admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-26T16:00:26.141869+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-05-26 16:00:29 +00:00
parent 02c71a6a33
commit f8c041144c
46 changed files with 14693 additions and 299 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

157
CVE-2014/CVE-2014-71xx/CVE-2014-7182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-7182",
"sourceIdentifier": "cve@mitre.org",
"published": "2014-10-22T14:55:06.700",
"lastModified": "2018-10-09T19:52:18.070",
"vulnStatus": "Modified",
"lastModified": "2023-05-26T15:00:51.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -62,139 +62,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.0.26",
"matchCriteriaId": "906D6DBF-97B5-4C32-9E03-6E05E2A16774"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "ACA65339-1FD1-4E83-9862-7746192825A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.01:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AC108D6B-57CB-4BC5-BCD4-C711933CFAA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.02:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6C00FFE6-C1CE-4FDD-8223-F4F882CE235B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.03:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6C1E50A1-8C7A-4D49-995F-12476651F2E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.04:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4178EDFF-0664-40F2-A534-E11BF1B843CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.05:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E2292688-F26D-4B9D-9821-1D6B531058CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.06:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A440A996-9C33-45A1-B96C-4CAB5141000F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.07:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A220F437-6C5E-45AC-B127-DF36479C91F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.08:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0C1496A2-3311-4D3B-A501-A83C044917B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.09:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D5C00268-4D24-4607-B99C-AE00E3860811"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.10:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B01446D2-FCCA-4E6C-ACFA-B2BF531B0DF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.11:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2C7A6E5C-01D8-4C7B-87A9-8E120B9BEAFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.12:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "22E6BEBB-8013-445E-A61D-CCBE37045B8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.13:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E1493572-7D6C-4D87-BE2A-0460260754DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.14:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "ACB5D1A3-FB44-4934-91E5-656B2BC4D229"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.15:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0C271C08-C9C7-414F-89D6-B0B4CAF61F4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.16:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "18814FE5-F1A9-4A4D-8557-6C09AC238979"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.17:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "421A38BA-EB3C-40E0-8458-FD1AF0CB9997"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.18:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C0C9FCD8-5F66-4E0B-BDAB-56F4663F1C22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.19:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6501B9DF-49C6-4499-AE85-5C8BA57343D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.20:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D99FAC3B-C59E-4B38-ABE8-02438FB6E7FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.21:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1E3632BB-4E9D-43C2-8CB0-D6D780E1B419"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.22:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "06F3B715-46FD-4572-AD14-89C1A65751D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.23:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1703645A-E4A7-4157-BD1A-3751DCA888BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.24:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "995E5546-F734-4107-8D6F-7A0D222533C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wordpress_google_maps_plugin:6.0.25:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "716F2824-1141-4597-89F4-0A50E6120203"
"matchCriteriaId": "315E4478-C9DE-41A5-8E99-DD0A66E5240A"
}
]
}
@ -206,22 +76,33 @@
"url": "http://packetstormsecurity.com/files/128694/WordPress-WP-Google-Maps-6.0.26-Cross-Site-Scripting.html",
"source": "cve@mitre.org",
"tags": [
"Exploit"
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/archive/1/533699/100/0/threaded",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/70597",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://wordpress.org/plugins/wp-google-maps/changelog",
"source": "cve@mitre.org",
"tags": [
"Patch"
"Product",
"Release Notes"
]
},
{

21
CVE-2018/CVE-2018-05xx/CVE-2018-0577.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-0577",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2018-05-14T13:29:00.960",
"lastModified": "2019-11-20T22:15:10.840",
"vulnStatus": "Modified",
"lastModified": "2023-05-26T15:04:42.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google_map_project:google_map:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:flippercode:wp_google_map:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.0.4",
"matchCriteriaId": "C6B799D1-A440-4668-A4EE-D449727510DA"
"matchCriteriaId": "82B2D646-05BE-45A8-83A7-26CF0D6363DD"
}
]
}
@ -106,12 +106,15 @@
"url": "https://wordpress.org/plugins/wp-google-map-plugin/#developers",
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
"Release Notes"
]
},
{
"url": "https://wpvulndb.com/vulnerabilities/9610",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2019/CVE-2019-147xx/CVE-2019-14786.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-14786",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-08-15T16:15:12.133",
"lastModified": "2022-04-18T16:10:36.377",
"lastModified": "2023-05-26T15:03:19.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "1.0.27.1",
"matchCriteriaId": "07D1CD79-64D0-4970-A7F2-E8EDD662B583"
"matchCriteriaId": "C05C69ED-4A50-4B6A-81FF-3DB724B07945"
}
]
}
@ -98,8 +98,7 @@
"url": "https://rankmath.com/changelog/",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
"Release Notes"
]
},
{

13
CVE-2019/CVE-2019-99xx/CVE-2019-9912.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-9912",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-03-22T00:29:00.487",
"lastModified": "2019-03-22T20:32:07.483",
"lastModified": "2023-05-26T15:00:00.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wp_google_maps:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.10.43",
"matchCriteriaId": "321CFE26-859D-4C85-9779-BD1287004DBA"
"matchCriteriaId": "E6AE9886-F76A-4703-89F8-DC6939F1FD42"
}
]
}
@ -98,6 +98,7 @@
"url": "http://seclists.org/fulldisclosure/2019/Mar/41",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},

8
CVE-2020/CVE-2020-115xx/CVE-2020-11514.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-11514",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-04-07T17:15:13.573",
"lastModified": "2023-05-23T14:57:32.420",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-05-26T15:02:54.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"versionEndIncluding": "1.0.40.2",
"matchCriteriaId": "085DE307-EE37-47C5-BF61-874C59C8344A"
"matchCriteriaId": "B463F6E0-05EF-49E7-A858-141879F9E752"
}
]
}

8
CVE-2020/CVE-2020-115xx/CVE-2020-11515.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-11515",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-04-07T17:15:13.617",
"lastModified": "2023-05-23T14:57:32.420",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-05-26T15:02:48.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"versionEndIncluding": "1.0.40.2",
"matchCriteriaId": "085DE307-EE37-47C5-BF61-874C59C8344A"
"matchCriteriaId": "B463F6E0-05EF-49E7-A858-141879F9E752"
}
]
}

6
CVE-2021/CVE-2021-246xx/CVE-2021-24686.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-24686",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-02-01T13:15:08.167",
"lastModified": "2022-02-04T17:30:35.763",
"lastModified": "2023-05-26T15:02:00.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:svg_support_project:svg_support:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:benbodhi:svg_support:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.3.20",
"matchCriteriaId": "1D485E36-A604-4BB9-B6B7-303CA1253196"
"matchCriteriaId": "5E28F0E4-061D-488D-ACBE-9A3248AB50B2"
}
]
}

6
CVE-2021/CVE-2021-368xx/CVE-2021-36870.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-36870",
"sourceIdentifier": "audit@patchstack.com",
"published": "2021-09-09T12:15:09.070",
"lastModified": "2021-09-17T19:51:00.787",
"lastModified": "2023-05-26T14:59:38.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -114,9 +114,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codecabin:wp_google_maps:*:*:*:*:free:wordpress:*:*",
"criteria": "cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "8.1.12",
"matchCriteriaId": "8DBF1B8E-4188-47BC-B4D8-8F7E4DFF8065"
"matchCriteriaId": "60CDACA5-AB26-4147-95D4-25C57E5743F9"
}
]
}

8
CVE-2022/CVE-2022-17xx/CVE-2022-1755.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-1755",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-09-26T13:15:10.253",
"lastModified": "2022-09-28T14:24:56.107",
"lastModified": "2023-05-26T15:01:55.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,9 +59,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:svg_support_wordpress:svg_support:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5",
"matchCriteriaId": "3EBB6C27-9C23-4D59-A7A9-2F44013A76C6"
"criteria": "cpe:2.3:a:benbodhi:svg_support:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5.0",
"matchCriteriaId": "B265179C-63CD-4823-971D-C42DDC34C87F"
}
]
}

8
CVE-2022/CVE-2022-363xx/CVE-2022-36376.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36376",
"sourceIdentifier": "audit@patchstack.com",
"published": "2022-09-09T15:15:10.627",
"lastModified": "2023-05-23T14:57:32.420",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-05-26T15:02:41.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -79,9 +79,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"versionEndIncluding": "1.0.95",
"matchCriteriaId": "5CF0B4ED-4E62-4E72-B17F-EFDD3919645B"
"matchCriteriaId": "C19042FE-9B5F-49EE-8565-1FA83D8ABB8B"
}
]
}

63
CVE-2022/CVE-2022-393xx/CVE-2022-39335.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2022-39335",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T14:15:09.600",
"lastModified": "2023-05-26T15:56:52.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/matrix-org/synapse/issues/13288",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/matrix-org/synapse/pull/13823",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2022/CVE-2022-393xx/CVE-2022-39374.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-39374",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T14:15:10.257",
"lastModified": "2023-05-26T15:56:52.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0\n\n"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/matrix-org/synapse/pull/13723",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7",
"source": "security-advisories@github.com"
}
]
}

47
CVE-2022/CVE-2022-450xx/CVE-2022-45079.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45079",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-22T10:15:11.203",
"lastModified": "2023-05-22T10:56:50.933",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T14:02:48.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:loginizer:loginizer:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.7.6",
"matchCriteriaId": "3E34699F-0893-43FF-9114-82A3B2F190A9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/loginizer/wordpress-loginizer-plugin-1-7-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2022/CVE-2022-469xx/CVE-2022-46945.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2022-46945",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-26T15:15:09.393",
"lastModified": "2023-05-26T15:56:52.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.3
}
]
},
"references": [
{
"url": "https://github.com/NagVis/nagvis/commit/71aba7f46f79d846e1df037f165d206a2cd1d22a",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/NagVis/nagvis/compare/nagvis-1.9.33...nagvis-1.9.34",
"source": "cve@mitre.org"
}
]
}

75
CVE-2022/CVE-2022-479xx/CVE-2022-47984.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47984",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-19T16:15:10.800",
"lastModified": "2023-05-19T17:53:19.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T15:07:03.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +66,61 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CED2F00-89E3-4BA9-A8FB-D43B308A59A8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/243163",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://https://www.ibm.com/support/pages/node/6988153",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

6226
CVE-2023/CVE-2023-200xx/CVE-2023-20024.json
View File

File diff suppressed because it is too large Load Diff

64
CVE-2023/CVE-2023-200xx/CVE-2023-20077.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20077",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-05-18T03:15:09.667",
"lastModified": "2023-05-18T12:53:07.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T14:22:30.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -46,10 +78,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "72931948-1504-4AD0-9924-97450F138643"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "36722B6C-64A5-4D00-94E1-442878C37A35"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-dwnld-Srcdnkd2",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-200xx/CVE-2023-20087.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20087",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-05-18T03:15:09.750",
"lastModified": "2023-05-18T12:53:07.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T14:28:53.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -46,10 +78,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "72931948-1504-4AD0-9924-97450F138643"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "36722B6C-64A5-4D00-94E1-442878C37A35"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-dwnld-Srcdnkd2",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-201xx/CVE-2023-20166.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20166",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-05-18T03:15:10.617",
"lastModified": "2023-05-18T12:53:07.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T14:42:33.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -46,10 +78,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "36722B6C-64A5-4D00-94E1-442878C37A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "7EEEA06A-AD58-48D3-8975-B21A961985B3"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

99
CVE-2023/CVE-2023-201xx/CVE-2023-20167.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20167",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-05-18T03:15:10.690",
"lastModified": "2023-05-18T12:53:07.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T14:45:40.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -46,10 +78,71 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1",
"matchCriteriaId": "742B3761-9FD6-4E67-BDDD-D4DD2C3111D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "C4DB9726-532F-45CE-81FD-45F2F6C7CE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "2E8F0066-0EC0-41FD-80BE-55C4ED5F6B0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "5D1765DB-1BEF-4CE9-8B86-B91F709600EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*",
"matchCriteriaId": "3D1E80EF-C3FD-4F7A-B63D-0EAA5C878B11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*",
"matchCriteriaId": "095F27EC-5713-4D4F-AD06-57D3DF068B90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch6:*:*:*:*:*:*",
"matchCriteriaId": "FEA5210C-E674-4C4B-9EB3-C681C70005B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "36722B6C-64A5-4D00-94E1-442878C37A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "7EEEA06A-AD58-48D3-8975-B21A961985B3"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-201xx/CVE-2023-20171.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20171",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-05-18T03:15:10.763",
"lastModified": "2023-05-18T12:53:07.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T14:54:31.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -46,10 +78,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "C4DB9726-532F-45CE-81FD-45F2F6C7CE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "2E8F0066-0EC0-41FD-80BE-55C4ED5F6B0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "5D1765DB-1BEF-4CE9-8B86-B91F709600EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*",
"matchCriteriaId": "3D1E80EF-C3FD-4F7A-B63D-0EAA5C878B11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*",
"matchCriteriaId": "095F27EC-5713-4D4F-AD06-57D3DF068B90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "36722B6C-64A5-4D00-94E1-442878C37A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "7EEEA06A-AD58-48D3-8975-B21A961985B3"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-delete-read-PK5ghDDd",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-201xx/CVE-2023-20172.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20172",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-05-18T03:15:10.830",
"lastModified": "2023-05-18T12:53:07.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T15:25:24.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -46,10 +78,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "C4DB9726-532F-45CE-81FD-45F2F6C7CE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "2E8F0066-0EC0-41FD-80BE-55C4ED5F6B0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "5D1765DB-1BEF-4CE9-8B86-B91F709600EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*",
"matchCriteriaId": "3D1E80EF-C3FD-4F7A-B63D-0EAA5C878B11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*",
"matchCriteriaId": "095F27EC-5713-4D4F-AD06-57D3DF068B90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "36722B6C-64A5-4D00-94E1-442878C37A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "7EEEA06A-AD58-48D3-8975-B21A961985B3"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-delete-read-PK5ghDDd",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

139
CVE-2023/CVE-2023-201xx/CVE-2023-20173.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20173",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-05-18T03:15:10.893",
"lastModified": "2023-05-18T12:53:07.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T15:40:03.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -46,10 +78,111 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0",
"matchCriteriaId": "87A71033-EC44-4646-988E-DF1143C12682"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A1063044-BCD7-487F-9880-141C30547E36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DA42E65A-7207-48B8-BE1B-0B352201BC09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "75DDAF38-4D5F-4EE4-A428-68D28FC0DA96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "C5FB6AA6-F8C9-48A6-BDDA-1D25C43564EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "2B3A267A-5FEA-426D-903E-BD3F4F94A1A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "B1B3207B-1B9C-41AA-8EF6-8478458462E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "C5B9E7F3-B0F2-4A6A-B939-A62E9B12CCEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch7:*:*:*:*:*:*",
"matchCriteriaId": "EF4C5A58-D0AE-48D6-9757-18C1D5BE5070"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "C4DB9726-532F-45CE-81FD-45F2F6C7CE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "2E8F0066-0EC0-41FD-80BE-55C4ED5F6B0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "5D1765DB-1BEF-4CE9-8B86-B91F709600EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*",
"matchCriteriaId": "3D1E80EF-C3FD-4F7A-B63D-0EAA5C878B11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*",
"matchCriteriaId": "095F27EC-5713-4D4F-AD06-57D3DF068B90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch6:*:*:*:*:*:*",
"matchCriteriaId": "FEA5210C-E674-4C4B-9EB3-C681C70005B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "36722B6C-64A5-4D00-94E1-442878C37A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "7EEEA06A-AD58-48D3-8975-B21A961985B3"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-inj-696OZTCm",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

139
CVE-2023/CVE-2023-201xx/CVE-2023-20174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20174",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-05-18T03:15:10.957",
"lastModified": "2023-05-18T12:53:07.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T15:44:56.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -46,10 +78,111 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0",
"matchCriteriaId": "87A71033-EC44-4646-988E-DF1143C12682"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A1063044-BCD7-487F-9880-141C30547E36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DA42E65A-7207-48B8-BE1B-0B352201BC09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "75DDAF38-4D5F-4EE4-A428-68D28FC0DA96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "C5FB6AA6-F8C9-48A6-BDDA-1D25C43564EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "2B3A267A-5FEA-426D-903E-BD3F4F94A1A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "B1B3207B-1B9C-41AA-8EF6-8478458462E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "C5B9E7F3-B0F2-4A6A-B939-A62E9B12CCEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch7:*:*:*:*:*:*",
"matchCriteriaId": "EF4C5A58-D0AE-48D6-9757-18C1D5BE5070"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "C4DB9726-532F-45CE-81FD-45F2F6C7CE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "2E8F0066-0EC0-41FD-80BE-55C4ED5F6B0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "5D1765DB-1BEF-4CE9-8B86-B91F709600EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*",
"matchCriteriaId": "3D1E80EF-C3FD-4F7A-B63D-0EAA5C878B11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*",
"matchCriteriaId": "095F27EC-5713-4D4F-AD06-57D3DF068B90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch6:*:*:*:*:*:*",
"matchCriteriaId": "FEA5210C-E674-4C4B-9EB3-C681C70005B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "36722B6C-64A5-4D00-94E1-442878C37A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "7EEEA06A-AD58-48D3-8975-B21A961985B3"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-inj-696OZTCm",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6226
CVE-2023/CVE-2023-201xx/CVE-2023-20189.json
View File

File diff suppressed because it is too large Load Diff

77
CVE-2023/CVE-2023-208xx/CVE-2023-20881.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-20881",
"sourceIdentifier": "security@vmware.com",
"published": "2023-05-19T15:15:08.673",
"lastModified": "2023-05-19T17:53:19.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T15:59:56.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -23,10 +56,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.140",
"versionEndIncluding": "1.152.0",
"matchCriteriaId": "CE4F9AA2-820D-4BAD-ADD7-3541C7B30533"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.7.0",
"versionEndIncluding": "29.0.0",
"matchCriteriaId": "BBB92C34-2F75-4425-A1E0-C989A04A89B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cloudfoundry:loggregator-agent:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0",
"versionEndIncluding": "7.2.1",
"matchCriteriaId": "EEFC9A69-219C-49B3-A34E-2876F63E7BEB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cloudfoundry.org/blog/cve-2023-20881-cas-for-syslog-drain-mtls-feature-can-be-overwritten/",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-228xx/CVE-2023-22878.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22878",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-19T16:15:10.887",
"lastModified": "2023-05-19T17:53:19.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T14:14:55.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -34,14 +54,73 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CED2F00-89E3-4BA9-A8FB-D43B308A59A8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244373",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://https://www.ibm.com/support/pages/node/6988155",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25029.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25029",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-26T14:15:10.463",
"lastModified": "2023-05-26T15:56:52.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <=\u00a02.0.7 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-social-bookmarking-light/wordpress-wp-social-bookmarking-light-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25034.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25034",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-26T15:15:10.310",
"lastModified": "2023-05-26T15:56:52.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean Up plugin <=\u00a01.2.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-clean-up/wordpress-wp-clean-up-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25058.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25058",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-26T15:15:11.393",
"lastModified": "2023-05-26T15:56:52.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema \u2013 All In One Schema Rich Snippets plugin <=\u00a01.6.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/all-in-one-schemaorg-rich-snippets/wordpress-schema-all-in-one-schema-rich-snippets-plugin-1-6-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25467.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25467",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-26T15:15:11.767",
"lastModified": "2023-05-26T15:56:52.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <=\u00a01.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/resize-at-upload-plus/wordpress-resize-at-upload-plus-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25470.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25470",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-26T14:15:10.643",
"lastModified": "2023-05-26T15:56:52.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov Rus-To-Lat plugin <=\u00a00.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rustolat/wordpress-rus-to-lat-plugin-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

39
CVE-2023/CVE-2023-275xx/CVE-2023-27522.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27522",
"sourceIdentifier": "security@apache.org",
"published": "2023-03-07T16:15:09.613",
"lastModified": "2023-04-25T00:15:10.280",
"vulnStatus": "Modified",
"lastModified": "2023-05-26T15:05:01.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,36 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unbit:uwsgi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C23FC18-50AD-48F9-A74E-68DC1DA3A270"
}
]
}
]
}
],
"references": [
@ -75,7 +105,10 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-285xx/CVE-2023-28514.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28514",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-19T15:15:08.750",
"lastModified": "2023-05-19T17:53:19.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T15:42:03.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +66,91 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5F66BE-1A17-4A4E-AC8C-EA1CAF7AC09C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "4C360A44-E6C3-4E17-A86C-6B712E80CF16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "2E9E3A1B-D35D-4029-835C-C27917C2ABD7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250398",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/6985835",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-285xx/CVE-2023-28529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28529",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-19T16:15:14.057",
"lastModified": "2023-05-19T17:53:19.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T14:05:13.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +66,61 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CED2F00-89E3-4BA9-A8FB-D43B308A59A8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/251213",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/6988675",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

132
CVE-2023/CVE-2023-289xx/CVE-2023-28950.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28950",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-19T16:15:14.163",
"lastModified": "2023-05-19T17:53:19.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T14:15:16.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -34,14 +54,118 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5F66BE-1A17-4A4E-AC8C-EA1CAF7AC09C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "2E9E3A1B-D35D-4029-835C-C27917C2ABD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "040DDAAF-8039-46BD-A11B-DC3BDFC136C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "150A8804-DEE3-4974-B056-296AA8781131"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "89BDCCFD-C1DF-4E19-8597-DF87C56D7E09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "BF356AA2-43D1-422A-80E1-822AE9C08094"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251358",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://https://www.ibm.com/support/pages/node/6985837",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-290xx/CVE-2023-29013.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29013",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-14T19:15:09.127",
"lastModified": "2023-05-17T20:15:10.097",
"vulnStatus": "Modified",
"lastModified": "2023-05-26T15:01:44.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -83,11 +83,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:1.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF2E622-1947-4F7D-984E-4499A40FCEB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*",
@ -135,7 +130,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230517-0008/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-290xx/CVE-2023-29098.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29098",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-26T15:15:12.320",
"lastModified": "2023-05-26T15:56:52.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin <=\u00a03.13 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-copysafe-web/wordpress-copysafe-web-protection-plugin-3-13-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-301xx/CVE-2023-30145.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-30145",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-26T15:15:12.880",
"lastModified": "2023-05-26T15:56:52.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection",
"source": "cve@mitre.org"
},
{
"url": "https://drive.google.com/file/d/11MsSYqUnDRFjcwbQKJeL9Q8nWpgVYf2r/view?usp=share_link",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/paragbagul111/CVE-2023-30145",
"source": "cve@mitre.org"
},
{
"url": "https://portswigger.net/research/server-side-template-injection",
"source": "cve@mitre.org"
}
]
}

73
CVE-2023/CVE-2023-307xx/CVE-2023-30774.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-30774",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-19T15:15:08.923",
"lastModified": "2023-05-19T17:53:19.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T15:24:56.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -23,18 +56,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libtiff:libtiff:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13A056CA-3182-4568-9318-3982E02D671C"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-30774",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187139",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/463",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-307xx/CVE-2023-30775.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-30775",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-19T15:15:08.980",
"lastModified": "2023-05-19T17:53:19.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T15:26:09.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -23,18 +56,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libtiff:libtiff:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D49C1A38-70B8-4172-9FCD-F9E8848565C8"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-30775",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/464",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-319xx/CVE-2023-31996.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31996",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-23T01:15:10.247",
"lastModified": "2023-05-23T13:04:34.787",
"lastModified": "2023-05-26T15:15:13.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "https://hanwhavisionamerica.com/download/50042/",
"source": "cve@mitre.org"
},
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2023/04/Camera-Vulnerability-Report.pdf",
"source": "cve@mitre.org"

63
CVE-2023/CVE-2023-323xx/CVE-2023-32323.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-32323",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T14:15:10.827",
"lastModified": "2023-05-26T15:56:52.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/matrix-org/synapse/issues/14492",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/matrix-org/synapse/pull/14642",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-f3wc-3vxv-xmvr",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-329xx/CVE-2023-32964.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32964",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-26T15:15:13.853",
"lastModified": "2023-05-26T15:56:52.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <=\u00a01.9.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bnfw/wordpress-better-notifications-for-wp-plugin-1-9-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2023/CVE-2023-333xx/CVE-2023-33394.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33394",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-26T15:15:14.217",
"lastModified": "2023-05-26T15:56:52.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data."
}
],
"metrics": {},
"references": [
{
"url": "https://wanheiqiyihu.top/2023/05/02/skycaiji-v2-5-4-has-a-backend-xss-vulnerability/",
"source": "cve@mitre.org"
}
]
}

81
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-26T14:00:26.125285+00:00
2023-05-26T16:00:26.141869+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-26T13:59:21.923000+00:00
2023-05-26T15:59:56.003000+00:00
```
### Last Data Feed Release
@ -29,52 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
216062
216075
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `13`
* [CVE-2023-23714](CVE-2023/CVE-2023-237xx/CVE-2023-23714.json) (`2023-05-26T12:15:13.840`)
* [CVE-2023-24007](CVE-2023/CVE-2023-240xx/CVE-2023-24007.json) (`2023-05-26T12:15:15.070`)
* [CVE-2023-25781](CVE-2023/CVE-2023-257xx/CVE-2023-25781.json) (`2023-05-26T12:15:15.637`)
* [CVE-2023-25971](CVE-2023/CVE-2023-259xx/CVE-2023-25971.json) (`2023-05-26T12:15:16.273`)
* [CVE-2023-25976](CVE-2023/CVE-2023-259xx/CVE-2023-25976.json) (`2023-05-26T12:15:16.630`)
* [CVE-2023-22693](CVE-2023/CVE-2023-226xx/CVE-2023-22693.json) (`2023-05-26T13:15:09.483`)
* [CVE-2023-24008](CVE-2023/CVE-2023-240xx/CVE-2023-24008.json) (`2023-05-26T13:15:11.527`)
* [CVE-2023-25038](CVE-2023/CVE-2023-250xx/CVE-2023-25038.json) (`2023-05-26T13:15:11.830`)
* [CVE-2022-39335](CVE-2022/CVE-2022-393xx/CVE-2022-39335.json) (`2023-05-26T14:15:09.600`)
* [CVE-2022-39374](CVE-2022/CVE-2022-393xx/CVE-2022-39374.json) (`2023-05-26T14:15:10.257`)
* [CVE-2022-46945](CVE-2022/CVE-2022-469xx/CVE-2022-46945.json) (`2023-05-26T15:15:09.393`)
* [CVE-2023-25029](CVE-2023/CVE-2023-250xx/CVE-2023-25029.json) (`2023-05-26T14:15:10.463`)
* [CVE-2023-25470](CVE-2023/CVE-2023-254xx/CVE-2023-25470.json) (`2023-05-26T14:15:10.643`)
* [CVE-2023-32323](CVE-2023/CVE-2023-323xx/CVE-2023-32323.json) (`2023-05-26T14:15:10.827`)
* [CVE-2023-25034](CVE-2023/CVE-2023-250xx/CVE-2023-25034.json) (`2023-05-26T15:15:10.310`)
* [CVE-2023-25058](CVE-2023/CVE-2023-250xx/CVE-2023-25058.json) (`2023-05-26T15:15:11.393`)
* [CVE-2023-25467](CVE-2023/CVE-2023-254xx/CVE-2023-25467.json) (`2023-05-26T15:15:11.767`)
* [CVE-2023-29098](CVE-2023/CVE-2023-290xx/CVE-2023-29098.json) (`2023-05-26T15:15:12.320`)
* [CVE-2023-30145](CVE-2023/CVE-2023-301xx/CVE-2023-30145.json) (`2023-05-26T15:15:12.880`)
* [CVE-2023-32964](CVE-2023/CVE-2023-329xx/CVE-2023-32964.json) (`2023-05-26T15:15:13.853`)
* [CVE-2023-33394](CVE-2023/CVE-2023-333xx/CVE-2023-33394.json) (`2023-05-26T15:15:14.217`)
### CVEs modified in the last Commit
Recently modified CVEs: `34`
Recently modified CVEs: `32`
* [CVE-2023-2804](CVE-2023/CVE-2023-28xx/CVE-2023-2804.json) (`2023-05-26T12:43:57.397`)
* [CVE-2023-2901](CVE-2023/CVE-2023-29xx/CVE-2023-2901.json) (`2023-05-26T12:43:57.397`)
* [CVE-2023-2902](CVE-2023/CVE-2023-29xx/CVE-2023-2902.json) (`2023-05-26T12:43:57.397`)
* [CVE-2023-31124](CVE-2023/CVE-2023-311xx/CVE-2023-31124.json) (`2023-05-26T12:43:57.397`)
* [CVE-2023-31130](CVE-2023/CVE-2023-311xx/CVE-2023-31130.json) (`2023-05-26T12:43:57.397`)
* [CVE-2023-31147](CVE-2023/CVE-2023-311xx/CVE-2023-31147.json) (`2023-05-26T12:43:57.397`)
* [CVE-2023-2903](CVE-2023/CVE-2023-29xx/CVE-2023-2903.json) (`2023-05-26T12:43:57.397`)
* [CVE-2023-32067](CVE-2023/CVE-2023-320xx/CVE-2023-32067.json) (`2023-05-26T12:43:57.397`)
* [CVE-2023-32074](CVE-2023/CVE-2023-320xx/CVE-2023-32074.json) (`2023-05-26T12:43:57.397`)
* [CVE-2023-28382](CVE-2023/CVE-2023-283xx/CVE-2023-28382.json) (`2023-05-26T12:43:57.397`)
* [CVE-2023-33750](CVE-2023/CVE-2023-337xx/CVE-2023-33750.json) (`2023-05-26T12:44:04.697`)
* [CVE-2023-33751](CVE-2023/CVE-2023-337xx/CVE-2023-33751.json) (`2023-05-26T12:44:04.697`)
* [CVE-2023-30615](CVE-2023/CVE-2023-306xx/CVE-2023-30615.json) (`2023-05-26T12:44:04.697`)
* [CVE-2023-30851](CVE-2023/CVE-2023-308xx/CVE-2023-30851.json) (`2023-05-26T12:44:04.697`)
* [CVE-2023-26215](CVE-2023/CVE-2023-262xx/CVE-2023-26215.json) (`2023-05-26T12:44:04.697`)
* [CVE-2023-26216](CVE-2023/CVE-2023-262xx/CVE-2023-26216.json) (`2023-05-26T12:44:04.697`)
* [CVE-2023-0950](CVE-2023/CVE-2023-09xx/CVE-2023-0950.json) (`2023-05-26T12:44:04.697`)
* [CVE-2023-25439](CVE-2023/CVE-2023-254xx/CVE-2023-25439.json) (`2023-05-26T12:44:04.697`)
* [CVE-2023-2255](CVE-2023/CVE-2023-22xx/CVE-2023-2255.json) (`2023-05-26T12:44:04.697`)
* [CVE-2023-0863](CVE-2023/CVE-2023-08xx/CVE-2023-0863.json) (`2023-05-26T12:54:07.163`)
* [CVE-2023-2319](CVE-2023/CVE-2023-23xx/CVE-2023-2319.json) (`2023-05-26T13:33:38.157`)
* [CVE-2023-2509](CVE-2023/CVE-2023-25xx/CVE-2023-2509.json) (`2023-05-26T13:34:06.400`)
* [CVE-2023-33281](CVE-2023/CVE-2023-332xx/CVE-2023-33281.json) (`2023-05-26T13:45:29.920`)
* [CVE-2023-32322](CVE-2023/CVE-2023-323xx/CVE-2023-32322.json) (`2023-05-26T13:51:42.143`)
* [CVE-2023-2832](CVE-2023/CVE-2023-28xx/CVE-2023-2832.json) (`2023-05-26T13:54:43.810`)
* [CVE-2021-24686](CVE-2021/CVE-2021-246xx/CVE-2021-24686.json) (`2023-05-26T15:02:00.180`)
* [CVE-2022-45079](CVE-2022/CVE-2022-450xx/CVE-2022-45079.json) (`2023-05-26T14:02:48.150`)
* [CVE-2022-1755](CVE-2022/CVE-2022-17xx/CVE-2022-1755.json) (`2023-05-26T15:01:55.177`)
* [CVE-2022-36376](CVE-2022/CVE-2022-363xx/CVE-2022-36376.json) (`2023-05-26T15:02:41.920`)
* [CVE-2022-47984](CVE-2022/CVE-2022-479xx/CVE-2022-47984.json) (`2023-05-26T15:07:03.057`)
* [CVE-2023-28529](CVE-2023/CVE-2023-285xx/CVE-2023-28529.json) (`2023-05-26T14:05:13.470`)
* [CVE-2023-20024](CVE-2023/CVE-2023-200xx/CVE-2023-20024.json) (`2023-05-26T14:08:12.587`)
* [CVE-2023-22878](CVE-2023/CVE-2023-228xx/CVE-2023-22878.json) (`2023-05-26T14:14:55.810`)
* [CVE-2023-28950](CVE-2023/CVE-2023-289xx/CVE-2023-28950.json) (`2023-05-26T14:15:16.233`)
* [CVE-2023-20077](CVE-2023/CVE-2023-200xx/CVE-2023-20077.json) (`2023-05-26T14:22:30.640`)
* [CVE-2023-20087](CVE-2023/CVE-2023-200xx/CVE-2023-20087.json) (`2023-05-26T14:28:53.080`)
* [CVE-2023-20166](CVE-2023/CVE-2023-201xx/CVE-2023-20166.json) (`2023-05-26T14:42:33.603`)
* [CVE-2023-20167](CVE-2023/CVE-2023-201xx/CVE-2023-20167.json) (`2023-05-26T14:45:40.920`)
* [CVE-2023-20171](CVE-2023/CVE-2023-201xx/CVE-2023-20171.json) (`2023-05-26T14:54:31.757`)
* [CVE-2023-29013](CVE-2023/CVE-2023-290xx/CVE-2023-29013.json) (`2023-05-26T15:01:44.387`)
* [CVE-2023-27522](CVE-2023/CVE-2023-275xx/CVE-2023-27522.json) (`2023-05-26T15:05:01.460`)
* [CVE-2023-31996](CVE-2023/CVE-2023-319xx/CVE-2023-31996.json) (`2023-05-26T15:15:13.103`)
* [CVE-2023-30774](CVE-2023/CVE-2023-307xx/CVE-2023-30774.json) (`2023-05-26T15:24:56.207`)
* [CVE-2023-20172](CVE-2023/CVE-2023-201xx/CVE-2023-20172.json) (`2023-05-26T15:25:24.413`)
* [CVE-2023-30775](CVE-2023/CVE-2023-307xx/CVE-2023-30775.json) (`2023-05-26T15:26:09.463`)
* [CVE-2023-20173](CVE-2023/CVE-2023-201xx/CVE-2023-20173.json) (`2023-05-26T15:40:03.033`)
* [CVE-2023-28514](CVE-2023/CVE-2023-285xx/CVE-2023-28514.json) (`2023-05-26T15:42:03.927`)
* [CVE-2023-20174](CVE-2023/CVE-2023-201xx/CVE-2023-20174.json) (`2023-05-26T15:44:56.217`)
* [CVE-2023-20189](CVE-2023/CVE-2023-201xx/CVE-2023-20189.json) (`2023-05-26T15:51:50.933`)
* [CVE-2023-20881](CVE-2023/CVE-2023-208xx/CVE-2023-20881.json) (`2023-05-26T15:59:56.003`)
## Download and Usage