enabled). Note that the HTTP path may be different when the webapp is deployed in a container as non-root context, in which case the prefix is under the user's control.\n\nTurning off RMIFind web.xml (either in JAR/WAR file or in unpacked web application folder), and remove the declaration and the mapping definition for the RemoteBindingServlet:\n\n\u00a0 \u00a0 \u00a0 \u00a0 <servlet>\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <servlet-name>RMI</servlet-name>\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <servlet-class>org.apache.jackrabbit.servlet.remote.RemoteBindingServlet</servlet-class>\n\u00a0 \u00a0 \u00a0 \u00a0 </servlet>\n\n\u00a0 \u00a0 \u00a0 \u00a0 <servlet-mapping>\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <servlet-name>RMI</servlet-name>\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <url-pattern>/rmi</url-pattern>\n\u00a0 \u00a0 \u00a0 \u00a0 </servlet-mapping>\n\nFind the bootstrap.properties file (in $REPOSITORY_HOME), and set\n\n\u00a0 \u00a0 \u00a0 \u00a0 rmi.enabled=false\n\n\u00a0 \u00a0 and also remove\n\n\u00a0 \u00a0 \u00a0 \u00a0 rmi.host\n\u00a0 \u00a0 \u00a0 \u00a0 rmi.port\n\u00a0 \u00a0 \u00a0 \u00a0 rmi.url-pattern\n\n\u00a0If there is no file named bootstrap.properties in $REPOSITORY_HOME, it is located somewhere in the classpath. In this case, place a copy in $REPOSITORY_HOME and modify it as explained.\n\n\u00a0\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -23,22 +46,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:jackrabbit:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "2.20.11",
"matchCriteriaId": "69090D07-B142-4C49-83D7-DE36BB67E651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:jackrabbit:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.21.0",
"versionEndExcluding": "2.21.18",
"matchCriteriaId": "84FA947F-7360-4740-BDB5-046A8D67394D"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/43",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/8",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/list.html?users@jackrabbit.apache.org",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/j03b3qdhborc2jrhdc4d765d3jkh8bfw",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-379xx/CVE-2023-37900.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37900",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-27T16:15:10.157",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:34:40.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cncf:crossplane:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11.5",
"matchCriteriaId": "6B007480-33DA-4326-8E88-39738F8B235F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cncf:crossplane:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.12.0",
"versionEndExcluding": "1.12.3",
"matchCriteriaId": "C1BE3896-867C-491F-B2A2-7202EF97A35B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/crossplane/crossplane/blob/ac8b24fe739c5d942ea885157148497f196c3dd3/security/ADA-security-audit-23.pdf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/crossplane/crossplane/security/advisories/GHSA-68p4-95xf-7gx8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-379xx/CVE-2023-37977.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37977",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-27T15:15:11.207",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:52:57.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coderex:wpfunnels:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.7.17",
"matchCriteriaId": "E568BF8E-23ED-4DDF-98C2-A57775D37F6F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-2-7-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-379xx/CVE-2023-37979.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37979",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-27T15:15:11.507",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:26:00.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.6.26",
"matchCriteriaId": "CD598414-0E33-4984-84D8-92A633BAD957"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/articles/multiple-high-severity-vulnerabilities-in-ninja-forms-plugin?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-6-25-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-382xx/CVE-2023-38261.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-38261",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-27T01:15:35.170",
"lastModified": "2023-07-27T12:13:11.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:58:04.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.6",
"matchCriteriaId": "E97E4E09-CD8D-427A-82DA-EEFE5010F8F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.6",
"matchCriteriaId": "DB63BAC2-C756-428C-8BAC-BAD39FBE5EF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.5",
"matchCriteriaId": "7FB2CB0B-A635-4057-98B8-AF71F9CB0171"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes"
]
}
]
}

82
CVE-2023/CVE-2023-384xx/CVE-2023-38424.json
View File

@ -2,23 +2,95 @@
"id": "CVE-2023-38424",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-27T01:15:36.070",
"lastModified": "2023-07-27T12:13:11.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:57:36.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.6",
"matchCriteriaId": "F362BEC4-90C7-4305-BFF9-645FE6C52DFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.6",
"matchCriteriaId": "DB63BAC2-C756-428C-8BAC-BAD39FBE5EF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.5",
"matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-384xx/CVE-2023-38425.json
View File

@ -2,23 +2,95 @@
"id": "CVE-2023-38425",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-27T01:15:36.347",
"lastModified": "2023-07-27T12:13:11.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:52:43.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.6",
"matchCriteriaId": "F362BEC4-90C7-4305-BFF9-645FE6C52DFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.6",
"matchCriteriaId": "DB63BAC2-C756-428C-8BAC-BAD39FBE5EF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.5",
"matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

119
CVE-2023/CVE-2023-384xx/CVE-2023-38488.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38488",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-27T15:15:11.840",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:27:45.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,34 +76,103 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5.0",
"versionEndExcluding": "3.5.8.3",
"matchCriteriaId": "E4FCE332-95EB-4BAC-B5CF-D7D24DA38476"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndExcluding": "3.6.6.3",
"matchCriteriaId": "7AE383B6-2730-4760-B58C-F08D60C4C91B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.0",
"versionEndExcluding": "3.7.5.2",
"matchCriteriaId": "CF9A36C4-9169-48F3-B43A-F7CB3825A020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "3.8.4.1",
"matchCriteriaId": "C33BAD98-F500-4CE4-80A0-745A13DE9785"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.6",
"matchCriteriaId": "AC260646-C9E1-40A0-BB77-36A3E05FC76F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/getkirby/kirby/commit/a1e0f81c799ddae1af91cf37216f8ded9cb93540",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.5.8.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.6.6.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.7.5.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.8.4.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-x5mr-p6v4-wp93",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

107
CVE-2023/CVE-2023-384xx/CVE-2023-38489.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38489",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-27T15:15:12.220",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:28:32.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,34 +66,103 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5.0",
"versionEndExcluding": "3.5.8.3",
"matchCriteriaId": "E4FCE332-95EB-4BAC-B5CF-D7D24DA38476"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndExcluding": "3.6.6.3",
"matchCriteriaId": "7AE383B6-2730-4760-B58C-F08D60C4C91B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.0",
"versionEndExcluding": "3.7.5.2",
"matchCriteriaId": "CF9A36C4-9169-48F3-B43A-F7CB3825A020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "3.8.4.1",
"matchCriteriaId": "C33BAD98-F500-4CE4-80A0-745A13DE9785"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.6",
"matchCriteriaId": "AC260646-C9E1-40A0-BB77-36A3E05FC76F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/getkirby/kirby/commit/7a0a2014c69fdb925ea02f30e7793bb50115e931",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.5.8.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.6.6.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.7.5.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.8.4.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-5mvj-rvp8-rf45",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

107
CVE-2023/CVE-2023-384xx/CVE-2023-38490.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38490",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-27T15:15:12.317",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:31:26.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.8
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,34 +70,103 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5.0",
"versionEndExcluding": "3.5.8.3",
"matchCriteriaId": "E4FCE332-95EB-4BAC-B5CF-D7D24DA38476"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndExcluding": "3.6.6.3",
"matchCriteriaId": "7AE383B6-2730-4760-B58C-F08D60C4C91B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.0",
"versionEndExcluding": "3.7.5.2",
"matchCriteriaId": "CF9A36C4-9169-48F3-B43A-F7CB3825A020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "3.8.4.1",
"matchCriteriaId": "C33BAD98-F500-4CE4-80A0-745A13DE9785"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.6",
"matchCriteriaId": "AC260646-C9E1-40A0-BB77-36A3E05FC76F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/getkirby/kirby/commit/277b05662d2b67386f0a0f18323cf68b30e86387",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.5.8.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.6.6.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.7.5.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.8.4.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-q386-w6fg-gmgp",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

107
CVE-2023/CVE-2023-384xx/CVE-2023-38491.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38491",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-27T16:15:10.810",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:35:20.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,34 +66,103 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5.0",
"versionEndExcluding": "3.5.8.3",
"matchCriteriaId": "E4FCE332-95EB-4BAC-B5CF-D7D24DA38476"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndExcluding": "3.6.6.3",
"matchCriteriaId": "7AE383B6-2730-4760-B58C-F08D60C4C91B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.0",
"versionEndExcluding": "3.7.5.2",
"matchCriteriaId": "CF9A36C4-9169-48F3-B43A-F7CB3825A020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "3.8.4.1",
"matchCriteriaId": "C33BAD98-F500-4CE4-80A0-745A13DE9785"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.6",
"matchCriteriaId": "AC260646-C9E1-40A0-BB77-36A3E05FC76F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/getkirby/kirby/commit/2f06ba1c026bc91cb0702bc16b7d505642536d15",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.5.8.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.6.6.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.7.5.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.8.4.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-8fv7-wq38-f5c9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

118
CVE-2023/CVE-2023-384xx/CVE-2023-38492.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38492",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-27T16:15:11.047",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:35:57.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,36 +64,114 @@
"value": "CWE-770"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5.0",
"versionEndExcluding": "3.5.8.3",
"matchCriteriaId": "E4FCE332-95EB-4BAC-B5CF-D7D24DA38476"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndExcluding": "3.6.6.3",
"matchCriteriaId": "7AE383B6-2730-4760-B58C-F08D60C4C91B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.0",
"versionEndExcluding": "3.7.5.2",
"matchCriteriaId": "CF9A36C4-9169-48F3-B43A-F7CB3825A020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "3.8.4.1",
"matchCriteriaId": "C33BAD98-F500-4CE4-80A0-745A13DE9785"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.6",
"matchCriteriaId": "AC260646-C9E1-40A0-BB77-36A3E05FC76F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/getkirby/kirby/commit/0e10ce3b0c2b88656564b8ff518ddc99136ac43e",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.5.8.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.6.6.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.7.5.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.8.4.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-3v6j-v3qc-cxff",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-384xx/CVE-2023-38495.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38495",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-27T19:15:10.010",
"lastModified": "2023-07-28T13:44:40.847",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:39:31.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cncf:crossplane:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11.5",
"matchCriteriaId": "6B007480-33DA-4326-8E88-39738F8B235F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cncf:crossplane:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.12.0",
"versionEndExcluding": "1.12.3",
"matchCriteriaId": "C1BE3896-867C-491F-B2A2-7202EF97A35B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/crossplane/crossplane/blob/ac8b24fe739c5d942ea885157148497f196c3dd3/security/ADA-security-audit-23.pdf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Technical Description",
"Vendor Advisory"
]
},
{
"url": "https://github.com/crossplane/crossplane/security/advisories/GHSA-pj4x-2xr5-w87m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-385xx/CVE-2023-38504.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38504",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-27T19:15:10.117",
"lastModified": "2023-07-28T13:44:40.847",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:40:02.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,22 +76,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailsjs:sails:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "1.5.7",
"matchCriteriaId": "8EACF3BE-7857-4A73-810E-1D33AC992451"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/balderdashy/sails/commit/4a023dc5095a4b30fdc8535f705ed34cd22d2f7d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/balderdashy/sails/pull/7287",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/balderdashy/sails/releases/tag/v1.5.7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/balderdashy/sails/security/advisories/GHSA-gpw9-fwm8-7rx7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-385xx/CVE-2023-38505.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38505",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-27T19:15:10.217",
"lastModified": "2023-07-28T13:44:40.847",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:40:43.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,22 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dietpi-dashboard_project:dietpi-dashboard:0.6.1:*:*:*:*:rust:*:*",
"matchCriteriaId": "0E995A4E-8371-42BC-9B9C-9ED2DA01F3FA"
}
]
}
]
}
],
"references": [
{
"url": "https://asciinema.org/a/8nRKbdf7AkPLmP3QxFZUSmPwp?t=7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/ravenclaw900/DietPi-Dashboard/commit/79cd78615d28f577454415e4baafe4dcd9d09666",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ravenclaw900/DietPi-Dashboard/pull/606",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/ravenclaw900/DietPi-Dashboard/security/advisories/GHSA-3jr4-9rxf-fr44",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-385xx/CVE-2023-38510.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38510",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-27T19:15:10.313",
"lastModified": "2023-07-28T13:44:40.847",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:41:26.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +66,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tolgee:tolgee:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.14.0",
"versionEndExcluding": "3.23.1",
"matchCriteriaId": "05F74C12-32DB-4BE7-A1A3-DD3BB8BE55D0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/tolgee/tolgee-platform/commit/4776cba67e7bb8c1b0259376e3e5fa3bb46e45c7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/tolgee/tolgee-platform/pull/1818",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/tolgee/tolgee-platform/releases/tag/v3.23.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-4f9j-4vh4-p85v",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

93
CVE-2023/CVE-2023-385xx/CVE-2023-38580.json
View File

@ -2,27 +2,108 @@
"id": "CVE-2023-38580",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-27T01:15:37.127",
"lastModified": "2023-07-27T12:13:11.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:56:23.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.6",
"matchCriteriaId": "F362BEC4-90C7-4305-BFF9-645FE6C52DFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.6",
"matchCriteriaId": "DB63BAC2-C756-428C-8BAC-BAD39FBE5EF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.5",
"matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.6",
"matchCriteriaId": "90DFD981-D950-40B0-A699-4878B653A20D"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213843",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213848",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-387xx/CVE-2023-38744.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38744",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-03T05:15:10.417",
"lastModified": "2023-08-03T05:15:10.417",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

89
CVE-2023/CVE-2023-387xx/CVE-2023-38745.json
View File

@ -2,27 +2,104 @@
"id": "CVE-2023-38745",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T04:15:10.633",
"lastModified": "2023-07-25T21:15:11.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:43:26.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pandoc:pandoc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.6",
"matchCriteriaId": "537937D6-5E62-46CE-8C76-AD59C32F0A24"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/jgm/pandoc/compare/3.1.5...3.1.6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00029.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
}
]
}

4
CVE-2023/CVE-2023-387xx/CVE-2023-38746.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38746",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-03T05:15:10.527",
"lastModified": "2023-08-03T05:15:10.527",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-387xx/CVE-2023-38747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38747",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-03T06:15:10.183",
"lastModified": "2023-08-03T06:15:10.183",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-387xx/CVE-2023-38748.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38748",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-03T06:15:10.477",
"lastModified": "2023-08-03T06:15:10.477",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-389xx/CVE-2023-38954.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38954",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T02:15:09.650",
"lastModified": "2023-08-03T02:15:09.650",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability."
},
{
"lang": "es",
"value": "Se ha descubierto que ZKTeco BioAccess IVS v3.3.1 contiene una vulnerabilidad de inyecci\u00f3n SQL. "
}
],
"metrics": {},

8
CVE-2023/CVE-2023-389xx/CVE-2023-38955.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38955",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T02:15:09.713",
"lastModified": "2023-08-03T02:15:09.713",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names."
},
{
"lang": "es",
"value": "ZKTeco BioAccess IVS v3.3.1 permite a los atacantes no autenticados obtener informaci\u00f3n sensible sobre todos los dispositivos gestionados, incluyendo sus direcciones IP y nombres de dispositivos. "
}
],
"metrics": {},

8
CVE-2023/CVE-2023-389xx/CVE-2023-38956.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38956",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T02:15:09.763",
"lastModified": "2023-08-03T02:15:09.763",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de ruta en ZKTeco BioAccess IVS v3.3.1 permite a atacantes no autenticados leer archivos arbitrarios mediante el suministro de un payload manipulado. "
}
],
"metrics": {},

8
CVE-2023/CVE-2023-389xx/CVE-2023-38958.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38958",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T02:15:09.823",
"lastModified": "2023-08-03T02:15:09.823",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request."
},
{
"lang": "es",
"value": "Un problema de control de acceso en ZKTeco BioAccess IVS v3.3.1 permite a atacantes no autenticados cerrar y abrir de forma arbitraria las puertas gestionadas por la plataforma de forma remota mediante el env\u00edo de una solicitud web manipulada."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-391xx/CVE-2023-39113.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39113",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-02T23:15:10.413",
"lastModified": "2023-08-02T23:15:10.413",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-391xx/CVE-2023-39114.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39114",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-02T23:15:10.483",
"lastModified": "2023-08-02T23:15:10.483",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
CVE-2023/CVE-2023-391xx/CVE-2023-39128.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-39128",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T19:15:11.740",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:48:41.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:gdb:13.0.50.20220805-git:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA8637C-7AB1-444C-89BB-DC9E196701A5"
}
]
}
]
}
],
"references": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=30639",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-391xx/CVE-2023-39129.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-39129",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T19:15:11.800",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:49:53.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:gdb:13.0.50.20220805-git:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA8637C-7AB1-444C-89BB-DC9E196701A5"
}
]
}
]
}
],
"references": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=30640",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-391xx/CVE-2023-39130.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-39130",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T19:15:11.857",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:50:26.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:gdb:13.0.50.20220805-git:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA8637C-7AB1-444C-89BB-DC9E196701A5"
}
]
}
]
}
],
"references": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=30641",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-391xx/CVE-2023-39144.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39144",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T03:15:10.767",
"lastModified": "2023-08-03T03:15:10.767",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

86
CVE-2023/CVE-2023-391xx/CVE-2023-39151.json
View File

@ -2,23 +2,99 @@
"id": "CVE-2023-39151",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-26T14:15:10.493",
"lastModified": "2023-07-26T19:28:23.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T12:56:36.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
"versionEndIncluding": "2.415",
"matchCriteriaId": "A8BC6D2C-F733-42C4-AF7A-F1C2BF0009CC"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"versionEndIncluding": "2.401.2",
"matchCriteriaId": "3F278AFE-DACB-4D21-87F5-E5CDA324E05C"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/26/2",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-39xx/CVE-2023-3932.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3932",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-08-03T05:15:10.723",
"lastModified": "2023-08-03T05:15:10.723",
"vulnStatus": "Received",
"lastModified": "2023-08-03T12:40:03.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

54
CVE-2023/CVE-2023-39xx/CVE-2023-3973.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3973",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-07-27T15:15:12.540",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:31:43.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "21.6.3",
"matchCriteriaId": "93F7953A-7719-4608-B4C4-B406E17FACC5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jgraph/drawio/commit/1db2c2c653aa245d175d30c210239e3946bfcb95",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/4c1c5db5-210f-4d7e-8380-b95f88fdb78d",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
]
}
]
}

54
CVE-2023/CVE-2023-39xx/CVE-2023-3974.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3974",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-07-27T15:15:12.633",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:31:54.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "21.4.0",
"matchCriteriaId": "079EC8B6-2EAB-4A60-9628-352FD66466EF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jgraph/drawio/commit/9d6532de36496e77d872d91b1947bb696607d623",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/ce75aa04-e4d6-4e0a-9db0-ae84c46ae9e2",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
]
}
]
}

57
CVE-2023/CVE-2023-39xx/CVE-2023-3975.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3975",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-07-27T15:15:12.717",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:33:17.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "21.5.0",
"matchCriteriaId": "63335E8E-F1E5-42A8-9F94-F20D367021DE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jgraph/drawio/commit/8ec95cb03e0a80cf908a282522ac1651306db340",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/4da96d20-78ac-462e-910c-a14db9062161",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Permissions Required",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-39xx/CVE-2023-3980.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3980",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-07-27T19:15:10.427",
"lastModified": "2023-07-28T13:44:40.847",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:41:37.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:omeka:omeka:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.2",
"matchCriteriaId": "AFD2141E-7543-4384-8AD9-9279732AB5EF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/omeka/omeka-s/commit/c6833c0531a07bd914e9f85a61bbbc16e9b4c8df",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/6eb3cb9a-5c78-451f-ae76-0b1e62fe5e54",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-39xx/CVE-2023-3981.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3981",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-07-27T19:15:10.523",
"lastModified": "2023-07-28T13:44:40.847",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:41:58.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -36,7 +58,7 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +66,52 @@
"value": "CWE-918"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:omeka:omeka:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.2",
"matchCriteriaId": "AFD2141E-7543-4384-8AD9-9279732AB5EF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/omeka/omeka-s/commit/dc01ca1b03e845db8a6a6b665d8da36c8dcd2c31",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/f5018226-0063-415d-9675-d7e30934ff78",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-39xx/CVE-2023-3982.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3982",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-07-27T19:15:10.610",
"lastModified": "2023-07-28T13:44:40.847",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:42:11.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:omeka:omeka:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.2",
"matchCriteriaId": "AFD2141E-7543-4384-8AD9-9279732AB5EF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/omeka/omeka-s/commit/27ff6575c88d970ce95e1d4096553a927e2003b9",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/e5e889ee-5947-4c2a-a72e-9c90e2e2a845",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-39xx/CVE-2023-3985.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3985",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-28T05:15:11.307",
"lastModified": "2023-07-28T13:44:31.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:57:59.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_jewelry_store_project:online_jewelry_store:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F1D024-AE7D-4478-959A-38DA73870B6C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MaxLiu98/Jewelry-Store-System/blob/main/Jewelry%20Store%20System%20login.php%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.235606",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.235606",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

62
CVE-2023/CVE-2023-39xx/CVE-2023-3986.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3986",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-28T05:15:11.407",
"lastModified": "2023-07-28T13:44:31.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:57:31.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple_online_mens_salon_management_system_project:simple_online_mens_salon_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EBC1CDE-F0D2-4741-A104-EC8A2E572D0C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/draco1725/POC/blob/main/Exploit/Simple%20Online%20Men's%20Salon%20Management%20System/Stored%20XSS",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.235607",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.235607",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

62
CVE-2023/CVE-2023-39xx/CVE-2023-3987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3987",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-28T06:15:11.113",
"lastModified": "2023-07-28T13:44:31.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-03T13:57:07.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple_online_mens_salon_management_system_project:simple_online_mens_salon_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EBC1CDE-F0D2-4741-A104-EC8A2E572D0C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/draco1725/POC/blob/main/Exploit/Simple%20Online%20Men's%20Salon%20Management%20System/SQL%20Injection",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.235608",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.235608",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More