Auto-Update: 2024-01-12T00:55:25.380423+00:00

CVE-2023/CVE-2023-474xx/CVE-2023-47489.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-47489",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-11-09T06:15:24.347",
-  "lastModified": "2024-01-08T21:15:08.643",
+  "lastModified": "2024-01-11T23:15:08.317",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "An issue in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components."
+      "value": "CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components."
     },
     {
       "lang": "es",

CVE-2023/CVE-2023-513xx/CVE-2023-51350.json

@@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-51350",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-11T23:15:08.570",
+  "lastModified": "2024-01-11T23:15:08.570",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/ujcms/ujcms",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/ujcms/ujcms/issues/7",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.ujcms.com/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-65xx/CVE-2023-6594.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-6594",
   "sourceIdentifier": "security@wordfence.com",
   "published": "2024-01-09T03:15:08.390",
-  "lastModified": "2024-01-09T14:01:44.900",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2024-01-11T23:32:17.207",
+  "vulnStatus": "Analyzed",
   "descriptions": [
     {
       "lang": "en",
@@ -16,6 +16,26 @@
   ],
   "metrics": {
     "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 2.7
+      },
       {
         "source": "security@wordfence.com",
         "type": "Secondary",
@@ -38,14 +58,50 @@
       }
     ]
   },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:maxfoundry:maxbuttons:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "9.7.4",
+              "matchCriteriaId": "B33FF2B4-6C4B-4282-AD21-5DAD2CED2775"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3012872%40maxbuttons%2Ftrunk&old=2978023%40maxbuttons%2Ftrunk&sfp_email=&sfph_mail=",
-      "source": "security@wordfence.com"
+      "source": "security@wordfence.com",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfe2cabd-98f6-4ebc-8a02-e6951202aa88?source=cve",
-      "source": "security@wordfence.com"
+      "source": "security@wordfence.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2023/CVE-2023-67xx/CVE-2023-6788.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-6788",
   "sourceIdentifier": "security@wordfence.com",
   "published": "2024-01-09T04:15:07.493",
-  "lastModified": "2024-01-09T14:01:44.900",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2024-01-11T23:33:05.333",
+  "vulnStatus": "Analyzed",
   "descriptions": [
     {
       "lang": "en",
@@ -16,6 +16,26 @@
   ],
   "metrics": {
     "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      },
       {
         "source": "security@wordfence.com",
         "type": "Secondary",
@@ -38,18 +58,57 @@
       }
     ]
   },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "3.8.1",
+              "matchCriteriaId": "188FF1A9-A9ED-48CA-8113-A6C8525D1856"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/core/integrations/crm/hubspot/loader.php#L87",
-      "source": "security@wordfence.com"
+      "source": "security@wordfence.com",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://plugins.trac.wordpress.org/changeset/3011284/metform/trunk/core/integrations/crm/hubspot/loader.php",
-      "source": "security@wordfence.com"
+      "source": "security@wordfence.com",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30fd2425-ee48-4777-91c1-03906d63793a?source=cve",
-      "source": "security@wordfence.com"
+      "source": "security@wordfence.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2024/CVE-2024-04xx/CVE-2024-0443.json

@@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-0443",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2024-01-12T00:15:45.230",
+  "lastModified": "2024-01-12T00:15:45.230",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-402"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2024-0443",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257968",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-219xx/CVE-2024-21982.json

@@ -0,0 +1,43 @@
+{
+  "id": "CVE-2024-21982",
+  "sourceIdentifier": "security-alert@netapp.com",
+  "published": "2024-01-12T00:15:45.450",
+  "lastModified": "2024-01-12T00:15:45.450",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "ONTAP versions 9.4 and higher are susceptible to a vulnerability \nwhich when successfully exploited could lead to disclosure of sensitive \ninformation to unprivileged attackers when the object-store profiler \ncommand is being run by an administrative user.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-alert@netapp.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://security.netapp.com/advisory/ntap-20240111-0001/",
+      "source": "security-alert@netapp.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-01-11T23:00:24.485108+00:00
+2024-01-12T00:55:25.380423+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-01-11T22:54:29.440000+00:00
+2024-01-12T00:15:45.450000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,57 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-235682
+235685
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `13`
+Recently added CVEs: `3`
 
-* [CVE-2022-4959](CVE-2022/CVE-2022-49xx/CVE-2022-4959.json) (`2024-01-11T21:15:09.617`)
-* [CVE-2023-50123](CVE-2023/CVE-2023-501xx/CVE-2023-50123.json) (`2024-01-11T21:15:10.573`)
-* [CVE-2023-50124](CVE-2023/CVE-2023-501xx/CVE-2023-50124.json) (`2024-01-11T21:15:10.630`)
-* [CVE-2023-50125](CVE-2023/CVE-2023-501xx/CVE-2023-50125.json) (`2024-01-11T21:15:10.680`)
-* [CVE-2023-50126](CVE-2023/CVE-2023-501xx/CVE-2023-50126.json) (`2024-01-11T21:15:10.723`)
-* [CVE-2023-50127](CVE-2023/CVE-2023-501xx/CVE-2023-50127.json) (`2024-01-11T21:15:10.770`)
-* [CVE-2023-50128](CVE-2023/CVE-2023-501xx/CVE-2023-50128.json) (`2024-01-11T21:15:10.817`)
-* [CVE-2023-50129](CVE-2023/CVE-2023-501xx/CVE-2023-50129.json) (`2024-01-11T21:15:10.867`)
-* [CVE-2023-7226](CVE-2023/CVE-2023-72xx/CVE-2023-7226.json) (`2024-01-11T21:15:12.030`)
-* [CVE-2023-46474](CVE-2023/CVE-2023-464xx/CVE-2023-46474.json) (`2024-01-11T22:15:45.713`)
-* [CVE-2024-0426](CVE-2024/CVE-2024-04xx/CVE-2024-0426.json) (`2024-01-11T21:15:12.453`)
-* [CVE-2024-20675](CVE-2024/CVE-2024-206xx/CVE-2024-20675.json) (`2024-01-11T21:15:13.073`)
-* [CVE-2024-21337](CVE-2024/CVE-2024-213xx/CVE-2024-21337.json) (`2024-01-11T22:15:46.500`)
+* [CVE-2023-51350](CVE-2023/CVE-2023-513xx/CVE-2023-51350.json) (`2024-01-11T23:15:08.570`)
+* [CVE-2024-0443](CVE-2024/CVE-2024-04xx/CVE-2024-0443.json) (`2024-01-12T00:15:45.230`)
+* [CVE-2024-21982](CVE-2024/CVE-2024-219xx/CVE-2024-21982.json) (`2024-01-12T00:15:45.450`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `29`
+Recently modified CVEs: `3`
 
-* [CVE-2023-35827](CVE-2023/CVE-2023-358xx/CVE-2023-35827.json) (`2024-01-11T21:15:10.180`)
-* [CVE-2023-45863](CVE-2023/CVE-2023-458xx/CVE-2023-45863.json) (`2024-01-11T21:15:10.273`)
-* [CVE-2023-46813](CVE-2023/CVE-2023-468xx/CVE-2023-46813.json) (`2024-01-11T21:15:10.350`)
-* [CVE-2023-46862](CVE-2023/CVE-2023-468xx/CVE-2023-46862.json) (`2024-01-11T21:15:10.437`)
-* [CVE-2023-51780](CVE-2023/CVE-2023-517xx/CVE-2023-51780.json) (`2024-01-11T21:15:10.960`)
-* [CVE-2023-51781](CVE-2023/CVE-2023-517xx/CVE-2023-51781.json) (`2024-01-11T21:15:11.007`)
-* [CVE-2023-51782](CVE-2023/CVE-2023-517xx/CVE-2023-51782.json) (`2024-01-11T21:15:11.050`)
-* [CVE-2023-5178](CVE-2023/CVE-2023-51xx/CVE-2023-5178.json) (`2024-01-11T21:15:11.103`)
-* [CVE-2023-5197](CVE-2023/CVE-2023-51xx/CVE-2023-5197.json) (`2024-01-11T21:15:11.260`)
-* [CVE-2023-5717](CVE-2023/CVE-2023-57xx/CVE-2023-5717.json) (`2024-01-11T21:15:11.413`)
-* [CVE-2023-6121](CVE-2023/CVE-2023-61xx/CVE-2023-6121.json) (`2024-01-11T21:15:11.517`)
-* [CVE-2023-6817](CVE-2023/CVE-2023-68xx/CVE-2023-6817.json) (`2024-01-11T21:15:11.647`)
-* [CVE-2023-6931](CVE-2023/CVE-2023-69xx/CVE-2023-6931.json) (`2024-01-11T21:15:11.767`)
-* [CVE-2023-6932](CVE-2023/CVE-2023-69xx/CVE-2023-6932.json) (`2024-01-11T21:15:11.910`)
-* [CVE-2023-35356](CVE-2023/CVE-2023-353xx/CVE-2023-35356.json) (`2024-01-11T22:15:45.487`)
-* [CVE-2023-35633](CVE-2023/CVE-2023-356xx/CVE-2023-35633.json) (`2024-01-11T22:15:45.603`)
-* [CVE-2023-6875](CVE-2023/CVE-2023-68xx/CVE-2023-6875.json) (`2024-01-11T22:15:45.790`)
-* [CVE-2023-7027](CVE-2023/CVE-2023-70xx/CVE-2023-7027.json) (`2024-01-11T22:15:45.853`)
-* [CVE-2023-49252](CVE-2023/CVE-2023-492xx/CVE-2023-49252.json) (`2024-01-11T22:43:37.097`)
-* [CVE-2023-49621](CVE-2023/CVE-2023-496xx/CVE-2023-49621.json) (`2024-01-11T22:46:50.263`)
-* [CVE-2023-27000](CVE-2023/CVE-2023-270xx/CVE-2023-27000.json) (`2024-01-11T22:54:29.440`)
-* [CVE-2024-0307](CVE-2024/CVE-2024-03xx/CVE-2024-0307.json) (`2024-01-11T21:08:45.333`)
-* [CVE-2024-0305](CVE-2024/CVE-2024-03xx/CVE-2024-0305.json) (`2024-01-11T21:18:08.867`)
-* [CVE-2024-0306](CVE-2024/CVE-2024-03xx/CVE-2024-0306.json) (`2024-01-11T21:22:22.937`)
-* [CVE-2024-21738](CVE-2024/CVE-2024-217xx/CVE-2024-21738.json) (`2024-01-11T22:54:02.190`)
+* [CVE-2023-47489](CVE-2023/CVE-2023-474xx/CVE-2023-47489.json) (`2024-01-11T23:15:08.317`)
+* [CVE-2023-6594](CVE-2023/CVE-2023-65xx/CVE-2023-6594.json) (`2024-01-11T23:32:17.207`)
+* [CVE-2023-6788](CVE-2023/CVE-2023-67xx/CVE-2023-6788.json) (`2024-01-11T23:33:05.333`)
 
 
 ## Download and Usage