admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-08T00:55:17.805304+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-08 00:55:21 +00:00
parent fa711fac67
commit 141edeeb92
9 changed files with 311 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
CVE-2011/CVE-2011-04xx/CVE-2011-0448.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2011-0448", "id": "CVE-2011-0448",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2011-02-21T18:00:01.287", "published": "2011-02-21T18:00:01.287",
"lastModified": "2019-08-08T15:41:32.003", "lastModified": "2023-12-07T23:15:07.083",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -142,6 +142,13 @@
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html",
"source": "cve@mitre.org" "source": "cve@mitre.org"
}, },
{
"url": "http://secunia.com/advisories/43278",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{ {
"url": "http://securitytracker.com/id?1025063", "url": "http://securitytracker.com/id?1025063",
"source": "cve@mitre.org" "source": "cve@mitre.org"
@ -156,6 +163,10 @@
{ {
"url": "http://www.vupen.com/english/advisories/2011/0877", "url": "http://www.vupen.com/english/advisories/2011/0877",
"source": "cve@mitre.org" "source": "cve@mitre.org"
},
{
"url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474",
"source": "cve@mitre.org"
} }
] ]
} }

59
CVE-2023/CVE-2023-41xx/CVE-2023-4122.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4122",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-07T23:15:07.277",
"lastModified": "2023-12-07T23:15:07.277",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/rubinstein/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

14
CVE-2023/CVE-2023-458xx/CVE-2023-45849.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45849", "id": "CVE-2023-45849",
"sourceIdentifier": "security@puppet.com", "sourceIdentifier": "security@puppet.com",
"published": "2023-11-08T16:15:10.193", "published": "2023-11-08T16:15:10.193",
"lastModified": "2023-11-15T20:15:38.037", "lastModified": "2023-12-08T00:15:07.350",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -41,19 +41,19 @@
"type": "Secondary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK", "attackVector": "NETWORK",
"attackComplexity": "HIGH", "attackComplexity": "HIGH",
"privilegesRequired": "LOW", "privilegesRequired": "NONE",
"userInteraction": "NONE", "userInteraction": "NONE",
"scope": "CHANGED", "scope": "CHANGED",
"confidentialityImpact": "HIGH", "confidentialityImpact": "HIGH",
"integrityImpact": "HIGH", "integrityImpact": "HIGH",
"availabilityImpact": "HIGH", "availabilityImpact": "HIGH",
"baseScore": 8.5, "baseScore": 9.0,
"baseSeverity": "HIGH" "baseSeverity": "CRITICAL"
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 2.2,
"impactScore": 6.0 "impactScore": 6.0
} }
] ]

59
CVE-2023/CVE-2023-50xx/CVE-2023-5008.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5008",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-08T00:15:07.597",
"lastModified": "2023-12-08T00:15:07.597",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/blechacz/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

36
CVE-2023/CVE-2023-50xx/CVE-2023-5058.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-5058",
"sourceIdentifier": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"published": "2023-12-07T23:15:07.490",
"lastModified": "2023-12-07T23:15:07.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
}
],
"metrics": {},
"weaknesses": [
{
"source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.phoenix.com/security-notifications/",
"source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de"
},
{
"url": "https://www.phoenix.com/security-notifications/cve-2023-5058/",
"source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de"
}
]
}

12
CVE-2023/CVE-2023-58xx/CVE-2023-5808.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5808", "id": "CVE-2023-5808",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com", "sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2023-12-05T00:15:09.840", "published": "2023-12-05T00:15:09.840",
"lastModified": "2023-12-07T21:15:08.113", "lastModified": "2023-12-07T23:15:07.580",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Undergoing Analysis",
"descriptions": [ "descriptions": [
{ {
@ -21,20 +21,20 @@
"type": "Secondary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK", "attackVector": "NETWORK",
"attackComplexity": "LOW", "attackComplexity": "LOW",
"privilegesRequired": "LOW", "privilegesRequired": "LOW",
"userInteraction": "NONE", "userInteraction": "NONE",
"scope": "UNCHANGED", "scope": "UNCHANGED",
"confidentialityImpact": "LOW", "confidentialityImpact": "HIGH",
"integrityImpact": "LOW", "integrityImpact": "LOW",
"availabilityImpact": "LOW", "availabilityImpact": "LOW",
"baseScore": 6.3, "baseScore": 7.6,
"baseSeverity": "MEDIUM" "baseSeverity": "HIGH"
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.4 "impactScore": 4.7
} }
] ]
}, },

59
CVE-2023/CVE-2023-60xx/CVE-2023-6061.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6061",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-12-08T00:15:07.853",
"lastModified": "2023-12-08T00:15:07.853",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are:\n * MMXFax.exe * winfax.dll\n\n\n\n\n * MelSim2ComProc.exe\n * Sim2ComProc.dll\n\n\n\n\n * MMXCall_in.exe * libdxxmt.dll\n * libsrlmt.dll\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-426"
},
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21",
"source": "psirt@paloaltonetworks.com"
}
]
}

59
CVE-2023/CVE-2023-65xx/CVE-2023-6599.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6599",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-08T00:15:08.113",
"lastModified": "2023-12-08T00:15:08.113",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-544"
}
]
}
],
"references": [
{
"url": "https://github.com/microweber/microweber/commit/f7eb9e1c6e801346f07f3b0164a01ac5f2ca5cfd",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/6198785c-bf60-422e-9b80-68a6e658a10e",
"source": "security@huntr.dev"
}
]
}

53
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-12-07T23:00:17.963459+00:00 2023-12-08T00:55:17.805304+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-12-07T22:15:08.770000+00:00 2023-12-08T00:15:08.113000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,54 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
232563 232568
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `10` Recently added CVEs: `5`
* [CVE-2023-35618](CVE-2023/CVE-2023-356xx/CVE-2023-35618.json) (`2023-12-07T21:15:07.450`) * [CVE-2023-4122](CVE-2023/CVE-2023-41xx/CVE-2023-4122.json) (`2023-12-07T23:15:07.277`)
* [CVE-2023-36880](CVE-2023/CVE-2023-368xx/CVE-2023-36880.json) (`2023-12-07T21:15:07.640`) * [CVE-2023-5058](CVE-2023/CVE-2023-50xx/CVE-2023-5058.json) (`2023-12-07T23:15:07.490`)
* [CVE-2023-38174](CVE-2023/CVE-2023-381xx/CVE-2023-38174.json) (`2023-12-07T21:15:07.840`) * [CVE-2023-5008](CVE-2023/CVE-2023-50xx/CVE-2023-5008.json) (`2023-12-08T00:15:07.597`)
* [CVE-2023-6576](CVE-2023/CVE-2023-65xx/CVE-2023-6576.json) (`2023-12-07T21:15:08.387`) * [CVE-2023-6061](CVE-2023/CVE-2023-60xx/CVE-2023-6061.json) (`2023-12-08T00:15:07.853`)
* [CVE-2023-6577](CVE-2023/CVE-2023-65xx/CVE-2023-6577.json) (`2023-12-07T21:15:08.620`) * [CVE-2023-6599](CVE-2023/CVE-2023-65xx/CVE-2023-6599.json) (`2023-12-08T00:15:08.113`)
* [CVE-2023-6578](CVE-2023/CVE-2023-65xx/CVE-2023-6578.json) (`2023-12-07T21:15:08.863`)
* [CVE-2023-46693](CVE-2023/CVE-2023-466xx/CVE-2023-46693.json) (`2023-12-07T22:15:08.250`)
* [CVE-2023-6579](CVE-2023/CVE-2023-65xx/CVE-2023-6579.json) (`2023-12-07T22:15:08.300`)
* [CVE-2023-6580](CVE-2023/CVE-2023-65xx/CVE-2023-6580.json) (`2023-12-07T22:15:08.533`)
* [CVE-2023-6581](CVE-2023/CVE-2023-65xx/CVE-2023-6581.json) (`2023-12-07T22:15:08.770`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `29` Recently modified CVEs: `3`
* [CVE-2020-35857](CVE-2020/CVE-2020-358xx/CVE-2020-35857.json) (`2023-12-07T22:15:07.800`) * [CVE-2011-0448](CVE-2011/CVE-2011-04xx/CVE-2011-0448.json) (`2023-12-07T23:15:07.083`)
* [CVE-2021-31542](CVE-2021/CVE-2021-315xx/CVE-2021-31542.json) (`2023-12-07T22:15:07.903`) * [CVE-2023-5808](CVE-2023/CVE-2023-58xx/CVE-2023-5808.json) (`2023-12-07T23:15:07.580`)
* [CVE-2021-33571](CVE-2021/CVE-2021-335xx/CVE-2021-33571.json) (`2023-12-07T22:15:08.010`) * [CVE-2023-45849](CVE-2023/CVE-2023-458xx/CVE-2023-45849.json) (`2023-12-08T00:15:07.350`)
* [CVE-2021-43114](CVE-2021/CVE-2021-431xx/CVE-2021-43114.json) (`2023-12-07T22:15:08.117`)
* [CVE-2023-47124](CVE-2023/CVE-2023-471xx/CVE-2023-47124.json) (`2023-12-07T21:01:24.967`)
* [CVE-2023-47106](CVE-2023/CVE-2023-471xx/CVE-2023-47106.json) (`2023-12-07T21:01:57.647`)
* [CVE-2023-48967](CVE-2023/CVE-2023-489xx/CVE-2023-48967.json) (`2023-12-07T21:02:05.883`)
* [CVE-2023-48910](CVE-2023/CVE-2023-489xx/CVE-2023-48910.json) (`2023-12-07T21:02:12.637`)
* [CVE-2023-48966](CVE-2023/CVE-2023-489xx/CVE-2023-48966.json) (`2023-12-07T21:02:19.613`)
* [CVE-2023-48965](CVE-2023/CVE-2023-489xx/CVE-2023-48965.json) (`2023-12-07T21:02:33.467`)
* [CVE-2023-5768](CVE-2023/CVE-2023-57xx/CVE-2023-5768.json) (`2023-12-07T21:02:40.177`)
* [CVE-2023-49460](CVE-2023/CVE-2023-494xx/CVE-2023-49460.json) (`2023-12-07T21:05:53.917`)
* [CVE-2023-49462](CVE-2023/CVE-2023-494xx/CVE-2023-49462.json) (`2023-12-07T21:05:53.917`)
* [CVE-2023-49463](CVE-2023/CVE-2023-494xx/CVE-2023-49463.json) (`2023-12-07T21:05:53.917`)
* [CVE-2023-49464](CVE-2023/CVE-2023-494xx/CVE-2023-49464.json) (`2023-12-07T21:05:53.917`)
* [CVE-2023-49465](CVE-2023/CVE-2023-494xx/CVE-2023-49465.json) (`2023-12-07T21:05:53.917`)
* [CVE-2023-49467](CVE-2023/CVE-2023-494xx/CVE-2023-49467.json) (`2023-12-07T21:05:53.917`)
* [CVE-2023-49468](CVE-2023/CVE-2023-494xx/CVE-2023-49468.json) (`2023-12-07T21:05:53.917`)
* [CVE-2023-4486](CVE-2023/CVE-2023-44xx/CVE-2023-4486.json) (`2023-12-07T21:05:53.917`)
* [CVE-2023-6574](CVE-2023/CVE-2023-65xx/CVE-2023-6574.json) (`2023-12-07T21:05:53.917`)
* [CVE-2023-6575](CVE-2023/CVE-2023-65xx/CVE-2023-6575.json) (`2023-12-07T21:05:53.917`)
* [CVE-2023-41613](CVE-2023/CVE-2023-416xx/CVE-2023-41613.json) (`2023-12-07T21:08:08.163`)
* [CVE-2023-50164](CVE-2023/CVE-2023-501xx/CVE-2023-50164.json) (`2023-12-07T21:15:08.017`)
* [CVE-2023-5808](CVE-2023/CVE-2023-58xx/CVE-2023-5808.json) (`2023-12-07T21:15:08.113`)
* [CVE-2023-48815](CVE-2023/CVE-2023-488xx/CVE-2023-48815.json) (`2023-12-07T21:16:04.267`)
## Download and Usage ## Download and Usage