Auto-Update: 2024-01-09T00:55:25.218797+00:00

2025-07-09 16:05:11 +00:00 · 2024-01-09 00:55:28 +00:00 · 2024-01-09 00:55:28 +00:00 · 60ecfc8a28
commit 60ecfc8a28
parent c4b4fd0e95
13 changed files with 266 additions and 40 deletions
--- a/CVE-2023/CVE-2023-284xx/CVE-2023-28474.json
+++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28474.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-28474",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-04-28T14:15:10.487",
-  "lastModified": "2023-05-05T14:25:33.800",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-09T00:15:44.137",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search."
+      "value": "Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search."
    }
  ],
  "metrics": {
@ -72,6 +72,10 @@
        "Product"
      ]
    },
+    {
+      "url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20",
      "source": "cve@mitre.org",
--- a/CVE-2023/CVE-2023-284xx/CVE-2023-28476.json
+++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28476.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-28476",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-04-28T14:15:10.557",
-  "lastModified": "2023-05-05T14:25:10.817",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-09T00:15:44.243",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files."
+      "value": "Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files."
    }
  ],
  "metrics": {
@ -72,6 +72,10 @@
        "Product"
      ]
    },
+    {
+      "url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20",
      "source": "cve@mitre.org",
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29048.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29048.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-29048",
  "sourceIdentifier": "security@open-xchange.com",
  "published": "2024-01-08T09:15:19.893",
-  "lastModified": "2024-01-08T12:02:30.513",
+  "lastModified": "2024-01-08T23:15:08.247",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -51,6 +51,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://seclists.org/fulldisclosure/2024/Jan/3",
+      "source": "security@open-xchange.com"
+    },
    {
      "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0005.json",
      "source": "security@open-xchange.com"
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29049.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29049.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-29049",
  "sourceIdentifier": "security@open-xchange.com",
  "published": "2024-01-08T09:15:20.120",
-  "lastModified": "2024-01-08T12:02:30.513",
+  "lastModified": "2024-01-08T23:15:08.553",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -51,6 +51,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://seclists.org/fulldisclosure/2024/Jan/3",
+      "source": "security@open-xchange.com"
+    },
    {
      "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0005.json",
      "source": "security@open-xchange.com"
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29050.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29050.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-29050",
  "sourceIdentifier": "security@open-xchange.com",
  "published": "2024-01-08T09:15:20.300",
-  "lastModified": "2024-01-08T12:02:30.513",
+  "lastModified": "2024-01-08T23:15:08.630",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -51,6 +51,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://seclists.org/fulldisclosure/2024/Jan/3",
+      "source": "security@open-xchange.com"
+    },
    {
      "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0005.json",
      "source": "security@open-xchange.com"
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29051.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29051.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-29051",
  "sourceIdentifier": "security@open-xchange.com",
  "published": "2024-01-08T09:15:20.480",
-  "lastModified": "2024-01-08T12:02:30.513",
+  "lastModified": "2024-01-08T23:15:08.707",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -51,6 +51,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://seclists.org/fulldisclosure/2024/Jan/4",
+      "source": "security@open-xchange.com"
+    },
    {
      "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0006.json",
      "source": "security@open-xchange.com"
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29052.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29052.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-29052",
  "sourceIdentifier": "security@open-xchange.com",
  "published": "2024-01-08T09:15:20.680",
-  "lastModified": "2024-01-08T12:02:30.513",
+  "lastModified": "2024-01-08T23:15:08.780",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -51,6 +51,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://seclists.org/fulldisclosure/2024/Jan/4",
+      "source": "security@open-xchange.com"
+    },
    {
      "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0006.json",
      "source": "security@open-xchange.com"
--- a/CVE-2023/CVE-2023-417xx/CVE-2023-41710.json
+++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41710.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-41710",
  "sourceIdentifier": "security@open-xchange.com",
  "published": "2024-01-08T09:15:20.883",
-  "lastModified": "2024-01-08T12:02:30.513",
+  "lastModified": "2024-01-08T23:15:08.850",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -51,6 +51,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://seclists.org/fulldisclosure/2024/Jan/4",
+      "source": "security@open-xchange.com"
+    },
    {
      "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0006.json",
      "source": "security@open-xchange.com"
--- a/CVE-2023/CVE-2023-501xx/CVE-2023-50162.json
+++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50162.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-50162",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-09T00:15:44.320",
+  "lastModified": "2024-01-09T00:15:44.320",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/Teresazdy/CVE",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-216xx/CVE-2024-21648.json
+++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21648.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-21648",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-01-09T00:15:44.383",
+  "lastModified": "2024-01-09T00:15:44.383",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback. "
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.0,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-274"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xh35-w7wg-95v3",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://jira.xwiki.org/browse/XWIKI-21257",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-216xx/CVE-2024-21651.json
+++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21651.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-21651",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-01-09T00:15:44.600",
+  "lastModified": "2024-01-09T00:15:44.600",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-400"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://jira.xwiki.org/browse/XCOMMONS-2796",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-216xx/CVE-2024-21663.json
+++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21663.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-21663",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-01-09T00:15:44.790",
+  "lastModified": "2024-01-09T00:15:44.790",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.9,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/DEMON1A/Discord-Recon/issues/23",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-08T23:00:24.463816+00:00
+2024-01-09T00:55:25.218797+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-08T22:15:45.267000+00:00
+2024-01-09T00:15:44.790000+00:00
 ```

 ### Last Data Feed Release
@ -29,42 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-235197
+235201
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `21`
+Recently added CVEs: `4`

-* [CVE-2022-45354](CVE-2022/CVE-2022-453xx/CVE-2022-45354.json) (`2024-01-08T21:15:08.260`)
-* [CVE-2022-29409](CVE-2022/CVE-2022-294xx/CVE-2022-29409.json) (`2024-01-08T22:15:44.113`)
-* [CVE-2022-34344](CVE-2022/CVE-2022-343xx/CVE-2022-34344.json) (`2024-01-08T22:15:44.540`)
-* [CVE-2022-36352](CVE-2022/CVE-2022-363xx/CVE-2022-36352.json) (`2024-01-08T22:15:44.760`)
-* [CVE-2022-40696](CVE-2022/CVE-2022-406xx/CVE-2022-40696.json) (`2024-01-08T22:15:44.970`)
-* [CVE-2023-27739](CVE-2023/CVE-2023-277xx/CVE-2023-27739.json) (`2024-01-08T21:15:08.587`)
-* [CVE-2023-49961](CVE-2023/CVE-2023-499xx/CVE-2023-49961.json) (`2024-01-08T21:15:08.767`)
-* [CVE-2023-51406](CVE-2023/CVE-2023-514xx/CVE-2023-51406.json) (`2024-01-08T21:15:08.817`)
-* [CVE-2023-51408](CVE-2023/CVE-2023-514xx/CVE-2023-51408.json) (`2024-01-08T21:15:09.013`)
-* [CVE-2023-51490](CVE-2023/CVE-2023-514xx/CVE-2023-51490.json) (`2024-01-08T21:15:09.213`)
-* [CVE-2023-51508](CVE-2023/CVE-2023-515xx/CVE-2023-51508.json) (`2024-01-08T21:15:09.420`)
-* [CVE-2023-52142](CVE-2023/CVE-2023-521xx/CVE-2023-52142.json) (`2024-01-08T21:15:09.607`)
-* [CVE-2023-52196](CVE-2023/CVE-2023-521xx/CVE-2023-52196.json) (`2024-01-08T21:15:09.820`)
-* [CVE-2023-52197](CVE-2023/CVE-2023-521xx/CVE-2023-52197.json) (`2024-01-08T21:15:10.040`)
-* [CVE-2023-52198](CVE-2023/CVE-2023-521xx/CVE-2023-52198.json) (`2024-01-08T21:15:10.243`)
-* [CVE-2023-52201](CVE-2023/CVE-2023-522xx/CVE-2023-52201.json) (`2024-01-08T21:15:10.443`)
-* [CVE-2023-52202](CVE-2023/CVE-2023-522xx/CVE-2023-52202.json) (`2024-01-08T21:15:10.633`)
-* [CVE-2023-7218](CVE-2023/CVE-2023-72xx/CVE-2023-7218.json) (`2024-01-08T21:15:10.850`)
-* [CVE-2023-52072](CVE-2023/CVE-2023-520xx/CVE-2023-52072.json) (`2024-01-08T22:15:45.173`)
-* [CVE-2023-52073](CVE-2023/CVE-2023-520xx/CVE-2023-52073.json) (`2024-01-08T22:15:45.220`)
-* [CVE-2023-52074](CVE-2023/CVE-2023-520xx/CVE-2023-52074.json) (`2024-01-08T22:15:45.267`)
+* [CVE-2023-50162](CVE-2023/CVE-2023-501xx/CVE-2023-50162.json) (`2024-01-09T00:15:44.320`)
+* [CVE-2024-21648](CVE-2024/CVE-2024-216xx/CVE-2024-21648.json) (`2024-01-09T00:15:44.383`)
+* [CVE-2024-21651](CVE-2024/CVE-2024-216xx/CVE-2024-21651.json) (`2024-01-09T00:15:44.600`)
+* [CVE-2024-21663](CVE-2024/CVE-2024-216xx/CVE-2024-21663.json) (`2024-01-09T00:15:44.790`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `2`
+Recently modified CVEs: `8`

-* [CVE-2022-29923](CVE-2022/CVE-2022-299xx/CVE-2022-29923.json) (`2024-01-08T22:15:44.267`)
-* [CVE-2023-47489](CVE-2023/CVE-2023-474xx/CVE-2023-47489.json) (`2024-01-08T21:15:08.643`)
+* [CVE-2023-29048](CVE-2023/CVE-2023-290xx/CVE-2023-29048.json) (`2024-01-08T23:15:08.247`)
+* [CVE-2023-29049](CVE-2023/CVE-2023-290xx/CVE-2023-29049.json) (`2024-01-08T23:15:08.553`)
+* [CVE-2023-29050](CVE-2023/CVE-2023-290xx/CVE-2023-29050.json) (`2024-01-08T23:15:08.630`)
+* [CVE-2023-29051](CVE-2023/CVE-2023-290xx/CVE-2023-29051.json) (`2024-01-08T23:15:08.707`)
+* [CVE-2023-29052](CVE-2023/CVE-2023-290xx/CVE-2023-29052.json) (`2024-01-08T23:15:08.780`)
+* [CVE-2023-41710](CVE-2023/CVE-2023-417xx/CVE-2023-41710.json) (`2024-01-08T23:15:08.850`)
+* [CVE-2023-28474](CVE-2023/CVE-2023-284xx/CVE-2023-28474.json) (`2024-01-09T00:15:44.137`)
+* [CVE-2023-28476](CVE-2023/CVE-2023-284xx/CVE-2023-28476.json) (`2024-01-09T00:15:44.243`)


 ## Download and Usage