Auto-Update: 2023-12-15T07:00:24.842302+00:00

2025-05-08 19:47:09 +00:00 · 2023-12-15 07:00:28 +00:00 · 2023-12-15 07:00:28 +00:00 · 55b0e23644
commit 55b0e23644
parent dc49b86c80
4 changed files with 123 additions and 12 deletions
--- a/CVE-2023/CVE-2023-483xx/CVE-2023-48372.json
+++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48372.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48372",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-12-15T05:15:07.897",
+  "lastModified": "2023-12-15T05:15:07.897",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7591-07c51-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-483xx/CVE-2023-48373.json
+++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48373.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48373",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-12-15T05:15:08.153",
+  "lastModified": "2023-12-15T05:15:08.153",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "ITPison OMICARD EDM has a path traversal vulnerability within its parameter \u201cFileName\u201d in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7592-998bf-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-62xx/CVE-2023-6275.json
+++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6275.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-6275",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-11-24T15:15:07.783",
-  "lastModified": "2023-12-14T14:15:45.640",
+  "lastModified": "2023-12-15T06:15:43.300",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input \"><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-246104."
+      "value": "A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input \"><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.1-231128, 1.8.0-231127 and 1.8.1-231127 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-246104."
    },
    {
      "lang": "es",
@ -115,6 +115,10 @@
    }
  ],
  "references": [
+    {
+      "url": "https://tdn.totvs.com/pages/releaseview.action?pageId=761497686",
+      "source": "cna@vuldb.com"
+    },
    {
      "url": "https://vuldb.com/?ctiid.246104",
      "source": "cna@vuldb.com",
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-12-15T05:00:23.833894+00:00
+2023-12-15T07:00:24.842302+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-12-15T04:15:06.900000+00:00
+2023-12-15T06:15:43.300000+00:00
 ```

 ### Last Data Feed Release
@ -29,25 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-233245
+233247
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `2`

-* [CVE-2023-50715](CVE-2023/CVE-2023-507xx/CVE-2023-50715.json) (`2023-12-15T03:15:45.127`)
-* [CVE-2023-48371](CVE-2023/CVE-2023-483xx/CVE-2023-48371.json) (`2023-12-15T04:15:06.900`)
+* [CVE-2023-48372](CVE-2023/CVE-2023-483xx/CVE-2023-48372.json) (`2023-12-15T05:15:07.897`)
+* [CVE-2023-48373](CVE-2023/CVE-2023-483xx/CVE-2023-48373.json) (`2023-12-15T05:15:08.153`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `4`
+Recently modified CVEs: `1`

-* [CVE-2023-46218](CVE-2023/CVE-2023-462xx/CVE-2023-46218.json) (`2023-12-15T03:15:44.970`)
-* [CVE-2023-46219](CVE-2023/CVE-2023-462xx/CVE-2023-46219.json) (`2023-12-15T03:15:45.060`)
-* [CVE-2023-6377](CVE-2023/CVE-2023-63xx/CVE-2023-6377.json) (`2023-12-15T03:15:45.330`)
-* [CVE-2023-6478](CVE-2023/CVE-2023-64xx/CVE-2023-6478.json) (`2023-12-15T03:15:45.427`)
+* [CVE-2023-6275](CVE-2023/CVE-2023-62xx/CVE-2023-6275.json) (`2023-12-15T06:15:43.300`)


 ## Download and Usage