From 4ba9604afc22148405f7866aae166938de7c96d7 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 30 Oct 2023 00:55:29 +0000 Subject: [PATCH] Auto-Update: 2023-10-30T00:55:26.083424+00:00 --- CVE-2023/CVE-2023-43xx/CVE-2023-4393.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-440xx/CVE-2023-44002.json | 15 ++++++ CVE-2023/CVE-2023-468xx/CVE-2023-46863.json | 20 +++++++ CVE-2023/CVE-2023-468xx/CVE-2023-46864.json | 20 +++++++ README.md | 13 +++-- 5 files changed, 122 insertions(+), 5 deletions(-) create mode 100644 CVE-2023/CVE-2023-43xx/CVE-2023-4393.json create mode 100644 CVE-2023/CVE-2023-440xx/CVE-2023-44002.json create mode 100644 CVE-2023/CVE-2023-468xx/CVE-2023-46863.json create mode 100644 CVE-2023/CVE-2023-468xx/CVE-2023-46864.json diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4393.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4393.json new file mode 100644 index 00000000000..da5e6b05186 --- /dev/null +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4393.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4393", + "sourceIdentifier": "vdp@themissinglink.com.au", + "published": "2023-10-30T00:15:39.237", + "lastModified": "2023-10-30T00:15:39.237", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdp@themissinglink.com.au", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "vdp@themissinglink.com.au", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + }, + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "references": [ + { + "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-4393", + "source": "vdp@themissinglink.com.au" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44002.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44002.json new file mode 100644 index 00000000000..969096867a2 --- /dev/null +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44002.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2023-44002", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-30T00:15:39.077", + "lastModified": "2023-10-30T00:15:39.077", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46863.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46863.json new file mode 100644 index 00000000000..69420cb3084 --- /dev/null +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46863.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-46863", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-30T00:15:39.157", + "lastModified": "2023-10-30T00:15:39.157", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Peppermint-Lab/peppermint/issues/108", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46864.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46864.json new file mode 100644 index 00000000000..2a543f5a7a4 --- /dev/null +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46864.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-46864", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-30T00:15:39.200", + "lastModified": "2023-10-30T00:15:39.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Peppermint-Lab/peppermint/issues/171", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 34196178e6a..6d0b31f09b4 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-29T19:00:24.542166+00:00 +2023-10-30T00:55:26.083424+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-29T18:15:38.687000+00:00 +2023-10-30T00:15:39.237000+00:00 ``` ### Last Data Feed Release @@ -29,14 +29,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -229118 +229122 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `4` -* [CVE-2007-10003](CVE-2007/CVE-2007-100xx/CVE-2007-10003.json) (`2023-10-29T18:15:38.687`) +* [CVE-2023-44002](CVE-2023/CVE-2023-440xx/CVE-2023-44002.json) (`2023-10-30T00:15:39.077`) +* [CVE-2023-46863](CVE-2023/CVE-2023-468xx/CVE-2023-46863.json) (`2023-10-30T00:15:39.157`) +* [CVE-2023-46864](CVE-2023/CVE-2023-468xx/CVE-2023-46864.json) (`2023-10-30T00:15:39.200`) +* [CVE-2023-4393](CVE-2023/CVE-2023-43xx/CVE-2023-4393.json) (`2023-10-30T00:15:39.237`) ### CVEs modified in the last Commit