admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-28T05:00:24.941795+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-28 05:00:28 +00:00
parent 3f50ea2eec
commit 32e817264e
10 changed files with 249 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2023/CVE-2023-348xx/CVE-2023-34829.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-34829",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T03:15:07.587",
"lastModified": "2023-12-28T03:15:07.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/SecureScripts/TP-Link_Tapo_Hack",
"source": "cve@mitre.org"
}
]
}

12
CVE-2023/CVE-2023-487xx/CVE-2023-48795.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48795",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-18T16:15:10.897",
"lastModified": "2023-12-26T04:15:07.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-28T03:15:07.660",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -284,6 +284,14 @@
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
"source": "cve@mitre.org"
},
{
"url": "https://security.gentoo.org/glsa/202312-16",
"source": "cve@mitre.org"
},
{
"url": "https://security.gentoo.org/glsa/202312-17",
"source": "cve@mitre.org"
},
{
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
"source": "cve@mitre.org"

24
CVE-2023/CVE-2023-492xx/CVE-2023-49228.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49228",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T04:15:08.023",
"lastModified": "2023-12-28T04:15:08.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root."
}
],
"metrics": {},
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4",
"source": "cve@mitre.org"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-492xx/CVE-2023-49229.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49229",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T04:15:08.100",
"lastModified": "2023-12-28T04:15:08.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration."
}
],
"metrics": {},
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4",
"source": "cve@mitre.org"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-492xx/CVE-2023-49230.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49230",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T04:15:08.150",
"lastModified": "2023-12-28T04:15:08.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication."
}
],
"metrics": {},
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4",
"source": "cve@mitre.org"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-510xx/CVE-2023-51006.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51006",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T04:15:08.227",
"lastModified": "2023-12-28T04:15:08.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/firmianay/security-issues/tree/main/app/cn.etouch.ecalendar",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-510xx/CVE-2023-51010.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51010",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-28T04:15:08.280",
"lastModified": "2023-12-28T04:15:08.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/firmianay/security-issues/tree/main/app/com.sdjictec.qdmetro",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-513xx/CVE-2023-51385.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-51385",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-18T19:15:08.773",
"lastModified": "2023-12-26T18:15:08.817",
"lastModified": "2023-12-28T03:15:07.990",
"vulnStatus": "Modified",
"descriptions": [
{
@ -84,6 +84,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"source": "cve@mitre.org"
},
{
"url": "https://security.gentoo.org/glsa/202312-17",
"source": "cve@mitre.org"
},
{
"url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html",
"source": "cve@mitre.org"

88
CVE-2023/CVE-2023-71xx/CVE-2023-7124.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-7124",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T03:15:08.070",
"lastModified": "2023-12-28T03:15:08.070",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in code-projects E-Commerce Site 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument keyword with the input <video/src=x onerror=alert(document.cookie)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249096."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/E-commerce_Site/E-commerce_Site-Reflected_Cross_Site_Scripting.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249096",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249096",
"source": "cna@vuldb.com"
}
]
}

20
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-28T03:00:32.426714+00:00
2023-12-28T05:00:24.941795+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-28T02:15:54.543000+00:00
2023-12-28T04:15:08.280000+00:00
```
### Last Data Feed Release
@ -29,20 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234304
234311
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `7`
* [CVE-2023-34829](CVE-2023/CVE-2023-348xx/CVE-2023-34829.json) (`2023-12-28T03:15:07.587`)
* [CVE-2023-7124](CVE-2023/CVE-2023-71xx/CVE-2023-7124.json) (`2023-12-28T03:15:08.070`)
* [CVE-2023-49228](CVE-2023/CVE-2023-492xx/CVE-2023-49228.json) (`2023-12-28T04:15:08.023`)
* [CVE-2023-49229](CVE-2023/CVE-2023-492xx/CVE-2023-49229.json) (`2023-12-28T04:15:08.100`)
* [CVE-2023-49230](CVE-2023/CVE-2023-492xx/CVE-2023-49230.json) (`2023-12-28T04:15:08.150`)
* [CVE-2023-51006](CVE-2023/CVE-2023-510xx/CVE-2023-51006.json) (`2023-12-28T04:15:08.227`)
* [CVE-2023-51010](CVE-2023/CVE-2023-510xx/CVE-2023-51010.json) (`2023-12-28T04:15:08.280`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `2`
* [CVE-2023-27043](CVE-2023/CVE-2023-270xx/CVE-2023-27043.json) (`2023-12-28T02:15:54.543`)
* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-28T03:15:07.660`)
* [CVE-2023-51385](CVE-2023/CVE-2023-513xx/CVE-2023-51385.json) (`2023-12-28T03:15:07.990`)
## Download and Usage