admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-04T21:55:23.937706+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-04 23:55:27 +02:00
parent af5b8963b8
commit fe22943ef9
86 changed files with 4967 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2022/CVE-2022-474xx/CVE-2022-47434.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47434",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-04T21:15:09.313",
"lastModified": "2023-05-04T21:15:09.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB SEO Friendly Images plugin <=\u00a04.0.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pb-seo-friendly-images/wordpress-pb-seo-friendly-images-plugin-4-0-5-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-474xx/CVE-2022-47449.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47449",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-04T21:15:09.387",
"lastModified": "2023-05-04T21:15:09.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme Cart Lift \u2013 Abandoned Cart Recovery for WooCommerce and EDD plugin <=\u00a03.1.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cart-lift/wordpress-cart-lift-abandoned-cart-recovery-for-woocommerce-and-edd-plugin-3-1-5-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

28
CVE-2022/CVE-2022-476xx/CVE-2022-47648.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-47648",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-08T21:15:10.707",
"lastModified": "2023-03-07T20:15:08.917",
"lastModified": "2023-05-04T21:15:09.457",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Bosch Security Systems B420 firmware 02.02.0001 employs IP based authorization in its authentication mechanism, allowing attackers to access the device as long as they are on the same network as a legitimate user."
"value": "An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can gain access to the same panel without requiring any sort of authorization. The B420 module was already obsolete at the time this vulnerability was found (The End of Life announcement was made in 2013)."
}
],
"metrics": {
@ -31,6 +31,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
@ -89,6 +109,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-341298-BT.html",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-06xx/CVE-2023-0698.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0698",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-07T21:15:09.417",
"lastModified": "2023-02-15T20:27:59.607",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-04T20:15:09.503",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -78,6 +78,10 @@
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693",
"source": "chrome-cve-admin@google.com"
}
]
}

55
CVE-2023/CVE-2023-201xx/CVE-2023-20126.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-20126",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-05-04T20:15:09.633",
"lastModified": "2023-05-04T20:15:09.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW",
"source": "ykramarz@cisco.com"
}
]
}

84
CVE-2023/CVE-2023-208xx/CVE-2023-20869.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-20869",
"sourceIdentifier": "security@vmware.com",
"published": "2023-04-25T22:15:09.420",
"lastModified": "2023-05-04T20:19:48.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.0.2",
"matchCriteriaId": "B628132D-043A-4989-9524-9FA53B1DEADC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.0",
"versionEndExcluding": "17.0.2",
"matchCriteriaId": "53930936-892B-421E-B75C-BD2DEC4A09AA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0008.html",
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

89
CVE-2023/CVE-2023-208xx/CVE-2023-20871.json Normal file
View File

@ -0,0 +1,89 @@
{
"id": "CVE-2023-20871",
"sourceIdentifier": "security@vmware.com",
"published": "2023-04-25T21:15:10.023",
"lastModified": "2023-05-04T21:24:33.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.0.2",
"matchCriteriaId": "B628132D-043A-4989-9524-9FA53B1DEADC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0008.html",
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

103
CVE-2023/CVE-2023-208xx/CVE-2023-20872.json Normal file
View File

@ -0,0 +1,103 @@
{
"id": "CVE-2023-20872",
"sourceIdentifier": "security@vmware.com",
"published": "2023-04-25T21:15:10.073",
"lastModified": "2023-05-04T21:24:15.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:fusion:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFED80D5-91E2-4F5E-B373-988FE6B423AC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:workstation:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B52B9830-14D3-4CB5-9CE9-7A805820276A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0008.html",
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21484.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21484",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:09.547",
"lastModified": "2023-05-04T21:15:09.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21485.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21485",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:09.627",
"lastModified": "2023-05-04T21:15:09.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-926"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21486.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21486",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:09.697",
"lastModified": "2023-05-04T21:15:09.697",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-926"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21487.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21487",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:09.760",
"lastModified": "2023-05-04T21:15:09.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21488.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21488",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:09.817",
"lastModified": "2023-05-04T21:15:09.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21489.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21489",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:09.883",
"lastModified": "2023-05-04T21:15:09.883",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21490.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21490",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:09.943",
"lastModified": "2023-05-04T21:15:09.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21491.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21491",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.007",
"lastModified": "2023-05-04T21:15:10.007",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21492.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21492",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.070",
"lastModified": "2023-05-04T21:15:10.070",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21493.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21493",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.137",
"lastModified": "2023-05-04T21:15:10.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21494.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21494",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.200",
"lastModified": "2023-05-04T21:15:10.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21495.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21495",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.267",
"lastModified": "2023-05-04T21:15:10.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21496.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21496",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.333",
"lastModified": "2023-05-04T21:15:10.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-489"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21497.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21497",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.403",
"lastModified": "2023-05-04T21:15:10.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-134"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21498.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21498",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.477",
"lastModified": "2023-05-04T21:15:10.477",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-214xx/CVE-2023-21499.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21499",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.540",
"lastModified": "2023-05-04T21:15:10.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21500.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21500",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.600",
"lastModified": "2023-05-04T21:15:10.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21501.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21501",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.663",
"lastModified": "2023-05-04T21:15:10.663",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21502.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21502",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.727",
"lastModified": "2023-05-04T21:15:10.727",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21503.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21503",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.790",
"lastModified": "2023-05-04T21:15:10.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21504.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21504",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.853",
"lastModified": "2023-05-04T21:15:10.853",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21505.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21505",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:10.917",
"lastModified": "2023-05-04T21:15:10.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21506.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21506",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:11.080",
"lastModified": "2023-05-04T21:15:11.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21507.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21507",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:11.150",
"lastModified": "2023-05-04T21:15:11.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21508.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21508",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:11.207",
"lastModified": "2023-05-04T21:15:11.207",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21509.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21509",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:11.270",
"lastModified": "2023-05-04T21:15:11.270",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21510.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21510",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:11.327",
"lastModified": "2023-05-04T21:15:11.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21511.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21511",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-04T21:15:11.387",
"lastModified": "2023-05-04T21:15:11.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05",
"source": "mobile.security@samsung.com"
}
]
}

103
CVE-2023/CVE-2023-227xx/CVE-2023-22729.json Normal file
View File

@ -0,0 +1,103 @@
{
"id": "CVE-2023-22729",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-26T15:15:08.887",
"lastModified": "2023-05-04T20:13:00.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.12.5",
"matchCriteriaId": "12AC8517-3E73-4583-BD9E-E9D129DEDAF8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

138
CVE-2023/CVE-2023-22xx/CVE-2023-2293.json Normal file
View File

@ -0,0 +1,138 @@
{
"id": "CVE-2023-2293",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-25T21:15:10.693",
"lastModified": "2023-05-04T20:08:07.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been classified as problematic. This affects an unknown part of the file classes/Master.php?f=save_item. The manipulation of the argument description with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227463."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:purchase_order_management_system_project:purchase_order_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03DF14E7-752B-4DDC-9AE9-DFDE24815075"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/biantaibao/bug_report/blob/main/XSS-1.md",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.227463",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227463",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-230xx/CVE-2023-23059.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-23059",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T20:15:09.737",
"lastModified": "2023-05-04T20:15:09.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges."
}
],
"metrics": {},
"references": [
{
"url": "http://geovision.com",
"source": "cve@mitre.org"
},
{
"url": "http://gv-edge.com",
"source": "cve@mitre.org"
},
{
"url": "https://packetstormsecurity.com/files/172141/GV-Edge-Recording-Manager-2.2.3.0-Privilege-Escalation.html",
"source": "cve@mitre.org"
}
]
}

113
CVE-2023/CVE-2023-238xx/CVE-2023-23839.json Normal file
View File

@ -0,0 +1,113 @@
{
"id": "CVE-2023-23839",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-04-25T21:15:10.117",
"lastModified": "2023-05-04T21:19:44.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.2.0",
"matchCriteriaId": "326F2E48-92E4-4BB6-9B05-2232E45B100F"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm",
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23839",
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-23xx/CVE-2023-2336.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2336",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-27T12:15:09.173",
"lastModified": "2023-04-27T12:15:09.173",
"vulnStatus": "Received",
"lastModified": "2023-05-04T20:03:07.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.5.21",
"matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
]
}
]
}

55
CVE-2023/CVE-2023-23xx/CVE-2023-2338.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2338",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-27T12:15:09.237",
"lastModified": "2023-04-27T12:15:09.237",
"vulnStatus": "Received",
"lastModified": "2023-05-04T20:02:34.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.5.21",
"matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
]
}
]
}

55
CVE-2023/CVE-2023-23xx/CVE-2023-2339.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2339",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-27T12:15:09.300",
"lastModified": "2023-04-27T12:15:09.300",
"vulnStatus": "Received",
"lastModified": "2023-05-04T20:07:25.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.5.21",
"matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
]
}
]
}

55
CVE-2023/CVE-2023-23xx/CVE-2023-2340.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2340",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-27T13:15:09.213",
"lastModified": "2023-04-27T14:36:08.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:07:12.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.5.21",
"matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
]
}
]
}

55
CVE-2023/CVE-2023-23xx/CVE-2023-2341.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2341",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-27T14:15:09.083",
"lastModified": "2023-04-27T14:36:08.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:08:13.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.5.21",
"matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
]
}
]
}

67
CVE-2023/CVE-2023-23xx/CVE-2023-2342.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2342",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-27T14:15:09.137",
"lastModified": "2023-04-27T14:36:08.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:07:48.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -36,7 +58,7 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +66,51 @@
"value": "CWE-79"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.5.21",
"matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
]
}
]
}

55
CVE-2023/CVE-2023-23xx/CVE-2023-2343.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2343",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-27T14:15:09.187",
"lastModified": "2023-04-27T14:36:08.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:08:35.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.5.21",
"matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
]
}
]
}

61
CVE-2023/CVE-2023-23xx/CVE-2023-2344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2344",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-27T14:15:09.240",
"lastModified": "2023-04-27T14:36:08.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:00:56.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:service_provider_management_system_project:service_provider_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72A53E3F-CC8B-4570-9F4F-BA25E7F4F642"
}
]
}
]
}
],
"references": [
{
"url": "http://cdn.polowong.top/image-20230427193041378.png",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.227587",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.227587",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

62
CVE-2023/CVE-2023-249xx/CVE-2023-24966.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24966",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-04-27T14:15:09.013",
"lastModified": "2023-04-27T14:36:08.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:04:20.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +66,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0.0",
"versionEndExcluding": "8.5.5.24",
"matchCriteriaId": "0B08841C-A10A-4006-B4BD-C27E171A4D22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0.0",
"versionEndExcluding": "9.0.5.16",
"matchCriteriaId": "B56C8C37-DDE0-4E15-A9A4-9AB2A59CF679"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246904",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/6986333",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-252xx/CVE-2023-25289.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-25289",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T21:15:11.447",
"lastModified": "2023-05-04T21:15:11.447",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request."
}
],
"metrics": {},
"references": [
{
"url": "https://www.exploit-db.com/exploits/51142",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25458.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25458",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-04T20:15:09.797",
"lastModified": "2023-05-04T20:15:09.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <=\u00a02.0.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ts-webfonts-for-conoha/wordpress-typesquare-webfonts-for-conoha-plugin-2-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

175
CVE-2023/CVE-2023-256xx/CVE-2023-25652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25652",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-25T20:15:09.933",
"lastModified": "2023-05-01T06:15:14.517",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T21:26:02.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,30 +76,157 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.30.9",
"matchCriteriaId": "A2E4BF99-17B8-4424-B97E-DDB8A4793DAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.31.0",
"versionEndExcluding": "2.31.8",
"matchCriteriaId": "2A1D7F29-E06F-4277-8713-1C19DE714300"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.32.0",
"versionEndExcluding": "2.32.7",
"matchCriteriaId": "0B69F022-B29E-4D9A-B4FC-78430AFF0C9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.33.0",
"versionEndExcluding": "2.33.8",
"matchCriteriaId": "8A2B603F-B8E2-4123-80A4-64E983FF1F86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.34.0",
"versionEndExcluding": "2.34.8",
"matchCriteriaId": "26D3ED4E-246E-4D4D-9E2D-7890E93ECED8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.35.0",
"versionEndExcluding": "2.35.8",
"matchCriteriaId": "D3988013-1332-49F8-85E7-7EB59BE36A63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.36.0",
"versionEndExcluding": "2.36.6",
"matchCriteriaId": "CB966EF2-F4F8-4462-AA73-5B452538E756"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.37.0",
"versionEndExcluding": "2.37.7",
"matchCriteriaId": "030542CA-76BF-4252-9E03-D7E44D3DEE19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.38.0",
"versionEndExcluding": "2.38.5",
"matchCriteriaId": "6EAEE109-8AD8-4383-AAC3-E9D2A4794F8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.39.0",
"versionEndExcluding": "2.39.3",
"matchCriteriaId": "BE329F8E-076F-4895-A2A2-A1C0330C1F6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:2.40.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89633B46-319A-499C-9848-2EA60AC030EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/25/2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://github.com/git/git/commit/18e2b1cfc80990719275d7b08e6e50f3e8cbc902",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/git/git/commit/668f2d53613ac8fd373926ebe219f2c29112d93e",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

118
CVE-2023/CVE-2023-258xx/CVE-2023-25815.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25815",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-25T20:15:09.997",
"lastModified": "2023-05-01T06:15:15.037",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T21:25:27.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-134"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,38 +80,104 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.40.1",
"matchCriteriaId": "E740B447-D96A-40C3-AFA9-9B058379E04D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/25/2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://axcheron.github.io/exploit-101-format-strings/#writing-to-the-stack",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/msys2/MINGW-packages/pull/10461",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://pubs.opengroup.org/onlinepubs/9699919799/functions/printf.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
}
]
}

55
CVE-2023/CVE-2023-259xx/CVE-2023-25961.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25961",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-04T20:15:09.897",
"lastModified": "2023-05-04T20:15:09.897",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <=\u00a01.1.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/darcie/wordpress-darcie-theme-1-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-259xx/CVE-2023-25977.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25977",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-04T20:15:09.977",
"lastModified": "2023-05-04T20:15:09.977",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT \u2013 Speakers plugin <=\u00a01.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cpt-speakers/wordpress-cpt-speakers-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-259xx/CVE-2023-25982.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25982",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-04T20:15:10.060",
"lastModified": "2023-05-04T20:15:10.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <=\u00a02.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-youtube-responsive/wordpress-simple-youtube-responsive-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

58
CVE-2023/CVE-2023-278xx/CVE-2023-27860.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27860",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-04-27T19:15:20.253",
"lastModified": "2023-04-28T12:58:13.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:44:00.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +66,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249207",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/6985679",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-280xx/CVE-2023-28084.json Normal file
View File

@ -0,0 +1,106 @@
{
"id": "CVE-2023-28084",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-04-25T20:15:10.067",
"lastModified": "2023-05-04T21:24:46.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.60.04",
"matchCriteriaId": "FBAAD7B8-CB8C-4F50-8A30-0B2CF5199B8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0",
"versionEndExcluding": "8.2",
"matchCriteriaId": "CCD692B5-5224-4D65-B5F6-9B1B4EF5B227"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hpe:oneview_global_dashboard:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.72",
"matchCriteriaId": "458F8B2A-D560-4497-9DD0-1C654B28B991"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04468en_us",
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us",
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-283xx/CVE-2023-28384.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-28384",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-04-27T23:15:14.867",
"lastModified": "2023-04-28T12:58:13.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:59:02.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -23,10 +56,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.26.0",
"matchCriteriaId": "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

63
CVE-2023/CVE-2023-284xx/CVE-2023-28400.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-28400",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-04-27T23:15:14.917",
"lastModified": "2023-04-28T12:58:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:58:34.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -23,10 +56,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.26.0",
"matchCriteriaId": "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

69
CVE-2023/CVE-2023-284xx/CVE-2023-28471.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-28471",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-28T14:15:10.307",
"lastModified": "2023-04-28T17:06:28.060",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:59:56.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.2.0",
"matchCriteriaId": "00F33859-EA9B-4E6D-9B8C-62945094ED9F"
}
]
}
]
}
],
"references": [
{
"url": "https://concretecms.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-287xx/CVE-2023-28716.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-28716",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-04-27T23:15:14.963",
"lastModified": "2023-04-28T12:58:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:56:00.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -23,10 +56,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.26.0",
"matchCriteriaId": "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

157
CVE-2023/CVE-2023-290xx/CVE-2023-29007.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29007",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-25T21:15:10.403",
"lastModified": "2023-05-01T06:15:16.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T21:19:21.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,26 +66,149 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.30.9",
"matchCriteriaId": "A2E4BF99-17B8-4424-B97E-DDB8A4793DAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.31.0",
"versionEndExcluding": "2.31.8",
"matchCriteriaId": "2A1D7F29-E06F-4277-8713-1C19DE714300"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.32.0",
"versionEndExcluding": "2.32.7",
"matchCriteriaId": "0B69F022-B29E-4D9A-B4FC-78430AFF0C9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.33.0",
"versionEndExcluding": "2.33.8",
"matchCriteriaId": "8A2B603F-B8E2-4123-80A4-64E983FF1F86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.34.0",
"versionEndExcluding": "2.34.8",
"matchCriteriaId": "26D3ED4E-246E-4D4D-9E2D-7890E93ECED8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.35.0",
"versionEndExcluding": "2.35.8",
"matchCriteriaId": "D3988013-1332-49F8-85E7-7EB59BE36A63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.36.0",
"versionEndExcluding": "2.36.5",
"matchCriteriaId": "0588D372-41D2-442E-976E-6B24DB1A1EC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.37.0",
"versionEndExcluding": "2.37.7",
"matchCriteriaId": "030542CA-76BF-4252-9E03-D7E44D3DEE19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.38.0",
"versionEndExcluding": "2.38.5",
"matchCriteriaId": "6EAEE109-8AD8-4383-AAC3-E9D2A4794F8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.39.0",
"versionEndExcluding": "2.39.3",
"matchCriteriaId": "BE329F8E-076F-4895-A2A2-A1C0330C1F6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git-scm:git:2.40.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89633B46-319A-499C-9848-2EA60AC030EB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/git/git/blob/9ce9dea4e1c2419cca126d29fa7730baa078a11b/Documentation/RelNotes/2.30.9.txt",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

103
CVE-2023/CVE-2023-290xx/CVE-2023-29011.json Normal file
View File

@ -0,0 +1,103 @@
{
"id": "CVE-2023-29011",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-25T21:15:10.480",
"lastModified": "2023-05-04T21:18:43.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\\etc\\connectrc`. Since `C:\\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\\etc\\connectrc` files on multi-user machines."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.40.1",
"matchCriteriaId": "E740B447-D96A-40C3-AFA9-9B058379E04D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1",
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jm",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

103
CVE-2023/CVE-2023-290xx/CVE-2023-29012.json Normal file
View File

@ -0,0 +1,103 @@
{
"id": "CVE-2023-29012",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-25T21:15:10.557",
"lastModified": "2023-05-04T21:18:15.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.40.1",
"matchCriteriaId": "E740B447-D96A-40C3-AFA9-9B058379E04D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1",
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-291xx/CVE-2023-29150.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-29150",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-04-27T23:15:15.007",
"lastModified": "2023-04-28T12:58:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:53:54.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -23,10 +56,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.26.0",
"matchCriteriaId": "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

63
CVE-2023/CVE-2023-291xx/CVE-2023-29169.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-29169",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-04-27T23:15:15.050",
"lastModified": "2023-04-28T12:58:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:40:25.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -23,10 +56,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.26.0",
"matchCriteriaId": "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

186
CVE-2023/CVE-2023-292xx/CVE-2023-29255.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29255",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-04-27T13:15:09.053",
"lastModified": "2023-04-27T14:36:08.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:06:43.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,160 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.1",
"versionEndExcluding": "11.1.4",
"matchCriteriaId": "421BBE95-3D5B-421A-9DC1-8B08D019B2A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.5",
"versionEndExcluding": "11.5.8",
"matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
"matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*",
"matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
"matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
"matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
"matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
"matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
"matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
"matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
"matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
"matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
"matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
"matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
"matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
"matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
"matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
"matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
"matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
"matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251991",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/6985687",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-300xx/CVE-2023-30094.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-30094",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T20:15:10.153",
"lastModified": "2023-05-04T20:15:10.153",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/totaljs/flow/issues/100",
"source": "cve@mitre.org"
},
{
"url": "https://www.edoardoottavianelli.it/CVE-2023-30094/",
"source": "cve@mitre.org"
},
{
"url": "https://www.youtube.com/watch?v=8VbTm2sIdBE",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-300xx/CVE-2023-30095.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-30095",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T20:15:10.213",
"lastModified": "2023-05-04T20:15:10.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/totaljs/messenger/issues/11",
"source": "cve@mitre.org"
},
{
"url": "https://www.edoardoottavianelli.it/CVE-2023-30095/",
"source": "cve@mitre.org"
},
{
"url": "https://www.youtube.com/watch?v=nzhIKn999Mk",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-300xx/CVE-2023-30096.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-30096",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T20:15:10.267",
"lastModified": "2023-05-04T20:15:10.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/totaljs/messenger/issues/10",
"source": "cve@mitre.org"
},
{
"url": "https://www.edoardoottavianelli.it/CVE-2023-30096/",
"source": "cve@mitre.org"
},
{
"url": "https://www.youtube.com/watch?v=1SMQKRiibHw",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-300xx/CVE-2023-30097.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-30097",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T20:15:10.320",
"lastModified": "2023-05-04T20:15:10.320",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/totaljs/messenger/issues/9",
"source": "cve@mitre.org"
},
{
"url": "https://www.edoardoottavianelli.it/CVE-2023-30097/",
"source": "cve@mitre.org"
},
{
"url": "https://www.youtube.com/watch?v=qX_wuVQsj1I",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-302xx/CVE-2023-30216.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-30216",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T21:15:11.493",
"lastModified": "2023-05-04T21:15:11.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/newbee-ltd/newbee-mall/issues/76",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-302xx/CVE-2023-30264.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-30264",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T20:15:10.377",
"lastModified": "2023-05-04T20:15:10.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/HuBenLab/8498761dc3eaaed724a134197f092c47",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type%202.md",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-302xx/CVE-2023-30265.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30265",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T14:15:09.697",
"lastModified": "2023-05-04T19:15:15.477",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-04T20:15:10.427",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -65,6 +65,10 @@
}
],
"references": [
{
"url": "https://gist.github.com/HuBenLab/1d1bc201d5df41426d719e56d4421b30",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Path%20Traversal.md",
"source": "cve@mitre.org",

8
CVE-2023/CVE-2023-302xx/CVE-2023-30266.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30266",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T14:15:09.737",
"lastModified": "2023-05-04T19:14:22.830",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-04T20:15:10.493",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -65,6 +65,10 @@
}
],
"references": [
{
"url": "https://gist.github.com/HuBenLab/a6ef7e5efeae2635f54cb69327409a19",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type%201.md",
"source": "cve@mitre.org",

24
CVE-2023/CVE-2023-302xx/CVE-2023-30268.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-30268",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T20:15:10.567",
"lastModified": "2023-05-04T20:15:10.567",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CLTPHP <=6.0 is vulnerable to Improper Input Validation."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/HuBenLab/16dc2f87f91a6f8c60eefce5abf18c08",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Improper%20Input%20Validation%202.md",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-302xx/CVE-2023-30269.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30269",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T14:15:09.813",
"lastModified": "2023-05-04T19:08:50.027",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-04T20:15:10.617",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -65,6 +65,10 @@
}
],
"references": [
{
"url": "https://gist.github.com/HuBenLab/f5eb8ebbba20c835a3170d392c9e46a4",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Improper%20Input%20Validation%201.md",
"source": "cve@mitre.org",

24
CVE-2023/CVE-2023-303xx/CVE-2023-30328.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-30328",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T21:15:11.540",
"lastModified": "2023-05-04T21:15:11.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/rand0mIdas/randomideas/blob/main/ShimoVPN.md",
"source": "cve@mitre.org"
},
{
"url": "https://raw.githubusercontent.com/rand0mIdas/randomideas/main/ShimoVPN.md?token=GHSAT0AAAAAACA3WX4SPH2YYOCWGV6LLVSGZBIEKEQ",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-303xx/CVE-2023-30399.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-30399",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T21:15:11.593",
"lastModified": "2023-05-04T21:15:11.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack."
}
],
"metrics": {},
"references": [
{
"url": "http://garocharging.com/glb-wallbox/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Yof3ng/IoT/blob/master/Garo/CVE-2023-30399.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.garo.se/",
"source": "cve@mitre.org"
}
]
}

52
CVE-2023/CVE-2023-304xx/CVE-2023-30444.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30444",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-04-27T13:15:09.290",
"lastModified": "2023-04-27T14:36:08.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-04T20:05:05.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,10 +66,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:watson_machine_learning_on_cloud_pak_for_data:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96F7FDA1-F5CC-4FF6-90BB-8D0C8D7F8F8C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:watson_machine_learning_on_cloud_pak_for_data:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF74B76-6B49-4AA8-82FB-8D99E8FC70AD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/6985859",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-312xx/CVE-2023-31284.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31284",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T20:15:10.717",
"lastModified": "2023-05-04T20:15:10.717",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/illumos/illumos-gate/tree/16b76d3cb933ff92018a2a75594449010192eacb",
"source": "cve@mitre.org"
},
{
"url": "https://illumos.topicbox.com/groups/developer/T13ef186a53edeb5c-M821cc18b5884e04e16daa8fd/cve-2023-31284-buffer-overflow-in-dev-net",
"source": "cve@mitre.org"
}
]
}

36
CVE-2023/CVE-2023-314xx/CVE-2023-31413.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-31413",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-05-04T21:15:11.640",
"lastModified": "2023-05-04T21:15:11.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled."
}
],
"metrics": {},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-stack-8-7-0-7-17-10-security-updates/332327",
"source": "bressers@elastic.co"
},
{
"url": "https://www.elastic.co/community/security/",
"source": "bressers@elastic.co"
}
]
}

36
CVE-2023/CVE-2023-314xx/CVE-2023-31414.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-31414",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-05-04T21:15:11.703",
"lastModified": "2023-05-04T21:15:11.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process."
}
],
"metrics": {},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330",
"source": "bressers@elastic.co"
},
{
"url": "https://www.elastic.co/community/security/",
"source": "bressers@elastic.co"
}
]
}

36
CVE-2023/CVE-2023-314xx/CVE-2023-31415.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-31415",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-05-04T21:15:11.760",
"lastModified": "2023-05-04T21:15:11.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process."
}
],
"metrics": {},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330",
"source": "bressers@elastic.co"
},
{
"url": "https://www.elastic.co/community/security/",
"source": "bressers@elastic.co"
}
]
}

169
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-04T20:00:25.177435+00:00
2023-05-04T21:55:23.937706+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-04T19:57:36.087000+00:00
2023-05-04T21:26:02.407000+00:00
```
### Last Data Feed Release
@ -29,93 +29,104 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
214067
214117
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `50`
* [CVE-2023-2522](CVE-2023/CVE-2023-25xx/CVE-2023-2522.json) (`2023-05-04T18:15:09.763`)
* [CVE-2023-2523](CVE-2023/CVE-2023-25xx/CVE-2023-2523.json) (`2023-05-04T18:15:10.063`)
* [CVE-2023-2524](CVE-2023/CVE-2023-25xx/CVE-2023-2524.json) (`2023-05-04T19:15:09.123`)
* [CVE-2023-30550](CVE-2023/CVE-2023-305xx/CVE-2023-30550.json) (`2023-05-04T18:15:10.150`)
* [CVE-2022-47434](CVE-2022/CVE-2022-474xx/CVE-2022-47434.json) (`2023-05-04T21:15:09.313`)
* [CVE-2022-47449](CVE-2022/CVE-2022-474xx/CVE-2022-47449.json) (`2023-05-04T21:15:09.387`)
* [CVE-2023-20126](CVE-2023/CVE-2023-201xx/CVE-2023-20126.json) (`2023-05-04T20:15:09.633`)
* [CVE-2023-21484](CVE-2023/CVE-2023-214xx/CVE-2023-21484.json) (`2023-05-04T21:15:09.547`)
* [CVE-2023-21485](CVE-2023/CVE-2023-214xx/CVE-2023-21485.json) (`2023-05-04T21:15:09.627`)
* [CVE-2023-21486](CVE-2023/CVE-2023-214xx/CVE-2023-21486.json) (`2023-05-04T21:15:09.697`)
* [CVE-2023-21487](CVE-2023/CVE-2023-214xx/CVE-2023-21487.json) (`2023-05-04T21:15:09.760`)
* [CVE-2023-21488](CVE-2023/CVE-2023-214xx/CVE-2023-21488.json) (`2023-05-04T21:15:09.817`)
* [CVE-2023-21489](CVE-2023/CVE-2023-214xx/CVE-2023-21489.json) (`2023-05-04T21:15:09.883`)
* [CVE-2023-21490](CVE-2023/CVE-2023-214xx/CVE-2023-21490.json) (`2023-05-04T21:15:09.943`)
* [CVE-2023-21491](CVE-2023/CVE-2023-214xx/CVE-2023-21491.json) (`2023-05-04T21:15:10.007`)
* [CVE-2023-21492](CVE-2023/CVE-2023-214xx/CVE-2023-21492.json) (`2023-05-04T21:15:10.070`)
* [CVE-2023-21493](CVE-2023/CVE-2023-214xx/CVE-2023-21493.json) (`2023-05-04T21:15:10.137`)
* [CVE-2023-21494](CVE-2023/CVE-2023-214xx/CVE-2023-21494.json) (`2023-05-04T21:15:10.200`)
* [CVE-2023-21495](CVE-2023/CVE-2023-214xx/CVE-2023-21495.json) (`2023-05-04T21:15:10.267`)
* [CVE-2023-21496](CVE-2023/CVE-2023-214xx/CVE-2023-21496.json) (`2023-05-04T21:15:10.333`)
* [CVE-2023-21497](CVE-2023/CVE-2023-214xx/CVE-2023-21497.json) (`2023-05-04T21:15:10.403`)
* [CVE-2023-21498](CVE-2023/CVE-2023-214xx/CVE-2023-21498.json) (`2023-05-04T21:15:10.477`)
* [CVE-2023-21499](CVE-2023/CVE-2023-214xx/CVE-2023-21499.json) (`2023-05-04T21:15:10.540`)
* [CVE-2023-21500](CVE-2023/CVE-2023-215xx/CVE-2023-21500.json) (`2023-05-04T21:15:10.600`)
* [CVE-2023-21501](CVE-2023/CVE-2023-215xx/CVE-2023-21501.json) (`2023-05-04T21:15:10.663`)
* [CVE-2023-21502](CVE-2023/CVE-2023-215xx/CVE-2023-21502.json) (`2023-05-04T21:15:10.727`)
* [CVE-2023-21503](CVE-2023/CVE-2023-215xx/CVE-2023-21503.json) (`2023-05-04T21:15:10.790`)
* [CVE-2023-21504](CVE-2023/CVE-2023-215xx/CVE-2023-21504.json) (`2023-05-04T21:15:10.853`)
* [CVE-2023-21505](CVE-2023/CVE-2023-215xx/CVE-2023-21505.json) (`2023-05-04T21:15:10.917`)
* [CVE-2023-21506](CVE-2023/CVE-2023-215xx/CVE-2023-21506.json) (`2023-05-04T21:15:11.080`)
* [CVE-2023-21507](CVE-2023/CVE-2023-215xx/CVE-2023-21507.json) (`2023-05-04T21:15:11.150`)
* [CVE-2023-21508](CVE-2023/CVE-2023-215xx/CVE-2023-21508.json) (`2023-05-04T21:15:11.207`)
* [CVE-2023-21509](CVE-2023/CVE-2023-215xx/CVE-2023-21509.json) (`2023-05-04T21:15:11.270`)
* [CVE-2023-21510](CVE-2023/CVE-2023-215xx/CVE-2023-21510.json) (`2023-05-04T21:15:11.327`)
* [CVE-2023-21511](CVE-2023/CVE-2023-215xx/CVE-2023-21511.json) (`2023-05-04T21:15:11.387`)
* [CVE-2023-23059](CVE-2023/CVE-2023-230xx/CVE-2023-23059.json) (`2023-05-04T20:15:09.737`)
* [CVE-2023-25289](CVE-2023/CVE-2023-252xx/CVE-2023-25289.json) (`2023-05-04T21:15:11.447`)
* [CVE-2023-25458](CVE-2023/CVE-2023-254xx/CVE-2023-25458.json) (`2023-05-04T20:15:09.797`)
* [CVE-2023-25961](CVE-2023/CVE-2023-259xx/CVE-2023-25961.json) (`2023-05-04T20:15:09.897`)
* [CVE-2023-25977](CVE-2023/CVE-2023-259xx/CVE-2023-25977.json) (`2023-05-04T20:15:09.977`)
* [CVE-2023-25982](CVE-2023/CVE-2023-259xx/CVE-2023-25982.json) (`2023-05-04T20:15:10.060`)
* [CVE-2023-30094](CVE-2023/CVE-2023-300xx/CVE-2023-30094.json) (`2023-05-04T20:15:10.153`)
* [CVE-2023-30095](CVE-2023/CVE-2023-300xx/CVE-2023-30095.json) (`2023-05-04T20:15:10.213`)
* [CVE-2023-30096](CVE-2023/CVE-2023-300xx/CVE-2023-30096.json) (`2023-05-04T20:15:10.267`)
* [CVE-2023-30097](CVE-2023/CVE-2023-300xx/CVE-2023-30097.json) (`2023-05-04T20:15:10.320`)
* [CVE-2023-30216](CVE-2023/CVE-2023-302xx/CVE-2023-30216.json) (`2023-05-04T21:15:11.493`)
* [CVE-2023-30264](CVE-2023/CVE-2023-302xx/CVE-2023-30264.json) (`2023-05-04T20:15:10.377`)
* [CVE-2023-30268](CVE-2023/CVE-2023-302xx/CVE-2023-30268.json) (`2023-05-04T20:15:10.567`)
* [CVE-2023-30328](CVE-2023/CVE-2023-303xx/CVE-2023-30328.json) (`2023-05-04T21:15:11.540`)
* [CVE-2023-30399](CVE-2023/CVE-2023-303xx/CVE-2023-30399.json) (`2023-05-04T21:15:11.593`)
* [CVE-2023-31284](CVE-2023/CVE-2023-312xx/CVE-2023-31284.json) (`2023-05-04T20:15:10.717`)
* [CVE-2023-31413](CVE-2023/CVE-2023-314xx/CVE-2023-31413.json) (`2023-05-04T21:15:11.640`)
* [CVE-2023-31414](CVE-2023/CVE-2023-314xx/CVE-2023-31414.json) (`2023-05-04T21:15:11.703`)
* [CVE-2023-31415](CVE-2023/CVE-2023-314xx/CVE-2023-31415.json) (`2023-05-04T21:15:11.760`)
### CVEs modified in the last Commit
Recently modified CVEs: `70`
Recently modified CVEs: `35`
* [CVE-2021-38363](CVE-2021/CVE-2021-383xx/CVE-2021-38363.json) (`2023-05-04T18:29:57.960`)
* [CVE-2021-38364](CVE-2021/CVE-2021-383xx/CVE-2021-38364.json) (`2023-05-04T18:28:18.383`)
* [CVE-2022-23721](CVE-2022/CVE-2022-237xx/CVE-2022-23721.json) (`2023-05-04T19:39:23.267`)
* [CVE-2022-24035](CVE-2022/CVE-2022-240xx/CVE-2022-24035.json) (`2023-05-04T18:27:25.390`)
* [CVE-2022-27978](CVE-2022/CVE-2022-279xx/CVE-2022-27978.json) (`2023-05-04T18:47:32.747`)
* [CVE-2022-27979](CVE-2022/CVE-2022-279xx/CVE-2022-27979.json) (`2023-05-04T18:34:40.333`)
* [CVE-2022-31244](CVE-2022/CVE-2022-312xx/CVE-2022-31244.json) (`2023-05-04T19:02:43.130`)
* [CVE-2022-39989](CVE-2022/CVE-2022-399xx/CVE-2022-39989.json) (`2023-05-04T19:49:24.510`)
* [CVE-2022-40482](CVE-2022/CVE-2022-404xx/CVE-2022-40482.json) (`2023-05-04T19:40:31.363`)
* [CVE-2022-40722](CVE-2022/CVE-2022-407xx/CVE-2022-40722.json) (`2023-05-04T19:46:42.447`)
* [CVE-2022-40723](CVE-2022/CVE-2022-407xx/CVE-2022-40723.json) (`2023-05-04T19:48:57.540`)
* [CVE-2022-40724](CVE-2022/CVE-2022-407xx/CVE-2022-40724.json) (`2023-05-04T19:49:32.557`)
* [CVE-2022-40725](CVE-2022/CVE-2022-407xx/CVE-2022-40725.json) (`2023-05-04T19:52:10.610`)
* [CVE-2022-45291](CVE-2022/CVE-2022-452xx/CVE-2022-45291.json) (`2023-05-04T19:57:26.577`)
* [CVE-2022-45818](CVE-2022/CVE-2022-458xx/CVE-2022-45818.json) (`2023-05-04T18:45:32.047`)
* [CVE-2022-46302](CVE-2022/CVE-2022-463xx/CVE-2022-46302.json) (`2023-05-04T18:32:15.130`)
* [CVE-2023-2007](CVE-2023/CVE-2023-20xx/CVE-2023-2007.json) (`2023-05-04T18:24:30.803`)
* [CVE-2023-20870](CVE-2023/CVE-2023-208xx/CVE-2023-20870.json) (`2023-05-04T19:57:36.087`)
* [CVE-2023-22728](CVE-2023/CVE-2023-227xx/CVE-2023-22728.json) (`2023-05-04T19:52:51.293`)
* [CVE-2023-22916](CVE-2023/CVE-2023-229xx/CVE-2023-22916.json) (`2023-05-04T19:35:46.887`)
* [CVE-2023-2294](CVE-2023/CVE-2023-22xx/CVE-2023-2294.json) (`2023-05-04T18:00:41.803`)
* [CVE-2023-23470](CVE-2023/CVE-2023-234xx/CVE-2023-23470.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-2361](CVE-2023/CVE-2023-23xx/CVE-2023-2361.json) (`2023-05-04T18:53:57.203`)
* [CVE-2023-2363](CVE-2023/CVE-2023-23xx/CVE-2023-2363.json) (`2023-05-04T18:54:49.473`)
* [CVE-2023-2364](CVE-2023/CVE-2023-23xx/CVE-2023-2364.json) (`2023-05-04T18:55:06.683`)
* [CVE-2023-2365](CVE-2023/CVE-2023-23xx/CVE-2023-2365.json) (`2023-05-04T18:55:20.170`)
* [CVE-2023-2366](CVE-2023/CVE-2023-23xx/CVE-2023-2366.json) (`2023-05-04T18:55:31.070`)
* [CVE-2023-2367](CVE-2023/CVE-2023-23xx/CVE-2023-2367.json) (`2023-05-04T18:55:44.637`)
* [CVE-2023-2368](CVE-2023/CVE-2023-23xx/CVE-2023-2368.json) (`2023-05-04T18:55:55.883`)
* [CVE-2023-2369](CVE-2023/CVE-2023-23xx/CVE-2023-2369.json) (`2023-05-04T18:56:02.097`)
* [CVE-2023-23837](CVE-2023/CVE-2023-238xx/CVE-2023-23837.json) (`2023-05-04T19:30:04.907`)
* [CVE-2023-23838](CVE-2023/CVE-2023-238xx/CVE-2023-23838.json) (`2023-05-04T19:32:26.440`)
* [CVE-2023-24796](CVE-2023/CVE-2023-247xx/CVE-2023-24796.json) (`2023-05-04T19:42:22.003`)
* [CVE-2023-24958](CVE-2023/CVE-2023-249xx/CVE-2023-24958.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-2519](CVE-2023/CVE-2023-25xx/CVE-2023-2519.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-2520](CVE-2023/CVE-2023-25xx/CVE-2023-2520.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-2521](CVE-2023/CVE-2023-25xx/CVE-2023-2521.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-25313](CVE-2023/CVE-2023-253xx/CVE-2023-25313.json) (`2023-05-04T19:05:02.003`)
* [CVE-2023-25962](CVE-2023/CVE-2023-259xx/CVE-2023-25962.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-26010](CVE-2023/CVE-2023-260xx/CVE-2023-26010.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-26012](CVE-2023/CVE-2023-260xx/CVE-2023-26012.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-26016](CVE-2023/CVE-2023-260xx/CVE-2023-26016.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-26098](CVE-2023/CVE-2023-260xx/CVE-2023-26098.json) (`2023-05-04T18:47:35.130`)
* [CVE-2023-27105](CVE-2023/CVE-2023-271xx/CVE-2023-27105.json) (`2023-05-04T18:59:37.013`)
* [CVE-2023-27843](CVE-2023/CVE-2023-278xx/CVE-2023-27843.json) (`2023-05-04T19:27:59.923`)
* [CVE-2023-28771](CVE-2023/CVE-2023-287xx/CVE-2023-28771.json) (`2023-05-04T18:46:01.730`)
* [CVE-2023-28847](CVE-2023/CVE-2023-288xx/CVE-2023-28847.json) (`2023-05-04T19:19:34.863`)
* [CVE-2023-28882](CVE-2023/CVE-2023-288xx/CVE-2023-28882.json) (`2023-05-04T18:53:59.980`)
* [CVE-2023-29200](CVE-2023/CVE-2023-292xx/CVE-2023-29200.json) (`2023-05-04T19:35:45.310`)
* [CVE-2023-29257](CVE-2023/CVE-2023-292xx/CVE-2023-29257.json) (`2023-05-04T19:39:08.163`)
* [CVE-2023-29552](CVE-2023/CVE-2023-295xx/CVE-2023-29552.json) (`2023-05-04T19:07:23.597`)
* [CVE-2023-29827](CVE-2023/CVE-2023-298xx/CVE-2023-29827.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-29994](CVE-2023/CVE-2023-299xx/CVE-2023-29994.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-29995](CVE-2023/CVE-2023-299xx/CVE-2023-29995.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-29996](CVE-2023/CVE-2023-299xx/CVE-2023-29996.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-30106](CVE-2023/CVE-2023-301xx/CVE-2023-30106.json) (`2023-05-04T19:28:56.020`)
* [CVE-2023-30111](CVE-2023/CVE-2023-301xx/CVE-2023-30111.json) (`2023-05-04T18:02:09.460`)
* [CVE-2023-30112](CVE-2023/CVE-2023-301xx/CVE-2023-30112.json) (`2023-05-04T19:52:11.437`)
* [CVE-2023-30177](CVE-2023/CVE-2023-301xx/CVE-2023-30177.json) (`2023-05-04T19:36:10.787`)
* [CVE-2023-30184](CVE-2023/CVE-2023-301xx/CVE-2023-30184.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-30203](CVE-2023/CVE-2023-302xx/CVE-2023-30203.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-30265](CVE-2023/CVE-2023-302xx/CVE-2023-30265.json) (`2023-05-04T19:15:15.477`)
* [CVE-2023-30266](CVE-2023/CVE-2023-302xx/CVE-2023-30266.json) (`2023-05-04T19:14:22.830`)
* [CVE-2023-30267](CVE-2023/CVE-2023-302xx/CVE-2023-30267.json) (`2023-05-04T18:43:05.367`)
* [CVE-2023-30269](CVE-2023/CVE-2023-302xx/CVE-2023-30269.json) (`2023-05-04T19:08:50.027`)
* [CVE-2023-30402](CVE-2023/CVE-2023-304xx/CVE-2023-30402.json) (`2023-05-04T19:13:06.880`)
* [CVE-2023-30545](CVE-2023/CVE-2023-305xx/CVE-2023-30545.json) (`2023-05-04T19:38:07.270`)
* [CVE-2023-30619](CVE-2023/CVE-2023-306xx/CVE-2023-30619.json) (`2023-05-04T18:45:32.047`)
* [CVE-2023-30629](CVE-2023/CVE-2023-306xx/CVE-2023-30629.json) (`2023-05-04T18:22:10.567`)
* [CVE-2023-31223](CVE-2023/CVE-2023-312xx/CVE-2023-31223.json) (`2023-05-04T19:47:24.003`)
* [CVE-2022-47648](CVE-2022/CVE-2022-476xx/CVE-2022-47648.json) (`2023-05-04T21:15:09.457`)
* [CVE-2023-0698](CVE-2023/CVE-2023-06xx/CVE-2023-0698.json) (`2023-05-04T20:15:09.503`)
* [CVE-2023-20869](CVE-2023/CVE-2023-208xx/CVE-2023-20869.json) (`2023-05-04T20:19:48.860`)
* [CVE-2023-20871](CVE-2023/CVE-2023-208xx/CVE-2023-20871.json) (`2023-05-04T21:24:33.350`)
* [CVE-2023-20872](CVE-2023/CVE-2023-208xx/CVE-2023-20872.json) (`2023-05-04T21:24:15.877`)
* [CVE-2023-22729](CVE-2023/CVE-2023-227xx/CVE-2023-22729.json) (`2023-05-04T20:13:00.437`)
* [CVE-2023-2293](CVE-2023/CVE-2023-22xx/CVE-2023-2293.json) (`2023-05-04T20:08:07.957`)
* [CVE-2023-2336](CVE-2023/CVE-2023-23xx/CVE-2023-2336.json) (`2023-05-04T20:03:07.463`)
* [CVE-2023-2338](CVE-2023/CVE-2023-23xx/CVE-2023-2338.json) (`2023-05-04T20:02:34.583`)
* [CVE-2023-2339](CVE-2023/CVE-2023-23xx/CVE-2023-2339.json) (`2023-05-04T20:07:25.237`)
* [CVE-2023-2340](CVE-2023/CVE-2023-23xx/CVE-2023-2340.json) (`2023-05-04T20:07:12.930`)
* [CVE-2023-2341](CVE-2023/CVE-2023-23xx/CVE-2023-2341.json) (`2023-05-04T20:08:13.433`)
* [CVE-2023-2342](CVE-2023/CVE-2023-23xx/CVE-2023-2342.json) (`2023-05-04T20:07:48.483`)
* [CVE-2023-2343](CVE-2023/CVE-2023-23xx/CVE-2023-2343.json) (`2023-05-04T20:08:35.407`)
* [CVE-2023-2344](CVE-2023/CVE-2023-23xx/CVE-2023-2344.json) (`2023-05-04T20:00:56.577`)
* [CVE-2023-23839](CVE-2023/CVE-2023-238xx/CVE-2023-23839.json) (`2023-05-04T21:19:44.067`)
* [CVE-2023-24966](CVE-2023/CVE-2023-249xx/CVE-2023-24966.json) (`2023-05-04T20:04:20.473`)
* [CVE-2023-25652](CVE-2023/CVE-2023-256xx/CVE-2023-25652.json) (`2023-05-04T21:26:02.407`)
* [CVE-2023-25815](CVE-2023/CVE-2023-258xx/CVE-2023-25815.json) (`2023-05-04T21:25:27.333`)
* [CVE-2023-27860](CVE-2023/CVE-2023-278xx/CVE-2023-27860.json) (`2023-05-04T20:44:00.350`)
* [CVE-2023-28084](CVE-2023/CVE-2023-280xx/CVE-2023-28084.json) (`2023-05-04T21:24:46.610`)
* [CVE-2023-28384](CVE-2023/CVE-2023-283xx/CVE-2023-28384.json) (`2023-05-04T20:59:02.907`)
* [CVE-2023-28400](CVE-2023/CVE-2023-284xx/CVE-2023-28400.json) (`2023-05-04T20:58:34.487`)
* [CVE-2023-28471](CVE-2023/CVE-2023-284xx/CVE-2023-28471.json) (`2023-05-04T20:59:56.717`)
* [CVE-2023-28716](CVE-2023/CVE-2023-287xx/CVE-2023-28716.json) (`2023-05-04T20:56:00.797`)
* [CVE-2023-29007](CVE-2023/CVE-2023-290xx/CVE-2023-29007.json) (`2023-05-04T21:19:21.177`)
* [CVE-2023-29011](CVE-2023/CVE-2023-290xx/CVE-2023-29011.json) (`2023-05-04T21:18:43.457`)
* [CVE-2023-29012](CVE-2023/CVE-2023-290xx/CVE-2023-29012.json) (`2023-05-04T21:18:15.470`)
* [CVE-2023-29150](CVE-2023/CVE-2023-291xx/CVE-2023-29150.json) (`2023-05-04T20:53:54.113`)
* [CVE-2023-29169](CVE-2023/CVE-2023-291xx/CVE-2023-29169.json) (`2023-05-04T20:40:25.643`)
* [CVE-2023-29255](CVE-2023/CVE-2023-292xx/CVE-2023-29255.json) (`2023-05-04T20:06:43.167`)
* [CVE-2023-30265](CVE-2023/CVE-2023-302xx/CVE-2023-30265.json) (`2023-05-04T20:15:10.427`)
* [CVE-2023-30266](CVE-2023/CVE-2023-302xx/CVE-2023-30266.json) (`2023-05-04T20:15:10.493`)
* [CVE-2023-30269](CVE-2023/CVE-2023-302xx/CVE-2023-30269.json) (`2023-05-04T20:15:10.617`)
* [CVE-2023-30444](CVE-2023/CVE-2023-304xx/CVE-2023-30444.json) (`2023-05-04T20:05:05.557`)
## Download and Usage