admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-31T02:00:26.419751+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-31 02:00:30 +00:00
parent bf0d75742a
commit fb483a23fd
34 changed files with 2260 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
CVE-2019/CVE-2019-136xx/CVE-2019-13690.json
View File

@ -2,23 +2,100 @@
"id": "CVE-2019-13690",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-25T19:15:08.117",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-31T00:39:07.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "75.0.3770.80",
"matchCriteriaId": "1629DCDC-F45C-4F3E-A8EF-43E40E2FD504"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=960111",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/960111",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

65
CVE-2022/CVE-2022-352xx/CVE-2022-35205.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2022-35205",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:23.060",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:36:47.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:binutils:2.38.50:*:*:*:*:*:*:*",
"matchCriteriaId": "9456C364-BC91-4654-BD14-934D443CCEDF"
}
]
}
]
}
],
"references": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29289",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

65
CVE-2022/CVE-2022-352xx/CVE-2022-35206.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2022-35206",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:23.113",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:36:57.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:binutils:2.38.50:*:*:*:*:*:*:*",
"matchCriteriaId": "9456C364-BC91-4654-BD14-934D443CCEDF"
}
]
}
]
}
],
"references": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29290",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

101
CVE-2022/CVE-2022-404xx/CVE-2022-40433.json
View File

@ -2,31 +2,118 @@
"id": "CVE-2022-40433",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:24.010",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:37:13.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:openjdk:7:update351:*:*:*:*:*:*",
"matchCriteriaId": "576F2D55-3079-45D0-A2E8-0D250A8F5BDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:openjdk:8:*:*:*:*:*:*:*",
"matchCriteriaId": "FB165A22-A34A-478F-AF3A-483F649AE95D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*",
"matchCriteriaId": "465CFA59-8E94-415A-ACF0-E678826813BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:openjdk:17.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "778B9A45-E5EB-4B97-9989-AC221A577DCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*",
"matchCriteriaId": "56CBFC1F-C120-44F2-877A-C1C880AA89C4"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.openjdk.org/browse/JDK-8283441",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/openjdk/jdk11u-dev/pull/1183",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/openjdk/jdk13u-dev/pull/394",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/openjdk/jdk15u-dev/pull/261",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

75
CVE-2022/CVE-2022-44xx/CVE-2022-4452.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2022-4452",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-25T15:15:08.040",
"lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:39:17.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "107.0.5304.62",
"matchCriteriaId": "6E3E8C15-896B-4126-A53A-771C50A24E4F"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1372457",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking",
"Patch",
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1372457",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking",
"Patch",
"Permissions Required",
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-19xx/CVE-2023-1997.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1997",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2023-08-28T16:15:08.627",
"lastModified": "2023-08-28T19:28:54.367",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:26:46.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
@ -46,10 +76,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:3ds:3dexperience:r2021x:*:*:*:*:*:*:*",
"matchCriteriaId": "22C41137-50DF-4370-8A86-396061095A3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:3ds:3dexperience:r2022x:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB01B8A-297F-4B1C-A76A-1ED733E62A43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:3ds:3dexperience:r2023x:*:*:*:*:*:*:*",
"matchCriteriaId": "E52A5F8A-665B-4AA7-89CD-19720D64718E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories",
"source": "3DS.Information-Security@3ds.com"
"source": "3DS.Information-Security@3ds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-237xx/CVE-2023-23770.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23770",
"sourceIdentifier": "cert@ncsc.nl",
"published": "2023-08-29T09:15:07.993",
"lastModified": "2023-08-29T13:34:55.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:26:07.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cert@ncsc.nl",
"type": "Secondary",
@ -34,10 +54,54 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:motorola:mbts_site_controller_firmware:r05.32.58:*:*:*:*:*:*:*",
"matchCriteriaId": "87EB0F74-B3C6-4641-8678-1F8654BDFF8B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "044E6275-5F1D-496C-839F-909926D337B8"
}
]
}
]
}
],
"references": [
{
"url": "https://tetraburst.com/",
"source": "cert@ncsc.nl"
"source": "cert@ncsc.nl",
"tags": [
"Not Applicable"
]
}
]
}

70
CVE-2023/CVE-2023-237xx/CVE-2023-23771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23771",
"sourceIdentifier": "cert@ncsc.nl",
"published": "2023-08-29T09:15:08.910",
"lastModified": "2023-08-29T13:34:55.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:25:45.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
},
{
"source": "cert@ncsc.nl",
"type": "Secondary",
@ -34,10 +54,54 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:motorola:mbts_base_radio_firmware:r05.x2.57:*:*:*:*:*:*:*",
"matchCriteriaId": "07A9EA39-6C38-4A3E-9628-AD39FE659018"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:motorola:mbts_base_radio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E15ED3-0448-4EE1-AE81-EDB533C24A70"
}
]
}
]
}
],
"references": [
{
"url": "https://tetraburst.com/",
"source": "cert@ncsc.nl"
"source": "cert@ncsc.nl",
"tags": [
"Not Applicable"
]
}
]
}

70
CVE-2023/CVE-2023-237xx/CVE-2023-23772.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23772",
"sourceIdentifier": "cert@ncsc.nl",
"published": "2023-08-29T09:15:09.193",
"lastModified": "2023-08-29T13:34:55.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:25:58.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cert@ncsc.nl",
"type": "Secondary",
@ -34,10 +54,54 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:motorola:mbts_site_controller_firmware:r05.32.58:*:*:*:*:*:*:*",
"matchCriteriaId": "87EB0F74-B3C6-4641-8678-1F8654BDFF8B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "044E6275-5F1D-496C-839F-909926D337B8"
}
]
}
]
}
],
"references": [
{
"url": "https://tetraburst.com/",
"source": "cert@ncsc.nl"
"source": "cert@ncsc.nl",
"tags": [
"Not Applicable"
]
}
]
}

97
CVE-2023/CVE-2023-237xx/CVE-2023-23773.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23773",
"sourceIdentifier": "cert@ncsc.nl",
"published": "2023-08-29T09:15:09.330",
"lastModified": "2023-08-29T13:34:55.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:24:59.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cert@ncsc.nl",
"type": "Secondary",
@ -34,10 +54,81 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:motorola:ebts_base_radio_firmware:r05.x2.57:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB9FFD-308A-43F3-A646-17FBBA5BEB23"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:motorola:ebts_base_radio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B397BB8-D7B1-468B-9CA9-63E1E34740D1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:motorola:mbts_base_radio_firmware:r05.x2.57:*:*:*:*:*:*:*",
"matchCriteriaId": "07A9EA39-6C38-4A3E-9628-AD39FE659018"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:motorola:mbts_base_radio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E15ED3-0448-4EE1-AE81-EDB533C24A70"
}
]
}
]
}
],
"references": [
{
"url": "https://tetraburst.com/",
"source": "cert@ncsc.nl"
"source": "cert@ncsc.nl",
"tags": [
"Not Applicable"
]
}
]
}

97
CVE-2023/CVE-2023-237xx/CVE-2023-23774.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23774",
"sourceIdentifier": "cert@ncsc.nl",
"published": "2023-08-29T09:15:09.403",
"lastModified": "2023-08-29T13:34:55.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:24:38.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
},
{
"source": "cert@ncsc.nl",
"type": "Secondary",
@ -34,10 +54,81 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:motorola:ebts_site_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "397B1B92-C023-4825-8122-05131B702740"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:motorola:ebts_site_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B19E4B16-8762-44BF-A597-D77621686A2E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:motorola:mbts_site_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "678A4DEF-0D43-43CA-B541-F7BEAAEEAA28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "044E6275-5F1D-496C-839F-909926D337B8"
}
]
}
]
}
],
"references": [
{
"url": "https://tetraburst.com/",
"source": "cert@ncsc.nl"
"source": "cert@ncsc.nl",
"tags": [
"Not Applicable"
]
}
]
}

55
CVE-2023/CVE-2023-314xx/CVE-2023-31423.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31423",
"sourceIdentifier": "sirt@brocade.com",
"published": "2023-08-31T01:15:07.860",
"lastModified": "2023-08-31T01:15:07.860",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Possible\n information exposure through log file vulnerability where sensitive \nfields are recorded in the configuration log without masking on Brocade \nSANnav before v2.3.0 and 2.2.2a. Notes:\n To access the logs, the local attacker must have access to an already collected Brocade SANnav \"supportsave\" \noutputs.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22508",
"source": "sirt@brocade.com"
}
]
}

55
CVE-2023/CVE-2023-314xx/CVE-2023-31424.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31424",
"sourceIdentifier": "sirt@brocade.com",
"published": "2023-08-31T01:15:08.537",
"lastModified": "2023-08-31T01:15:08.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a\n allows remote unauthenticated users to bypass web authentication and \nauthorization.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22507",
"source": "sirt@brocade.com"
}
]
}

55
CVE-2023/CVE-2023-319xx/CVE-2023-31925.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31925",
"sourceIdentifier": "sirt@brocade.com",
"published": "2023-08-31T01:15:08.753",
"lastModified": "2023-08-31T01:15:08.753",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Brocade\n SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords\n in plaintext. A privileged user could retrieve these credentials with \nknowledge and access to these log files. SNMP \ncredentials could be seen in SANnav SupportSave if the capture is \nperformed after an SNMP configuration failure causes an SNMP \ncommunication log dump.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506",
"source": "sirt@brocade.com"
}
]
}

81
CVE-2023/CVE-2023-347xx/CVE-2023-34723.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-34723",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T22:15:08.903",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:37:46.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jaycar:la5570_firmware:1.0.19_t53:*:*:*:*:*:*:*",
"matchCriteriaId": "725D3A05-4F91-4EFD-8590-22FFADBD2F47"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jaycar:la5570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46B24E7F-1C4B-49B5-BE0E-1AF9D84020FD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

55
CVE-2023/CVE-2023-34xx/CVE-2023-3489.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3489",
"sourceIdentifier": "sirt@brocade.com",
"published": "2023-08-31T00:15:07.913",
"lastModified": "2023-08-31T00:15:07.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The \nfirmwaredownload command on Brocade Fabric OS v9.2.0 could log the \nFTP/SFTP/SCP server password in clear text in the SupportSave file when \nperforming a downgrade from Fabric OS v9.2.0 to any earlier version of \nFabric OS.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22510",
"source": "sirt@brocade.com"
}
]
}

126
CVE-2023/CVE-2023-37xx/CVE-2023-3705.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3705",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2023-08-24T08:15:09.040",
"lastModified": "2023-08-24T12:55:22.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:37:27.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "vdisclose@cert-in.org.in",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "vdisclose@cert-in.org.in",
"type": "Secondary",
@ -46,10 +76,100 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cpplusworld:cp-vnr-3104_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "b3223p22c02424",
"matchCriteriaId": "16BACB34-6325-4E52-A575-AEEDA3B2FE4F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cpplusworld:cp-vnr-3104:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E31775-FFB5-40C3-9841-0C67D42E87C4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cpplusworld:cp-vnr-3108_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "b3223p22c02424",
"matchCriteriaId": "B1A6A2F4-6595-4DFC-A926-A2CB677E0CCD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cpplusworld:cp-vnr-3108:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34F3AD8B-71BA-434A-A2EB-39C3292D4EC6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cpplusworld:cp-vnr-3208_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "b3223p22c02424",
"matchCriteriaId": "872BD1A6-87C4-4AC4-93E9-2CE82E0D4B74"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cpplusworld:cp-vnr-3208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8269EEF4-930E-4205-A1AF-3D1D7114A6B5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0239",
"source": "vdisclose@cert-in.org.in"
"source": "vdisclose@cert-in.org.in",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-387xx/CVE-2023-38710.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-38710",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T21:15:08.167",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-31T00:38:31.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.20",
"versionEndExcluding": "4.12",
"matchCriteriaId": "6FD4136B-12B7-4FCA-B643-47F5FEA652EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/libreswan/libreswan/tags",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://libreswan.org/security/CVE-2023-38710/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-387xx/CVE-2023-38711.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-38711",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T21:15:08.230",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-31T00:38:08.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.6",
"versionEndExcluding": "4.12",
"matchCriteriaId": "E5090A30-05D9-4501-9E86-FF1024BB2A0F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/libreswan/libreswan/tags",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://libreswan.org/security/CVE-2023-38711/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-387xx/CVE-2023-38712.json
View File

@ -2,23 +2,90 @@
"id": "CVE-2023-38712",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T21:15:08.293",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:37:58.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndExcluding": "4.0",
"matchCriteriaId": "8DF49694-9BD7-46A7-851B-F03CB49A9250"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "4.12",
"matchCriteriaId": "8923F14F-CAAA-402E-8549-8250C9CADA4A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/libreswan/libreswan/tags",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://libreswan.org/security/CVE-2023-38712/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-396xx/CVE-2023-39650.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-39650",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T23:15:08.293",
"lastModified": "2023-08-29T05:18:54.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:26:15.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single."
},
{
"lang": "es",
"value": "Se ha descubierto que Theme Volty CMS Blog hasta la versi\u00f3n v4.0.1 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro \"id\" en \"/tvcmsblog/single\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themevolty:theme_volty_cms_blog:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "4.0.1",
"matchCriteriaId": "F74A6448-7ABD-41CE-9E35-40252778AADE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/08/24/tvcmsblog.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://themevolty.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-408xx/CVE-2023-40857.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-40857",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T22:15:09.870",
"lastModified": "2023-08-29T05:18:54.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:27:11.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en VirusTotal yara v4.3.2 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n \"yr_execute_cod\" del componente \"exe.c\". "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:virustotal:yara:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EEF587-BE65-40E9-AE81-5F7FA989A74A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/VirusTotal/yara/issues/1945",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-409xx/CVE-2023-40997.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-40997",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T22:15:10.030",
"lastModified": "2023-08-29T05:18:54.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:26:33.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:o-ran-sc:ric_message_router:4.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09883935-1EE0-4711-B707-9A1B78E4E326"
}
]
}
]
}
],
"references": [
{
"url": "https://jira.o-ran-sc.org/browse/RIC-991",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-409xx/CVE-2023-40998.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-40998",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T22:15:10.167",
"lastModified": "2023-08-29T05:18:54.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T00:26:26.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:o-ran-sc:ric_message_router:4.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09883935-1EE0-4711-B707-9A1B78E4E326"
}
]
}
]
}
],
"references": [
{
"url": "https://jira.o-ran-sc.org/browse/RIC-989",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-41xx/CVE-2023-4162.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4162",
"sourceIdentifier": "sirt@brocade.com",
"published": "2023-08-31T01:15:08.943",
"lastModified": "2023-08-31T01:15:08.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A\n segmentation fault can occur in Brocade Fabric OS after Brocade Fabric \nOS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg \ncommand. This\n could allow an authenticated privileged user local user to crash a \nBrocade Fabric OS swith using the cli \u201cpasswdcfg --set -expire \n-minDiff\u201c.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22513",
"source": "sirt@brocade.com"
}
]
}

55
CVE-2023/CVE-2023-41xx/CVE-2023-4163.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4163",
"sourceIdentifier": "sirt@brocade.com",
"published": "2023-08-31T01:15:09.190",
"lastModified": "2023-08-31T01:15:09.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In\n Brocade Fabric OS before v9.2.0a, a local authenticated privileged user\n can trigger a buffer overflow condition, leading to a kernel panic with\n large input to buffers in the portcfgfportbuffers command.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514",
"source": "sirt@brocade.com"
}
]
}

59
CVE-2023/CVE-2023-46xx/CVE-2023-4649.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4649",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T01:15:09.390",
"lastModified": "2023-08-31T01:15:09.390",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"references": [
{
"url": "https://github.com/instantsoft/icms2/commit/ca5f150da11d9caae86638885137afe35bcc3592",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/069bb1f3-0805-480d-a6e1-b3345cdc60f3",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-46xx/CVE-2023-4650.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4650",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T01:15:09.623",
"lastModified": "2023-08-31T01:15:09.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/instantsoft/icms2/commit/78ff8ca066e86a65ff35470b5622be3aa7d2f928",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/d92e8985-9d9d-4a62-92e8-ada014ee3b17",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-46xx/CVE-2023-4651.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4651",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T01:15:09.787",
"lastModified": "2023-08-31T01:15:09.787",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/instantsoft/icms2/commit/a6bf758de0b3242b0c0e4b47a588aae0c94305b0",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/beba9b98-2a5c-4629-987d-b67f47ba9437",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-46xx/CVE-2023-4652.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4652",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T01:15:10.063",
"lastModified": "2023-08-31T01:15:10.063",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/instantsoft/icms2/commit/7a7e57e77f12f36d0e96be6d5b9066389372dbcd",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/7869e4af-fad9-48c3-9e4f-c949e54cbb41",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-46xx/CVE-2023-4653.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4653",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T01:15:10.297",
"lastModified": "2023-08-31T01:15:10.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/instantsoft/icms2/commit/7e9d79818bd52dfa7811d5978c72785054c65242",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/e0bf7e95-fc8c-4fd4-8575-8b46b9431c6d",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-46xx/CVE-2023-4654.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4654",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T01:15:10.573",
"lastModified": "2023-08-31T01:15:10.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-614"
}
]
}
],
"references": [
{
"url": "https://github.com/instantsoft/icms2/commit/ca5f150da11d9caae86638885137afe35bcc3592",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/56432a75-af43-4b1a-9307-bd8de568351b",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-46xx/CVE-2023-4655.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4655",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T01:15:10.740",
"lastModified": "2023-08-31T01:15:10.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/instantsoft/icms2/commit/a6a30e7bc96cd2081707388046c0259870533da6",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/e2189ad5-b665-4ba5-b6c4-112e58ae9a97",
"source": "security@huntr.dev"
}
]
}

57
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-30T23:55:25.057622+00:00
2023-08-31T02:00:26.419751+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-30T23:15:08.447000+00:00
2023-08-31T01:15:10.740000+00:00
```
### Last Data Feed Release
@ -23,37 +23,58 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-08-30T00:00:13.572909+00:00
2023-08-31T00:00:13.561501+00:00
```
### Total Number of included CVEs
```plain
223760
223773
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `13`
* [CVE-2023-31714](CVE-2023/CVE-2023-317xx/CVE-2023-31714.json) (`2023-08-30T22:15:08.013`)
* [CVE-2023-38970](CVE-2023/CVE-2023-389xx/CVE-2023-38970.json) (`2023-08-30T22:15:08.717`)
* [CVE-2023-39135](CVE-2023/CVE-2023-391xx/CVE-2023-39135.json) (`2023-08-30T22:15:08.920`)
* [CVE-2023-39136](CVE-2023/CVE-2023-391xx/CVE-2023-39136.json) (`2023-08-30T22:15:08.977`)
* [CVE-2023-39137](CVE-2023/CVE-2023-391xx/CVE-2023-39137.json) (`2023-08-30T22:15:09.030`)
* [CVE-2023-39138](CVE-2023/CVE-2023-391xx/CVE-2023-39138.json) (`2023-08-30T22:15:09.083`)
* [CVE-2023-39139](CVE-2023/CVE-2023-391xx/CVE-2023-39139.json) (`2023-08-30T22:15:09.300`)
* [CVE-2023-41040](CVE-2023/CVE-2023-410xx/CVE-2023-41040.json) (`2023-08-30T22:15:09.857`)
* [CVE-2023-41041](CVE-2023/CVE-2023-410xx/CVE-2023-41041.json) (`2023-08-30T22:15:10.043`)
* [CVE-2023-41163](CVE-2023/CVE-2023-411xx/CVE-2023-41163.json) (`2023-08-30T22:15:10.297`)
* [CVE-2023-23765](CVE-2023/CVE-2023-237xx/CVE-2023-23765.json) (`2023-08-30T23:15:08.447`)
* [CVE-2023-3489](CVE-2023/CVE-2023-34xx/CVE-2023-3489.json) (`2023-08-31T00:15:07.913`)
* [CVE-2023-31423](CVE-2023/CVE-2023-314xx/CVE-2023-31423.json) (`2023-08-31T01:15:07.860`)
* [CVE-2023-31424](CVE-2023/CVE-2023-314xx/CVE-2023-31424.json) (`2023-08-31T01:15:08.537`)
* [CVE-2023-31925](CVE-2023/CVE-2023-319xx/CVE-2023-31925.json) (`2023-08-31T01:15:08.753`)
* [CVE-2023-4162](CVE-2023/CVE-2023-41xx/CVE-2023-4162.json) (`2023-08-31T01:15:08.943`)
* [CVE-2023-4163](CVE-2023/CVE-2023-41xx/CVE-2023-4163.json) (`2023-08-31T01:15:09.190`)
* [CVE-2023-4649](CVE-2023/CVE-2023-46xx/CVE-2023-4649.json) (`2023-08-31T01:15:09.390`)
* [CVE-2023-4650](CVE-2023/CVE-2023-46xx/CVE-2023-4650.json) (`2023-08-31T01:15:09.623`)
* [CVE-2023-4651](CVE-2023/CVE-2023-46xx/CVE-2023-4651.json) (`2023-08-31T01:15:09.787`)
* [CVE-2023-4652](CVE-2023/CVE-2023-46xx/CVE-2023-4652.json) (`2023-08-31T01:15:10.063`)
* [CVE-2023-4653](CVE-2023/CVE-2023-46xx/CVE-2023-4653.json) (`2023-08-31T01:15:10.297`)
* [CVE-2023-4654](CVE-2023/CVE-2023-46xx/CVE-2023-4654.json) (`2023-08-31T01:15:10.573`)
* [CVE-2023-4655](CVE-2023/CVE-2023-46xx/CVE-2023-4655.json) (`2023-08-31T01:15:10.740`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `20`
* [CVE-2023-40901](CVE-2023/CVE-2023-409xx/CVE-2023-40901.json) (`2023-08-30T22:15:09.383`)
* [CVE-2019-13690](CVE-2019/CVE-2019-136xx/CVE-2019-13690.json) (`2023-08-31T00:39:07.533`)
* [CVE-2022-35205](CVE-2022/CVE-2022-352xx/CVE-2022-35205.json) (`2023-08-31T00:36:47.473`)
* [CVE-2022-35206](CVE-2022/CVE-2022-352xx/CVE-2022-35206.json) (`2023-08-31T00:36:57.233`)
* [CVE-2022-40433](CVE-2022/CVE-2022-404xx/CVE-2022-40433.json) (`2023-08-31T00:37:13.927`)
* [CVE-2022-4452](CVE-2022/CVE-2022-44xx/CVE-2022-4452.json) (`2023-08-31T00:39:17.717`)
* [CVE-2023-23774](CVE-2023/CVE-2023-237xx/CVE-2023-23774.json) (`2023-08-31T00:24:38.207`)
* [CVE-2023-23773](CVE-2023/CVE-2023-237xx/CVE-2023-23773.json) (`2023-08-31T00:24:59.020`)
* [CVE-2023-23771](CVE-2023/CVE-2023-237xx/CVE-2023-23771.json) (`2023-08-31T00:25:45.960`)
* [CVE-2023-23772](CVE-2023/CVE-2023-237xx/CVE-2023-23772.json) (`2023-08-31T00:25:58.953`)
* [CVE-2023-23770](CVE-2023/CVE-2023-237xx/CVE-2023-23770.json) (`2023-08-31T00:26:07.900`)
* [CVE-2023-39650](CVE-2023/CVE-2023-396xx/CVE-2023-39650.json) (`2023-08-31T00:26:15.827`)
* [CVE-2023-40998](CVE-2023/CVE-2023-409xx/CVE-2023-40998.json) (`2023-08-31T00:26:26.523`)
* [CVE-2023-40997](CVE-2023/CVE-2023-409xx/CVE-2023-40997.json) (`2023-08-31T00:26:33.640`)
* [CVE-2023-1997](CVE-2023/CVE-2023-19xx/CVE-2023-1997.json) (`2023-08-31T00:26:46.620`)
* [CVE-2023-40857](CVE-2023/CVE-2023-408xx/CVE-2023-40857.json) (`2023-08-31T00:27:11.427`)
* [CVE-2023-3705](CVE-2023/CVE-2023-37xx/CVE-2023-3705.json) (`2023-08-31T00:37:27.440`)
* [CVE-2023-34723](CVE-2023/CVE-2023-347xx/CVE-2023-34723.json) (`2023-08-31T00:37:46.940`)
* [CVE-2023-38712](CVE-2023/CVE-2023-387xx/CVE-2023-38712.json) (`2023-08-31T00:37:58.830`)
* [CVE-2023-38711](CVE-2023/CVE-2023-387xx/CVE-2023-38711.json) (`2023-08-31T00:38:08.170`)
* [CVE-2023-38710](CVE-2023/CVE-2023-387xx/CVE-2023-38710.json) (`2023-08-31T00:38:31.680`)
## Download and Usage