Auto-Update: 2023-05-30T12:00:23.931959+00:00

2025-07-09 16:05:11 +00:00 · 2023-05-30 12:00:27 +00:00 · 2023-05-30 12:00:27 +00:00 · 652f49b178
commit 652f49b178
parent 33879aea3a
5 changed files with 202 additions and 23 deletions
--- a/CVE-2022/CVE-2022-458xx/CVE-2022-45853.json
+++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45853.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2022-45853",
+  "sourceIdentifier": "security@zyxel.com.tw",
+  "published": "2023-05-30T11:15:09.237",
+  "lastModified": "2023-05-30T11:15:09.237",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2972.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2972.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-2972",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-05-30T11:15:09.373",
+  "lastModified": "2023-05-30T11:15:09.373",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-1321"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/antfu/utils/commit/7f8b16c6181c988bdb96613fbb2533b345f68682",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.dev/bounties/009f1cd9-401c-49a7-bd08-be35cff6faef",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2973.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2973.json
@ -0,0 +1,88 @@
+{
+  "id": "CVE-2023-2973",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-05-30T11:15:09.457",
+  "lastModified": "2023-05-30T11:15:09.457",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Students Online Internship Timesheet Syste 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_company. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230204."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 2.4,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "MULTIPLE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.3
+        },
+        "baseSeverity": "LOW",
+        "exploitabilityScore": 6.4,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/ShallowDream888/VulnerabilityReport/blob/main/XSS.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.230204",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.230204",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-332xx/CVE-2023-33234.json
+++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33234.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-33234",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2023-05-30T11:15:09.553",
+  "lastModified": "2023-05-30T11:15:09.553",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection.\n\nIn order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connection object in this manner.\u00a0 Operators should upgrade to provider version 7.0.0 which has removed the vulnerability.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-74"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/n1vpgl6h2qsdm52o9m2tx1oo86tl4gnq",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-05-30T10:00:25.876080+00:00
+2023-05-30T12:00:23.931959+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-05-30T08:15:10.450000+00:00
+2023-05-30T11:15:09.553000+00:00
 ```

 ### Last Data Feed Release
@ -29,32 +29,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-216346
+216350
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `19`
+Recently added CVEs: `4`

-* [CVE-2022-4676](CVE-2022/CVE-2022-46xx/CVE-2022-4676.json) (`2023-05-30T08:15:09.307`)
-* [CVE-2023-0329](CVE-2023/CVE-2023-03xx/CVE-2023-0329.json) (`2023-05-30T08:15:09.397`)
-* [CVE-2023-0443](CVE-2023/CVE-2023-04xx/CVE-2023-0443.json) (`2023-05-30T08:15:09.460`)
-* [CVE-2023-0733](CVE-2023/CVE-2023-07xx/CVE-2023-0733.json) (`2023-05-30T08:15:09.523`)
-* [CVE-2023-0766](CVE-2023/CVE-2023-07xx/CVE-2023-0766.json) (`2023-05-30T08:15:09.590`)
-* [CVE-2023-1524](CVE-2023/CVE-2023-15xx/CVE-2023-1524.json) (`2023-05-30T08:15:09.657`)
-* [CVE-2023-1938](CVE-2023/CVE-2023-19xx/CVE-2023-1938.json) (`2023-05-30T08:15:09.713`)
-* [CVE-2023-2023](CVE-2023/CVE-2023-20xx/CVE-2023-2023.json) (`2023-05-30T08:15:09.787`)
-* [CVE-2023-2111](CVE-2023/CVE-2023-21xx/CVE-2023-2111.json) (`2023-05-30T08:15:09.837`)
-* [CVE-2023-2113](CVE-2023/CVE-2023-21xx/CVE-2023-2113.json) (`2023-05-30T08:15:09.900`)
-* [CVE-2023-2117](CVE-2023/CVE-2023-21xx/CVE-2023-2117.json) (`2023-05-30T08:15:09.963`)
-* [CVE-2023-2223](CVE-2023/CVE-2023-22xx/CVE-2023-2223.json) (`2023-05-30T08:15:10.030`)
-* [CVE-2023-2256](CVE-2023/CVE-2023-22xx/CVE-2023-2256.json) (`2023-05-30T08:15:10.097`)
-* [CVE-2023-2287](CVE-2023/CVE-2023-22xx/CVE-2023-2287.json) (`2023-05-30T08:15:10.157`)
-* [CVE-2023-2288](CVE-2023/CVE-2023-22xx/CVE-2023-2288.json) (`2023-05-30T08:15:10.217`)
-* [CVE-2023-2296](CVE-2023/CVE-2023-22xx/CVE-2023-2296.json) (`2023-05-30T08:15:10.280`)
-* [CVE-2023-2470](CVE-2023/CVE-2023-24xx/CVE-2023-2470.json) (`2023-05-30T08:15:10.337`)
-* [CVE-2023-2518](CVE-2023/CVE-2023-25xx/CVE-2023-2518.json) (`2023-05-30T08:15:10.390`)
-* [CVE-2023-30601](CVE-2023/CVE-2023-306xx/CVE-2023-30601.json) (`2023-05-30T08:15:10.450`)
+* [CVE-2022-45853](CVE-2022/CVE-2022-458xx/CVE-2022-45853.json) (`2023-05-30T11:15:09.237`)
+* [CVE-2023-2972](CVE-2023/CVE-2023-29xx/CVE-2023-2972.json) (`2023-05-30T11:15:09.373`)
+* [CVE-2023-2973](CVE-2023/CVE-2023-29xx/CVE-2023-2973.json) (`2023-05-30T11:15:09.457`)
+* [CVE-2023-33234](CVE-2023/CVE-2023-332xx/CVE-2023-33234.json) (`2023-05-30T11:15:09.553`)


 ### CVEs modified in the last Commit