From 3b389dd6f9975bf77e31f22d89bf4ec57899d142 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 31 Oct 2023 03:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-31T03:00:24.561811+00:00 --- CVE-2023/CVE-2023-317xx/CVE-2023-31794.json | 28 ++++++++++ CVE-2023/CVE-2023-458xx/CVE-2023-45899.json | 20 +++++++ CVE-2023/CVE-2023-460xx/CVE-2023-46040.json | 20 +++++++ CVE-2023/CVE-2023-58xx/CVE-2023-5861.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-58xx/CVE-2023-5862.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-58xx/CVE-2023-5863.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-58xx/CVE-2023-5864.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-58xx/CVE-2023-5865.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-58xx/CVE-2023-5866.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-58xx/CVE-2023-5867.json | 59 +++++++++++++++++++++ README.md | 32 ++++++----- 11 files changed, 496 insertions(+), 17 deletions(-) create mode 100644 CVE-2023/CVE-2023-317xx/CVE-2023-31794.json create mode 100644 CVE-2023/CVE-2023-458xx/CVE-2023-45899.json create mode 100644 CVE-2023/CVE-2023-460xx/CVE-2023-46040.json create mode 100644 CVE-2023/CVE-2023-58xx/CVE-2023-5861.json create mode 100644 CVE-2023/CVE-2023-58xx/CVE-2023-5862.json create mode 100644 CVE-2023/CVE-2023-58xx/CVE-2023-5863.json create mode 100644 CVE-2023/CVE-2023-58xx/CVE-2023-5864.json create mode 100644 CVE-2023/CVE-2023-58xx/CVE-2023-5865.json create mode 100644 CVE-2023/CVE-2023-58xx/CVE-2023-5866.json create mode 100644 CVE-2023/CVE-2023-58xx/CVE-2023-5867.json diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31794.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31794.json new file mode 100644 index 00000000000..5588bfead09 --- /dev/null +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31794.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-31794", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-31T01:15:07.497", + "lastModified": "2023-10-31T01:15:07.497", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=706506", + "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/spookhorror/c770d118767b1b0d89fdfe2845169d06", + "source": "cve@mitre.org" + }, + { + "url": "https://git.ghostscript.com/?p=mupdf.git;h=c0015401693b58e2deb5d75c39f27bc1216e47c6", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45899.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45899.json new file mode 100644 index 00000000000..4efe4e08df2 --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45899.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-45899", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-31T02:15:07.957", + "lastModified": "2023-10-31T02:15:07.957", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://security.friendsofpresta.org/modules/2023/10/26/superuser.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46040.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46040.json new file mode 100644 index 00000000000..cc47b6faa51 --- /dev/null +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46040.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-46040", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-31T02:15:08.007", + "lastModified": "2023-10-31T02:15:08.007", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Num-Nine/CVE/wiki/GetSimplecms-exists-to-store-xss", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5861.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5861.json new file mode 100644 index 00000000000..5d672fd7c82 --- /dev/null +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5861.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5861", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-31T01:15:07.630", + "lastModified": "2023-10-31T01:15:07.630", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/microweber/microweber/commit/6ed7ebf1631dd8f0780caa4151a5538f3b227d26", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/7baecef8-6c59-42fc-bced-886c4929e220", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5862.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5862.json new file mode 100644 index 00000000000..515b24419e9 --- /dev/null +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5862.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5862", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-31T01:15:07.697", + "lastModified": "2023-10-31T01:15:07.697", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization in GitHub repository hamza417/inure prior to Build95." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hamza417/inure/commit/52b8c0bae36f129a5be05e377d7391afc3629df6", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/0e517db6-d8ba-4cb9-9339-7991dda52e6d", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5863.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5863.json new file mode 100644 index 00000000000..c9d52f7df60 --- /dev/null +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5863.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5863", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-31T01:15:07.757", + "lastModified": "2023-10-31T01:15:07.757", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5864.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5864.json new file mode 100644 index 00000000000..72cec3cd798 --- /dev/null +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5864.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5864", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-31T01:15:07.817", + "lastModified": "2023-10-31T01:15:07.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5865.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5865.json new file mode 100644 index 00000000000..0770af4cf44 --- /dev/null +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5865.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5865", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-31T01:15:07.880", + "lastModified": "2023-10-31T01:15:07.880", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5866.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5866.json new file mode 100644 index 00000000000..57ba25ae7fe --- /dev/null +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5866.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5866", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-31T01:15:07.947", + "lastModified": "2023-10-31T01:15:07.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-614" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5867.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5867.json new file mode 100644 index 00000000000..1cb08475463 --- /dev/null +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5867.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5867", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-31T01:15:08.020", + "lastModified": "2023-10-31T01:15:08.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 79fd29e92f9..97d059aeb4e 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-31T00:55:24.716120+00:00 +2023-10-31T03:00:24.561811+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-31T00:15:10.107000+00:00 +2023-10-31T02:15:08.007000+00:00 ``` ### Last Data Feed Release @@ -23,31 +23,29 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-10-30T01:00:13.533300+00:00 +2023-10-31T01:00:13.562077+00:00 ``` ### Total Number of included CVEs ```plain -229297 +229307 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` +Recently added CVEs: `10` -* [CVE-2023-43797](CVE-2023/CVE-2023-437xx/CVE-2023-43797.json) (`2023-10-30T23:15:08.317`) -* [CVE-2023-43798](CVE-2023/CVE-2023-437xx/CVE-2023-43798.json) (`2023-10-30T23:15:08.397`) -* [CVE-2023-44397](CVE-2023/CVE-2023-443xx/CVE-2023-44397.json) (`2023-10-30T23:15:08.467`) -* [CVE-2023-45670](CVE-2023/CVE-2023-456xx/CVE-2023-45670.json) (`2023-10-30T23:15:08.543`) -* [CVE-2023-45671](CVE-2023/CVE-2023-456xx/CVE-2023-45671.json) (`2023-10-30T23:15:08.620`) -* [CVE-2023-45672](CVE-2023/CVE-2023-456xx/CVE-2023-45672.json) (`2023-10-30T23:15:08.697`) -* [CVE-2023-45804](CVE-2023/CVE-2023-458xx/CVE-2023-45804.json) (`2023-10-30T23:15:08.773`) -* [CVE-2023-46478](CVE-2023/CVE-2023-464xx/CVE-2023-46478.json) (`2023-10-30T23:15:08.820`) -* [CVE-2023-46502](CVE-2023/CVE-2023-465xx/CVE-2023-46502.json) (`2023-10-30T23:15:08.857`) -* [CVE-2023-46129](CVE-2023/CVE-2023-461xx/CVE-2023-46129.json) (`2023-10-31T00:15:09.933`) -* [CVE-2023-46138](CVE-2023/CVE-2023-461xx/CVE-2023-46138.json) (`2023-10-31T00:15:10.023`) -* [CVE-2023-46139](CVE-2023/CVE-2023-461xx/CVE-2023-46139.json) (`2023-10-31T00:15:10.107`) +* [CVE-2023-31794](CVE-2023/CVE-2023-317xx/CVE-2023-31794.json) (`2023-10-31T01:15:07.497`) +* [CVE-2023-5861](CVE-2023/CVE-2023-58xx/CVE-2023-5861.json) (`2023-10-31T01:15:07.630`) +* [CVE-2023-5862](CVE-2023/CVE-2023-58xx/CVE-2023-5862.json) (`2023-10-31T01:15:07.697`) +* [CVE-2023-5863](CVE-2023/CVE-2023-58xx/CVE-2023-5863.json) (`2023-10-31T01:15:07.757`) +* [CVE-2023-5864](CVE-2023/CVE-2023-58xx/CVE-2023-5864.json) (`2023-10-31T01:15:07.817`) +* [CVE-2023-5865](CVE-2023/CVE-2023-58xx/CVE-2023-5865.json) (`2023-10-31T01:15:07.880`) +* [CVE-2023-5866](CVE-2023/CVE-2023-58xx/CVE-2023-5866.json) (`2023-10-31T01:15:07.947`) +* [CVE-2023-5867](CVE-2023/CVE-2023-58xx/CVE-2023-5867.json) (`2023-10-31T01:15:08.020`) +* [CVE-2023-45899](CVE-2023/CVE-2023-458xx/CVE-2023-45899.json) (`2023-10-31T02:15:07.957`) +* [CVE-2023-46040](CVE-2023/CVE-2023-460xx/CVE-2023-46040.json) (`2023-10-31T02:15:08.007`) ### CVEs modified in the last Commit