admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-02T21:55:24.653363+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-02 23:55:27 +02:00
parent 5bc41baa3c
commit fc867c6fc9
29 changed files with 1336 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
CVE-2021/CVE-2021-231xx/CVE-2021-23186.json Normal file
View File

@ -0,0 +1,106 @@
{
"id": "CVE-2021-23186",
"sourceIdentifier": "security@odoo.com",
"published": "2023-04-25T19:15:09.340",
"lastModified": "2023-05-02T20:21:22.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8
}
],
"cvssMetricV30": [
{
"source": "security@odoo.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:*",
"versionEndIncluding": "15.0",
"matchCriteriaId": "C5B912BD-1FB4-418A-9CE3-FBE0903D70BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:*",
"versionEndIncluding": "15.0",
"matchCriteriaId": "2BFAF5BD-20F9-402C-B7EB-4E0294A572AE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/odoo/odoo/issues/107688",
"source": "security@odoo.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

112
CVE-2021/CVE-2021-232xx/CVE-2021-23203.json Normal file
View File

@ -0,0 +1,112 @@
{
"id": "CVE-2021-23203",
"sourceIdentifier": "security@odoo.com",
"published": "2023-04-25T19:15:09.403",
"lastModified": "2023-05-02T20:06:15.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@odoo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:14.0:*:*:*:community:*:*:*",
"matchCriteriaId": "4D952E47-04E1-4146-A3AA-3804A1AB52DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:14.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BEB5354F-C1AC-48D6-8922-656F952442A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:15.0:*:*:*:community:*:*:*",
"matchCriteriaId": "EBD0BABD-16C5-449D-8BE7-9E948A509FA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:15.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "24A23452-4857-4F4B-AA5A-944F9073A554"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/odoo/odoo/issues/107695",
"source": "security@odoo.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

106
CVE-2021/CVE-2021-447xx/CVE-2021-44775.json Normal file
View File

@ -0,0 +1,106 @@
{
"id": "CVE-2021-44775",
"sourceIdentifier": "security@odoo.com",
"published": "2023-04-25T19:15:09.903",
"lastModified": "2023-05-02T20:26:24.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@odoo.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:*",
"versionEndIncluding": "15.0",
"matchCriteriaId": "C5B912BD-1FB4-418A-9CE3-FBE0903D70BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:*",
"versionEndIncluding": "15.0",
"matchCriteriaId": "2BFAF5BD-20F9-402C-B7EB-4E0294A572AE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/odoo/odoo/issues/107691",
"source": "security@odoo.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

106
CVE-2021/CVE-2021-450xx/CVE-2021-45071.json Normal file
View File

@ -0,0 +1,106 @@
{
"id": "CVE-2021-45071",
"sourceIdentifier": "security@odoo.com",
"published": "2023-04-25T19:15:09.963",
"lastModified": "2023-05-02T20:26:15.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@odoo.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:*",
"versionEndIncluding": "15.0",
"matchCriteriaId": "C5B912BD-1FB4-418A-9CE3-FBE0903D70BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:*",
"versionEndIncluding": "15.0",
"matchCriteriaId": "2BFAF5BD-20F9-402C-B7EB-4E0294A572AE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/odoo/odoo/issues/107697",
"source": "security@odoo.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

24
CVE-2022/CVE-2022-307xx/CVE-2022-30759.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-30759",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T21:15:09.147",
"lastModified": "2023-05-02T21:15:09.147",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands."
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/171971/Nokia-OneNDS-20.9-Insecure-Permissions-Privilege-Escalation.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.nokia.com/networks/products/one-nds/",
"source": "cve@mitre.org"
}
]
}

89
CVE-2022/CVE-2022-377xx/CVE-2022-37708.json
View File

@ -2,93 +2,14 @@
"id": "CVE-2022-37708",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-31T22:15:08.073",
"lastModified": "2023-03-09T19:15:10.397",
"vulnStatus": "Modified",
"lastModified": "2023-05-02T20:15:10.323",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:docker:docker:20.10.15:*:*:*:-:*:*:*",
"matchCriteriaId": "C5C974EE-2D9B-4BEE-A9D6-33F903951F88"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/orgs/docker/repositories",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/thekevinday/docker_lightman_exploit",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230309-0008/",
"source": "cve@mitre.org"
},
{
"url": "https://www.docker.com/",
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

47
CVE-2022/CVE-2022-416xx/CVE-2022-41612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41612",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-04-24T17:15:09.463",
"lastModified": "2023-04-24T17:43:16.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-02T20:35:51.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shareaholic:similar_posts:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.6",
"matchCriteriaId": "312CEC38-8A82-40D1-9941-370C63D17601"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/similar-posts/wordpress-similar-posts-plugin-3-1-6-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2022/CVE-2022-475xx/CVE-2022-47509.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47509",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-04-21T20:15:07.247",
"lastModified": "2023-04-24T13:02:19.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-02T20:11:21.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.2",
"matchCriteriaId": "813EF4B0-6B36-47B1-9AEE-83040037F7EE"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47509",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2022/CVE-2022-478xx/CVE-2022-47874.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-47874",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.423",
"lastModified": "2023-05-02T20:15:10.423",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf",
"source": "cve@mitre.org"
}
]
}

20
CVE-2022/CVE-2022-478xx/CVE-2022-47875.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-47875",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.483",
"lastModified": "2023-05-02T20:15:10.483",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf",
"source": "cve@mitre.org"
}
]
}

20
CVE-2022/CVE-2022-478xx/CVE-2022-47876.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-47876",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.537",
"lastModified": "2023-05-02T20:15:10.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf",
"source": "cve@mitre.org"
}
]
}

20
CVE-2022/CVE-2022-478xx/CVE-2022-47877.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-47877",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.590",
"lastModified": "2023-05-02T20:15:10.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf",
"source": "cve@mitre.org"
}
]
}

20
CVE-2022/CVE-2022-478xx/CVE-2022-47878.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-47878",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.647",
"lastModified": "2023-05-02T20:15:10.647",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf",
"source": "cve@mitre.org"
}
]
}

95
CVE-2023/CVE-2023-251xx/CVE-2023-25132.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25132",
"sourceIdentifier": "ART@zuso.ai",
"published": "2023-04-24T10:15:07.237",
"lastModified": "2023-04-24T13:01:43.960",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-02T20:19:38.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ART@zuso.ai",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "ART@zuso.ai",
"type": "Secondary",
@ -46,26 +76,77 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:linux:*:*",
"versionEndIncluding": "4.8.6",
"matchCriteriaId": "231B7053-0BD9-4C08-8028-72F30768EF48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:macos:*:*",
"versionEndIncluding": "4.8.6",
"matchCriteriaId": "B38A1026-EED6-4606-B61A-F6FDCBF3BB4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:virtual_machine:*:*",
"versionEndIncluding": "4.8.6",
"matchCriteriaId": "4DD5C6C4-2DBD-4C67-A10C-43A293ABD1A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:windows:*:*",
"versionEndIncluding": "4.8.6",
"matchCriteriaId": "CA11A0E7-FAC1-4BF1-85D4-7370EAC1E0C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads",
"source": "ART@zuso.ai"
"source": "ART@zuso.ai",
"tags": [
"Product"
]
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads",
"source": "ART@zuso.ai"
"source": "ART@zuso.ai",
"tags": [
"Product"
]
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads",
"source": "ART@zuso.ai"
"source": "ART@zuso.ai",
"tags": [
"Product"
]
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads",
"source": "ART@zuso.ai"
"source": "ART@zuso.ai",
"tags": [
"Product"
]
},
{
"url": "https://zuso.ai/Advisory/",
"source": "ART@zuso.ai"
"source": "ART@zuso.ai",
"tags": [
"Third Party Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-251xx/CVE-2023-25133.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25133",
"sourceIdentifier": "ART@zuso.ai",
"published": "2023-04-24T11:15:07.097",
"lastModified": "2023-04-24T13:01:43.960",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-02T20:24:58.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ART@zuso.ai",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "ART@zuso.ai",
"type": "Secondary",
@ -46,26 +76,77 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:linux:*:*",
"versionEndIncluding": "4.8.6",
"matchCriteriaId": "231B7053-0BD9-4C08-8028-72F30768EF48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:macos:*:*",
"versionEndIncluding": "4.8.6",
"matchCriteriaId": "B38A1026-EED6-4606-B61A-F6FDCBF3BB4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:virtual_machine:*:*",
"versionEndIncluding": "4.8.6",
"matchCriteriaId": "4DD5C6C4-2DBD-4C67-A10C-43A293ABD1A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:windows:*:*",
"versionEndIncluding": "4.8.6",
"matchCriteriaId": "CA11A0E7-FAC1-4BF1-85D4-7370EAC1E0C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads",
"source": "ART@zuso.ai"
"source": "ART@zuso.ai",
"tags": [
"Product"
]
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads",
"source": "ART@zuso.ai"
"source": "ART@zuso.ai",
"tags": [
"Product"
]
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads",
"source": "ART@zuso.ai"
"source": "ART@zuso.ai",
"tags": [
"Product"
]
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads",
"source": "ART@zuso.ai"
"source": "ART@zuso.ai",
"tags": [
"Product"
]
},
{
"url": "https://zuso.ai/Advisory/",
"source": "ART@zuso.ai"
"source": "ART@zuso.ai",
"tags": [
"Third Party Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-260xx/CVE-2023-26089.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-26089",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.707",
"lastModified": "2023-05-02T20:15:10.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5."
}
],
"metrics": {},
"references": [
{
"url": "https://iuclid6.echa.europa.eu",
"source": "cve@mitre.org"
},
{
"url": "https://iuclid6.echa.europa.eu/documents/1387205/1809530/note_v6.27.6.pdf/76545a65-e6be-6486-280a-7d7c3d2ad455?t=1677577170669",
"source": "cve@mitre.org"
},
{
"url": "https://iuclid6.echa.europa.eu/download",
"source": "cve@mitre.org"
}
]
}

63
CVE-2023/CVE-2023-262xx/CVE-2023-26268.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-26268",
"sourceIdentifier": "security@apache.org",
"published": "2023-05-02T21:15:09.233",
"lastModified": "2023-05-02T21:15:09.233",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:\n * validate_doc_update\n\n * list\n\n * filter\n\n * filter views (using view functions as filters)\n\n * rewrite\n\n * update\n\n\n\nThis doesn't affect map/reduce or search (Dreyfus) index functions.\n\nUsers are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@apache.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/ldkqs0nhpmho26bdxf4fon7w75hsq5gl",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/r2wvjfysg3d92lhhjd1qh3wfr8mlp0pp",
"source": "security@apache.org"
}
]
}

28
CVE-2023/CVE-2023-265xx/CVE-2023-26546.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-26546",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.757",
"lastModified": "2023-05-02T20:15:10.757",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission."
}
],
"metrics": {},
"references": [
{
"url": "https://iuclid6.echa.europa.eu",
"source": "cve@mitre.org"
},
{
"url": "https://iuclid6.echa.europa.eu/documents/1387205/1809530/note_v6.27.6.pdf/76545a65-e6be-6486-280a-7d7c3d2ad455?t=1677577170669",
"source": "cve@mitre.org"
},
{
"url": "https://iuclid6.echa.europa.eu/download",
"source": "cve@mitre.org"
}
]
}

54
CVE-2023/CVE-2023-275xx/CVE-2023-27524.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27524",
"sourceIdentifier": "security@apache.org",
"published": "2023-04-24T16:15:07.843",
"lastModified": "2023-04-24T18:15:09.297",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-02T20:43:06.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -46,14 +66,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.1",
"matchCriteriaId": "20E98F0D-B484-4FA4-8273-074A75ED3227"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/24/2",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-278xx/CVE-2023-27892.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-27892",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T21:15:09.337",
"lastModified": "2023-05-02T21:15:09.337",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With physical access to a PIN-unlocked device, attackers can extract the BIP39 mnemonic secret from the hardware wallet."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://blog.inhq.net/posts/keepkey-CVE-2023-27892/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/keepkey/keepkey-firmware/pull/337",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-297xx/CVE-2023-29778.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-29778",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.813",
"lastModified": "2023-05-02T20:15:10.813",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread."
}
],
"metrics": {},
"references": [
{
"url": "http://glinet.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/OlivierLaflamme/cve/blob/main/GL.iNET/MT3000/get_nginx_log_RCE.md",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-304xx/CVE-2023-30403.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-30403",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.880",
"lastModified": "2023-05-02T20:15:10.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to bypass login by connecting to the web app after a successful attempt by a legitimate user."
}
],
"metrics": {},
"references": [
{
"url": "https://dl.packetstormsecurity.net/2305-exploits/aigitalwnr-bypass.txt",
"source": "cve@mitre.org"
},
{
"url": "https://mandomat.github.io/2023-04-13-testing-a-cheap-wifi-repeater/",
"source": "cve@mitre.org"
}
]
}

67
CVE-2023/CVE-2023-307xx/CVE-2023-30776.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30776",
"sourceIdentifier": "security@apache.org",
"published": "2023-04-24T16:15:08.000",
"lastModified": "2023-04-24T18:15:09.597",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-02T20:31:13.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.3.0",
"versionEndIncluding": "2.0.1",
"matchCriteriaId": "023FEE14-E29A-4CA6-A622-C25BB41FCB50"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/24/3",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/s9w9w10mt2sngk3solwnmq5k7md53tsz",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

40
CVE-2023/CVE-2023-309xx/CVE-2023-30943.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-30943",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-05-02T20:15:10.943",
"lastModified": "2023-05-02T20:15:10.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system."
}
],
"metrics": {},
"weaknesses": [
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77718",
"source": "patrick@puiterwijk.org"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188605",
"source": "patrick@puiterwijk.org"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=446285",
"source": "patrick@puiterwijk.org"
}
]
}

40
CVE-2023/CVE-2023-309xx/CVE-2023-30944.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-30944",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-05-02T20:15:11.013",
"lastModified": "2023-05-02T20:15:11.013",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database."
}
],
"metrics": {},
"weaknesses": [
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77187",
"source": "patrick@puiterwijk.org"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188606",
"source": "patrick@puiterwijk.org"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=446286",
"source": "patrick@puiterwijk.org"
}
]
}

20
CVE-2023/CVE-2023-314xx/CVE-2023-31433.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31433",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:11.080",
"lastModified": "2023-05-02T20:15:11.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://cves.at/posts/cve-2023-31433/writeup/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-314xx/CVE-2023-31434.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31434",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:11.133",
"lastModified": "2023-05-02T20:15:11.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations."
}
],
"metrics": {},
"references": [
{
"url": "https://cves.at/posts/cve-2023-31434/writeup/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-314xx/CVE-2023-31435.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31435",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:11.187",
"lastModified": "2023-05-02T20:15:11.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly."
}
],
"metrics": {},
"references": [
{
"url": "https://cves.at/posts/cve-2023-31435/writeup/",
"source": "cve@mitre.org"
}
]
}

65
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-02T20:00:17.916430+00:00
2023-05-02T21:55:24.653363+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-02T19:53:14.293000+00:00
2023-05-02T21:15:09.337000+00:00
```
### Last Data Feed Release
@ -29,46 +29,47 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
213929
213946
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `17`
* [CVE-2023-30861](CVE-2023/CVE-2023-308xx/CVE-2023-30861.json) (`2023-05-02T18:15:52.373`)
* [CVE-2022-30759](CVE-2022/CVE-2022-307xx/CVE-2022-30759.json) (`2023-05-02T21:15:09.147`)
* [CVE-2022-47874](CVE-2022/CVE-2022-478xx/CVE-2022-47874.json) (`2023-05-02T20:15:10.423`)
* [CVE-2022-47875](CVE-2022/CVE-2022-478xx/CVE-2022-47875.json) (`2023-05-02T20:15:10.483`)
* [CVE-2022-47876](CVE-2022/CVE-2022-478xx/CVE-2022-47876.json) (`2023-05-02T20:15:10.537`)
* [CVE-2022-47877](CVE-2022/CVE-2022-478xx/CVE-2022-47877.json) (`2023-05-02T20:15:10.590`)
* [CVE-2022-47878](CVE-2022/CVE-2022-478xx/CVE-2022-47878.json) (`2023-05-02T20:15:10.647`)
* [CVE-2023-26089](CVE-2023/CVE-2023-260xx/CVE-2023-26089.json) (`2023-05-02T20:15:10.707`)
* [CVE-2023-26268](CVE-2023/CVE-2023-262xx/CVE-2023-26268.json) (`2023-05-02T21:15:09.233`)
* [CVE-2023-26546](CVE-2023/CVE-2023-265xx/CVE-2023-26546.json) (`2023-05-02T20:15:10.757`)
* [CVE-2023-27892](CVE-2023/CVE-2023-278xx/CVE-2023-27892.json) (`2023-05-02T21:15:09.337`)
* [CVE-2023-29778](CVE-2023/CVE-2023-297xx/CVE-2023-29778.json) (`2023-05-02T20:15:10.813`)
* [CVE-2023-30403](CVE-2023/CVE-2023-304xx/CVE-2023-30403.json) (`2023-05-02T20:15:10.880`)
* [CVE-2023-30943](CVE-2023/CVE-2023-309xx/CVE-2023-30943.json) (`2023-05-02T20:15:10.943`)
* [CVE-2023-30944](CVE-2023/CVE-2023-309xx/CVE-2023-30944.json) (`2023-05-02T20:15:11.013`)
* [CVE-2023-31433](CVE-2023/CVE-2023-314xx/CVE-2023-31433.json) (`2023-05-02T20:15:11.080`)
* [CVE-2023-31434](CVE-2023/CVE-2023-314xx/CVE-2023-31434.json) (`2023-05-02T20:15:11.133`)
* [CVE-2023-31435](CVE-2023/CVE-2023-314xx/CVE-2023-31435.json) (`2023-05-02T20:15:11.187`)
### CVEs modified in the last Commit
Recently modified CVEs: `26`
Recently modified CVEs: `11`
* [CVE-2021-26263](CVE-2021/CVE-2021-262xx/CVE-2021-26263.json) (`2023-05-02T19:53:14.293`)
* [CVE-2021-26947](CVE-2021/CVE-2021-269xx/CVE-2021-26947.json) (`2023-05-02T19:53:00.077`)
* [CVE-2021-44460](CVE-2021/CVE-2021-444xx/CVE-2021-44460.json) (`2023-05-02T19:51:34.470`)
* [CVE-2021-44461](CVE-2021/CVE-2021-444xx/CVE-2021-44461.json) (`2023-05-02T19:48:29.543`)
* [CVE-2022-48476](CVE-2022/CVE-2022-484xx/CVE-2022-48476.json) (`2023-05-02T19:21:10.690`)
* [CVE-2022-48477](CVE-2022/CVE-2022-484xx/CVE-2022-48477.json) (`2023-05-02T19:22:47.650`)
* [CVE-2023-2112](CVE-2023/CVE-2023-21xx/CVE-2023-2112.json) (`2023-05-02T18:05:28.077`)
* [CVE-2023-2193](CVE-2023/CVE-2023-21xx/CVE-2023-2193.json) (`2023-05-02T18:13:54.933`)
* [CVE-2023-2219](CVE-2023/CVE-2023-22xx/CVE-2023-2219.json) (`2023-05-02T18:01:14.847`)
* [CVE-2023-22577](CVE-2023/CVE-2023-225xx/CVE-2023-22577.json) (`2023-05-02T19:13:08.980`)
* [CVE-2023-22581](CVE-2023/CVE-2023-225xx/CVE-2023-22581.json) (`2023-05-02T19:16:34.527`)
* [CVE-2023-28131](CVE-2023/CVE-2023-281xx/CVE-2023-28131.json) (`2023-05-02T18:15:27.097`)
* [CVE-2023-28976](CVE-2023/CVE-2023-289xx/CVE-2023-28976.json) (`2023-05-02T19:45:00.223`)
* [CVE-2023-28978](CVE-2023/CVE-2023-289xx/CVE-2023-28978.json) (`2023-05-02T19:36:27.620`)
* [CVE-2023-28979](CVE-2023/CVE-2023-289xx/CVE-2023-28979.json) (`2023-05-02T19:30:15.163`)
* [CVE-2023-28980](CVE-2023/CVE-2023-289xx/CVE-2023-28980.json) (`2023-05-02T19:24:21.117`)
* [CVE-2023-28981](CVE-2023/CVE-2023-289xx/CVE-2023-28981.json) (`2023-05-02T19:11:40.677`)
* [CVE-2023-28982](CVE-2023/CVE-2023-289xx/CVE-2023-28982.json) (`2023-05-02T19:07:07.270`)
* [CVE-2023-30533](CVE-2023/CVE-2023-305xx/CVE-2023-30533.json) (`2023-05-02T18:40:51.750`)
* [CVE-2023-31045](CVE-2023/CVE-2023-310xx/CVE-2023-31045.json) (`2023-05-02T18:47:46.453`)
* [CVE-2023-31059](CVE-2023/CVE-2023-310xx/CVE-2023-31059.json) (`2023-05-02T18:17:24.350`)
* [CVE-2023-31060](CVE-2023/CVE-2023-310xx/CVE-2023-31060.json) (`2023-05-02T18:17:13.847`)
* [CVE-2023-31061](CVE-2023/CVE-2023-310xx/CVE-2023-31061.json) (`2023-05-02T18:17:03.750`)
* [CVE-2023-31081](CVE-2023/CVE-2023-310xx/CVE-2023-31081.json) (`2023-05-02T18:18:24.810`)
* [CVE-2023-31082](CVE-2023/CVE-2023-310xx/CVE-2023-31082.json) (`2023-05-02T18:18:50.580`)
* [CVE-2023-31083](CVE-2023/CVE-2023-310xx/CVE-2023-31083.json) (`2023-05-02T18:19:06.393`)
* [CVE-2021-23186](CVE-2021/CVE-2021-231xx/CVE-2021-23186.json) (`2023-05-02T20:21:22.287`)
* [CVE-2021-23203](CVE-2021/CVE-2021-232xx/CVE-2021-23203.json) (`2023-05-02T20:06:15.217`)
* [CVE-2021-44775](CVE-2021/CVE-2021-447xx/CVE-2021-44775.json) (`2023-05-02T20:26:24.113`)
* [CVE-2021-45071](CVE-2021/CVE-2021-450xx/CVE-2021-45071.json) (`2023-05-02T20:26:15.753`)
* [CVE-2022-37708](CVE-2022/CVE-2022-377xx/CVE-2022-37708.json) (`2023-05-02T20:15:10.323`)
* [CVE-2022-41612](CVE-2022/CVE-2022-416xx/CVE-2022-41612.json) (`2023-05-02T20:35:51.020`)
* [CVE-2022-47509](CVE-2022/CVE-2022-475xx/CVE-2022-47509.json) (`2023-05-02T20:11:21.690`)
* [CVE-2023-25132](CVE-2023/CVE-2023-251xx/CVE-2023-25132.json) (`2023-05-02T20:19:38.180`)
* [CVE-2023-25133](CVE-2023/CVE-2023-251xx/CVE-2023-25133.json) (`2023-05-02T20:24:58.830`)
* [CVE-2023-27524](CVE-2023/CVE-2023-275xx/CVE-2023-27524.json) (`2023-05-02T20:43:06.460`)
* [CVE-2023-30776](CVE-2023/CVE-2023-307xx/CVE-2023-30776.json) (`2023-05-02T20:31:13.387`)
## Download and Usage