diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28474.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28474.json index c09edbe541c..3d1261b9521 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28474.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28474.json @@ -2,12 +2,12 @@ "id": "CVE-2023-28474", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-28T14:15:10.487", - "lastModified": "2023-05-05T14:25:33.800", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-09T00:15:44.137", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search." + "value": "Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search." } ], "metrics": { @@ -72,6 +72,10 @@ "Product" ] }, + { + "url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates", + "source": "cve@mitre.org" + }, { "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28476.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28476.json index a987374aa0a..1faa443e809 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28476.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28476.json @@ -2,12 +2,12 @@ "id": "CVE-2023-28476", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-28T14:15:10.557", - "lastModified": "2023-05-05T14:25:10.817", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-09T00:15:44.243", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files." + "value": "Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files." } ], "metrics": { @@ -72,6 +72,10 @@ "Product" ] }, + { + "url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates", + "source": "cve@mitre.org" + }, { "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29048.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29048.json index 8481a6ce272..c0442927603 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29048.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29048.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29048", "sourceIdentifier": "security@open-xchange.com", "published": "2024-01-08T09:15:19.893", - "lastModified": "2024-01-08T12:02:30.513", + "lastModified": "2024-01-08T23:15:08.247", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -51,6 +51,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Jan/3", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0005.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29049.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29049.json index 5c379d05fe2..022056eb4ff 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29049.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29049.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29049", "sourceIdentifier": "security@open-xchange.com", "published": "2024-01-08T09:15:20.120", - "lastModified": "2024-01-08T12:02:30.513", + "lastModified": "2024-01-08T23:15:08.553", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -51,6 +51,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Jan/3", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0005.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29050.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29050.json index d0e536db0b3..2152cbe1e57 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29050.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29050.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29050", "sourceIdentifier": "security@open-xchange.com", "published": "2024-01-08T09:15:20.300", - "lastModified": "2024-01-08T12:02:30.513", + "lastModified": "2024-01-08T23:15:08.630", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -51,6 +51,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Jan/3", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0005.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29051.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29051.json index 7b0bcc5b0cf..c8f9669599d 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29051.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29051.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29051", "sourceIdentifier": "security@open-xchange.com", "published": "2024-01-08T09:15:20.480", - "lastModified": "2024-01-08T12:02:30.513", + "lastModified": "2024-01-08T23:15:08.707", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -51,6 +51,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Jan/4", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0006.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29052.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29052.json index b0f12a832a9..ff005d9b73c 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29052.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29052.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29052", "sourceIdentifier": "security@open-xchange.com", "published": "2024-01-08T09:15:20.680", - "lastModified": "2024-01-08T12:02:30.513", + "lastModified": "2024-01-08T23:15:08.780", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -51,6 +51,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Jan/4", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0006.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41710.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41710.json index 6a7b70e3fa4..6a55194ebdb 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41710.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41710.json @@ -2,7 +2,7 @@ "id": "CVE-2023-41710", "sourceIdentifier": "security@open-xchange.com", "published": "2024-01-08T09:15:20.883", - "lastModified": "2024-01-08T12:02:30.513", + "lastModified": "2024-01-08T23:15:08.850", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -51,6 +51,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Jan/4", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0006.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50162.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50162.json new file mode 100644 index 00000000000..d903d55a6aa --- /dev/null +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50162.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-50162", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-09T00:15:44.320", + "lastModified": "2024-01-09T00:15:44.320", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Teresazdy/CVE", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21648.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21648.json new file mode 100644 index 00000000000..d1698e84d12 --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21648.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-21648", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-09T00:15:44.383", + "lastModified": "2024-01-09T00:15:44.383", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-274" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xh35-w7wg-95v3", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-21257", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21651.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21651.json new file mode 100644 index 00000000000..3348c353441 --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21651.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-21651", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-09T00:15:44.600", + "lastModified": "2024-01-09T00:15:44.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XCOMMONS-2796", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21663.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21663.json new file mode 100644 index 00000000000..db83dea2120 --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21663.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-21663", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-09T00:15:44.790", + "lastModified": "2024-01-09T00:15:44.790", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/DEMON1A/Discord-Recon/issues/23", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a2441c069b8..f4de4079085 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-08T23:00:24.463816+00:00 +2024-01-09T00:55:25.218797+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-08T22:15:45.267000+00:00 +2024-01-09T00:15:44.790000+00:00 ``` ### Last Data Feed Release @@ -29,42 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235197 +235201 ``` ### CVEs added in the last Commit -Recently added CVEs: `21` +Recently added CVEs: `4` -* [CVE-2022-45354](CVE-2022/CVE-2022-453xx/CVE-2022-45354.json) (`2024-01-08T21:15:08.260`) -* [CVE-2022-29409](CVE-2022/CVE-2022-294xx/CVE-2022-29409.json) (`2024-01-08T22:15:44.113`) -* [CVE-2022-34344](CVE-2022/CVE-2022-343xx/CVE-2022-34344.json) (`2024-01-08T22:15:44.540`) -* [CVE-2022-36352](CVE-2022/CVE-2022-363xx/CVE-2022-36352.json) (`2024-01-08T22:15:44.760`) -* [CVE-2022-40696](CVE-2022/CVE-2022-406xx/CVE-2022-40696.json) (`2024-01-08T22:15:44.970`) -* [CVE-2023-27739](CVE-2023/CVE-2023-277xx/CVE-2023-27739.json) (`2024-01-08T21:15:08.587`) -* [CVE-2023-49961](CVE-2023/CVE-2023-499xx/CVE-2023-49961.json) (`2024-01-08T21:15:08.767`) -* [CVE-2023-51406](CVE-2023/CVE-2023-514xx/CVE-2023-51406.json) (`2024-01-08T21:15:08.817`) -* [CVE-2023-51408](CVE-2023/CVE-2023-514xx/CVE-2023-51408.json) (`2024-01-08T21:15:09.013`) -* [CVE-2023-51490](CVE-2023/CVE-2023-514xx/CVE-2023-51490.json) (`2024-01-08T21:15:09.213`) -* [CVE-2023-51508](CVE-2023/CVE-2023-515xx/CVE-2023-51508.json) (`2024-01-08T21:15:09.420`) -* [CVE-2023-52142](CVE-2023/CVE-2023-521xx/CVE-2023-52142.json) (`2024-01-08T21:15:09.607`) -* [CVE-2023-52196](CVE-2023/CVE-2023-521xx/CVE-2023-52196.json) (`2024-01-08T21:15:09.820`) -* [CVE-2023-52197](CVE-2023/CVE-2023-521xx/CVE-2023-52197.json) (`2024-01-08T21:15:10.040`) -* [CVE-2023-52198](CVE-2023/CVE-2023-521xx/CVE-2023-52198.json) (`2024-01-08T21:15:10.243`) -* [CVE-2023-52201](CVE-2023/CVE-2023-522xx/CVE-2023-52201.json) (`2024-01-08T21:15:10.443`) -* [CVE-2023-52202](CVE-2023/CVE-2023-522xx/CVE-2023-52202.json) (`2024-01-08T21:15:10.633`) -* [CVE-2023-7218](CVE-2023/CVE-2023-72xx/CVE-2023-7218.json) (`2024-01-08T21:15:10.850`) -* [CVE-2023-52072](CVE-2023/CVE-2023-520xx/CVE-2023-52072.json) (`2024-01-08T22:15:45.173`) -* [CVE-2023-52073](CVE-2023/CVE-2023-520xx/CVE-2023-52073.json) (`2024-01-08T22:15:45.220`) -* [CVE-2023-52074](CVE-2023/CVE-2023-520xx/CVE-2023-52074.json) (`2024-01-08T22:15:45.267`) +* [CVE-2023-50162](CVE-2023/CVE-2023-501xx/CVE-2023-50162.json) (`2024-01-09T00:15:44.320`) +* [CVE-2024-21648](CVE-2024/CVE-2024-216xx/CVE-2024-21648.json) (`2024-01-09T00:15:44.383`) +* [CVE-2024-21651](CVE-2024/CVE-2024-216xx/CVE-2024-21651.json) (`2024-01-09T00:15:44.600`) +* [CVE-2024-21663](CVE-2024/CVE-2024-216xx/CVE-2024-21663.json) (`2024-01-09T00:15:44.790`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `8` -* [CVE-2022-29923](CVE-2022/CVE-2022-299xx/CVE-2022-29923.json) (`2024-01-08T22:15:44.267`) -* [CVE-2023-47489](CVE-2023/CVE-2023-474xx/CVE-2023-47489.json) (`2024-01-08T21:15:08.643`) +* [CVE-2023-29048](CVE-2023/CVE-2023-290xx/CVE-2023-29048.json) (`2024-01-08T23:15:08.247`) +* [CVE-2023-29049](CVE-2023/CVE-2023-290xx/CVE-2023-29049.json) (`2024-01-08T23:15:08.553`) +* [CVE-2023-29050](CVE-2023/CVE-2023-290xx/CVE-2023-29050.json) (`2024-01-08T23:15:08.630`) +* [CVE-2023-29051](CVE-2023/CVE-2023-290xx/CVE-2023-29051.json) (`2024-01-08T23:15:08.707`) +* [CVE-2023-29052](CVE-2023/CVE-2023-290xx/CVE-2023-29052.json) (`2024-01-08T23:15:08.780`) +* [CVE-2023-41710](CVE-2023/CVE-2023-417xx/CVE-2023-41710.json) (`2024-01-08T23:15:08.850`) +* [CVE-2023-28474](CVE-2023/CVE-2023-284xx/CVE-2023-28474.json) (`2024-01-09T00:15:44.137`) +* [CVE-2023-28476](CVE-2023/CVE-2023-284xx/CVE-2023-28476.json) (`2024-01-09T00:15:44.243`) ## Download and Usage