Auto-Update: 2023-09-30T22:00:24.702429+00:00

2025-07-09 16:05:11 +00:00 · 2023-09-30 22:00:28 +00:00 · 2023-09-30 22:00:28 +00:00 · 1e917686a5
commit 1e917686a5
parent b7cf2003ce
12 changed files with 376 additions and 11 deletions
--- a/CVE-2022/CVE-2022-471xx/CVE-2022-47185.json
+++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47185.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-47185",
  "sourceIdentifier": "security@apache.org",
  "published": "2023-08-09T07:15:09.930",
-  "lastModified": "2023-08-18T04:15:17.607",
+  "lastModified": "2023-09-30T21:15:09.653",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -91,6 +91,10 @@
        "Vendor Advisory"
      ]
    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00042.html",
+      "source": "security@apache.org"
+    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOTOM2MFKOLK46Q3BQHO662HTPZFRQUC/",
      "source": "security@apache.org"
--- a/CVE-2023/CVE-2023-323xx/CVE-2023-32360.json
+++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32360.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-32360",
  "sourceIdentifier": "product-security@apple.com",
  "published": "2023-06-23T18:15:11.647",
-  "lastModified": "2023-07-27T04:15:23.663",
+  "lastModified": "2023-09-30T20:15:10.103",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -80,6 +80,10 @@
    }
  ],
  "references": [
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html",
+      "source": "product-security@apple.com"
+    },
    {
      "url": "https://support.apple.com/en-us/HT213758",
      "source": "product-security@apple.com",
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33934.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33934.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-33934",
  "sourceIdentifier": "security@apache.org",
  "published": "2023-08-09T07:15:10.297",
-  "lastModified": "2023-09-28T09:15:12.597",
+  "lastModified": "2023-09-30T21:15:09.760",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -91,6 +91,10 @@
        "Vendor Advisory"
      ]
    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00042.html",
+      "source": "security@apache.org"
+    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOTOM2MFKOLK46Q3BQHO662HTPZFRQUC/",
      "source": "security@apache.org"
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43712.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43712.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-43712",
+  "sourceIdentifier": "help@fluidattacks.com",
+  "published": "2023-09-30T21:15:09.850",
+  "lastModified": "2023-09-30T21:15:09.850",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"access_levels_name\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "help@fluidattacks.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "help@fluidattacks.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fluidattacks.com/advisories/bts/",
+      "source": "help@fluidattacks.com"
+    },
+    {
+      "url": "https://www.oscommerce.com/",
+      "source": "help@fluidattacks.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43713.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43713.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-43713",
+  "sourceIdentifier": "help@fluidattacks.com",
+  "published": "2023-09-30T21:15:09.947",
+  "lastModified": "2023-09-30T21:15:09.947",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability,\nwhich allows attackers to inject JS via the \"title\" parameter, in the \"/admin/admin-menu/add-submit\"\nendpoint, which can lead to unauthorized execution of scripts in a user's web browser."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "help@fluidattacks.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "help@fluidattacks.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fluidattacks.com/advisories/bts/",
+      "source": "help@fluidattacks.com"
+    },
+    {
+      "url": "https://www.oscommerce.com/",
+      "source": "help@fluidattacks.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43714.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43714.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-43714",
+  "sourceIdentifier": "help@fluidattacks.com",
+  "published": "2023-09-30T21:15:10.010",
+  "lastModified": "2023-09-30T21:15:10.010",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"SKIP_CART_PAGE_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "help@fluidattacks.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "help@fluidattacks.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fluidattacks.com/advisories/bts/",
+      "source": "help@fluidattacks.com"
+    },
+    {
+      "url": "https://www.oscommerce.com/",
+      "source": "help@fluidattacks.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43715.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43715.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-43715",
+  "sourceIdentifier": "help@fluidattacks.com",
+  "published": "2023-09-30T21:15:10.077",
+  "lastModified": "2023-09-30T21:15:10.077",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "help@fluidattacks.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "help@fluidattacks.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fluidattacks.com/advisories/bts/",
+      "source": "help@fluidattacks.com"
+    },
+    {
+      "url": "https://www.oscommerce.com/",
+      "source": "help@fluidattacks.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43716.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43716.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-43716",
+  "sourceIdentifier": "help@fluidattacks.com",
+  "published": "2023-09-30T21:15:10.140",
+  "lastModified": "2023-09-30T21:15:10.140",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "help@fluidattacks.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "help@fluidattacks.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fluidattacks.com/advisories/bts/",
+      "source": "help@fluidattacks.com"
+    },
+    {
+      "url": "https://www.oscommerce.com/",
+      "source": "help@fluidattacks.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-444xx/CVE-2023-44488.json
+++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44488.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-44488",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-30T20:15:10.200",
+  "lastModified": "2023-09-30T20:15:10.200",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json
+++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-4504",
  "sourceIdentifier": "cve@takeonme.org",
  "published": "2023-09-21T23:15:12.293",
-  "lastModified": "2023-09-29T02:15:50.637",
+  "lastModified": "2023-09-30T20:15:10.257",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -107,6 +107,10 @@
        "Vendor Advisory"
      ]
    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html",
+      "source": "cve@takeonme.org"
+    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/",
      "source": "cve@takeonme.org"
--- a/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json
+++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-5217",
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "published": "2023-09-28T16:15:10.980",
-  "lastModified": "2023-09-30T19:15:12.517",
+  "lastModified": "2023-09-30T21:15:10.203",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -163,6 +163,14 @@
      "url": "http://www.openwall.com/lists/oss-security/2023/09/30/1",
      "source": "chrome-cve-admin@google.com"
    },
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/09/30/2",
+      "source": "chrome-cve-admin@google.com"
+    },
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/09/30/3",
+      "source": "chrome-cve-admin@google.com"
+    },
    {
      "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/",
      "source": "chrome-cve-admin@google.com"
@ -194,6 +202,10 @@
      "url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282",
      "source": "chrome-cve-admin@google.com"
    },
+    {
+      "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1",
+      "source": "chrome-cve-admin@google.com"
+    },
    {
      "url": "https://github.com/webmproject/libvpx/tags",
      "source": "chrome-cve-admin@google.com"
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-09-30T20:00:25.136677+00:00
+2023-09-30T22:00:24.702429+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-09-30T19:15:12.517000+00:00
+2023-09-30T21:15:10.203000+00:00
 ```

 ### Last Data Feed Release
@ -29,20 +29,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-226666
+226672
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `6`

+* [CVE-2023-44488](CVE-2023/CVE-2023-444xx/CVE-2023-44488.json) (`2023-09-30T20:15:10.200`)
+* [CVE-2023-43712](CVE-2023/CVE-2023-437xx/CVE-2023-43712.json) (`2023-09-30T21:15:09.850`)
+* [CVE-2023-43713](CVE-2023/CVE-2023-437xx/CVE-2023-43713.json) (`2023-09-30T21:15:09.947`)
+* [CVE-2023-43714](CVE-2023/CVE-2023-437xx/CVE-2023-43714.json) (`2023-09-30T21:15:10.010`)
+* [CVE-2023-43715](CVE-2023/CVE-2023-437xx/CVE-2023-43715.json) (`2023-09-30T21:15:10.077`)
+* [CVE-2023-43716](CVE-2023/CVE-2023-437xx/CVE-2023-43716.json) (`2023-09-30T21:15:10.140`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `5`

-* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-09-30T19:15:12.517`)
+* [CVE-2022-47185](CVE-2022/CVE-2022-471xx/CVE-2022-47185.json) (`2023-09-30T21:15:09.653`)
+* [CVE-2023-32360](CVE-2023/CVE-2023-323xx/CVE-2023-32360.json) (`2023-09-30T20:15:10.103`)
+* [CVE-2023-4504](CVE-2023/CVE-2023-45xx/CVE-2023-4504.json) (`2023-09-30T20:15:10.257`)
+* [CVE-2023-33934](CVE-2023/CVE-2023-339xx/CVE-2023-33934.json) (`2023-09-30T21:15:09.760`)
+* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-09-30T21:15:10.203`)


 ## Download and Usage