admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-15T11:00:24.169129+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-15 11:00:27 +00:00
parent 5be406ddc6
commit fcf83e6157
19 changed files with 962 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
CVE-2023/CVE-2023-292xx/CVE-2023-29234.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-29234",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-15T09:15:07.380",
"lastModified": "2023-12-15T09:15:07.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A deserialization vulnerability existed when decode a\u00a0malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4.\n\nUsers are recommended to upgrade to the latest version, which fixes the issue.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/2",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/wb2df2whkdnbgp54nnqn0m94rllx8f77",
"source": "security@apache.org"
}
]
}

36
CVE-2023/CVE-2023-462xx/CVE-2023-46279.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-46279",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-15T09:15:07.490",
"lastModified": "2023-12-15T09:15:07.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5.\n\nUsers are recommended to upgrade to the latest version, which fixes the issue.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/15/3",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo",
"source": "security@apache.org"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48380.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48380",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T09:15:07.577",
"lastModified": "2023-12-15T09:15:07.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7598-37b03-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48381.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48381",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T09:15:07.773",
"lastModified": "2023-12-15T09:15:07.773",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7599-461d5-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48382.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48382",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T09:15:07.967",
"lastModified": "2023-12-15T09:15:07.967",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7600-dd072-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48384.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48384",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T09:15:08.160",
"lastModified": "2023-12-15T09:15:08.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7601-71c94-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48387.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48387",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T09:15:08.357",
"lastModified": "2023-12-15T09:15:08.357",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TAIWAN-CA(TWCA) JCICSecurityTool's Registry-related functions have insufficient filtering for special characters. An unauthenticated remote attacker can inject malicious script into a webpage to perform XSS (Stored Cross-Site Scripting) attack."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7602-a47a2-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48388.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48388",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T09:15:08.550",
"lastModified": "2023-12-15T09:15:08.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7603-b1061-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48389.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48389",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T09:15:08.760",
"lastModified": "2023-12-15T09:15:08.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7604-ab0fd-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48390.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48390",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T09:15:08.950",
"lastModified": "2023-12-15T09:15:08.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7605-2d86d-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48392.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48392",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T10:15:07.590",
"lastModified": "2023-12-15T10:15:07.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator\u2019s account, to execute login account\u2019s permissions, and obtain relevant information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7622-57e5f-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48393.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48393",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T10:15:07.927",
"lastModified": "2023-12-15T10:15:07.927",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7623-5660d-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48394.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48394",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T10:15:08.237",
"lastModified": "2023-12-15T10:15:08.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7624-d0300-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-483xx/CVE-2023-48395.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48395",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-12-15T10:15:08.590",
"lastModified": "2023-12-15T10:15:08.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7625-a0b9c-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-68xx/CVE-2023-6835.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6835",
"sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"published": "2023-12-15T10:15:09.043",
"lastModified": "2023-12-15T10:15:09.043",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum\u00a0feature, API rating could be manipulated."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357/",
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8"
}
]
}

55
CVE-2023/CVE-2023-68xx/CVE-2023-6836.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6836",
"sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"published": "2023-12-15T10:15:09.407",
"lastModified": "2023-12-15T10:15:09.407",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/",
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8"
}
]
}

43
CVE-2023/CVE-2023-68xx/CVE-2023-6837.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-6837",
"sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"published": "2023-12-15T10:15:09.767",
"lastModified": "2023-12-15T10:15:09.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning.\u00a0In order for this vulnerability to have any impact on your deployment, following conditions must be met:\n\n * An IDP configured for federated authentication and JIT provisioning enabled with the \"Prompt for username, password and consent\" option.\n * A service provider that uses the above IDP for federated authentication and has the \"Assert identity using mapped local subject identifier\" flag enabled.\n\n\nAttacker should have:\n\n * A fresh valid user account in the federated IDP that has not been used earlier.\n * Knowledge of the username of a valid user in the local IDP.\n\n\nWhen all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1573/",
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8"
}
]
}

55
CVE-2023/CVE-2023-68xx/CVE-2023-6838.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6838",
"sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"published": "2023-12-15T10:15:10.000",
"lastModified": "2023-12-15T10:15:10.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1233/",
"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8"
}
]
}

33
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-15T09:00:27.889537+00:00
2023-12-15T11:00:24.169129+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-15T08:15:46.370000+00:00
2023-12-15T10:15:10+00:00
```
### Last Data Feed Release
@ -29,20 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
233254
233272
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `18`
* [CVE-2023-48374](CVE-2023/CVE-2023-483xx/CVE-2023-48374.json) (`2023-12-15T08:15:44.563`)
* [CVE-2023-48375](CVE-2023/CVE-2023-483xx/CVE-2023-48375.json) (`2023-12-15T08:15:45.000`)
* [CVE-2023-48376](CVE-2023/CVE-2023-483xx/CVE-2023-48376.json) (`2023-12-15T08:15:45.277`)
* [CVE-2023-48378](CVE-2023/CVE-2023-483xx/CVE-2023-48378.json) (`2023-12-15T08:15:45.547`)
* [CVE-2023-48379](CVE-2023/CVE-2023-483xx/CVE-2023-48379.json) (`2023-12-15T08:15:45.803`)
* [CVE-2023-6826](CVE-2023/CVE-2023-68xx/CVE-2023-6826.json) (`2023-12-15T08:15:46.120`)
* [CVE-2023-6827](CVE-2023/CVE-2023-68xx/CVE-2023-6827.json) (`2023-12-15T08:15:46.370`)
* [CVE-2023-29234](CVE-2023/CVE-2023-292xx/CVE-2023-29234.json) (`2023-12-15T09:15:07.380`)
* [CVE-2023-46279](CVE-2023/CVE-2023-462xx/CVE-2023-46279.json) (`2023-12-15T09:15:07.490`)
* [CVE-2023-48380](CVE-2023/CVE-2023-483xx/CVE-2023-48380.json) (`2023-12-15T09:15:07.577`)
* [CVE-2023-48381](CVE-2023/CVE-2023-483xx/CVE-2023-48381.json) (`2023-12-15T09:15:07.773`)
* [CVE-2023-48382](CVE-2023/CVE-2023-483xx/CVE-2023-48382.json) (`2023-12-15T09:15:07.967`)
* [CVE-2023-48384](CVE-2023/CVE-2023-483xx/CVE-2023-48384.json) (`2023-12-15T09:15:08.160`)
* [CVE-2023-48387](CVE-2023/CVE-2023-483xx/CVE-2023-48387.json) (`2023-12-15T09:15:08.357`)
* [CVE-2023-48388](CVE-2023/CVE-2023-483xx/CVE-2023-48388.json) (`2023-12-15T09:15:08.550`)
* [CVE-2023-48389](CVE-2023/CVE-2023-483xx/CVE-2023-48389.json) (`2023-12-15T09:15:08.760`)
* [CVE-2023-48390](CVE-2023/CVE-2023-483xx/CVE-2023-48390.json) (`2023-12-15T09:15:08.950`)
* [CVE-2023-48392](CVE-2023/CVE-2023-483xx/CVE-2023-48392.json) (`2023-12-15T10:15:07.590`)
* [CVE-2023-48393](CVE-2023/CVE-2023-483xx/CVE-2023-48393.json) (`2023-12-15T10:15:07.927`)
* [CVE-2023-48394](CVE-2023/CVE-2023-483xx/CVE-2023-48394.json) (`2023-12-15T10:15:08.237`)
* [CVE-2023-48395](CVE-2023/CVE-2023-483xx/CVE-2023-48395.json) (`2023-12-15T10:15:08.590`)
* [CVE-2023-6835](CVE-2023/CVE-2023-68xx/CVE-2023-6835.json) (`2023-12-15T10:15:09.043`)
* [CVE-2023-6836](CVE-2023/CVE-2023-68xx/CVE-2023-6836.json) (`2023-12-15T10:15:09.407`)
* [CVE-2023-6837](CVE-2023/CVE-2023-68xx/CVE-2023-6837.json) (`2023-12-15T10:15:09.767`)
* [CVE-2023-6838](CVE-2023/CVE-2023-68xx/CVE-2023-6838.json) (`2023-12-15T10:15:10.000`)
### CVEs modified in the last Commit