diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45853.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45853.json new file mode 100644 index 00000000000..c21e0984c71 --- /dev/null +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45853.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2022-45853", + "sourceIdentifier": "security@zyxel.com.tw", + "published": "2023-05-30T11:15:09.237", + "lastModified": "2023-05-30T11:15:09.237", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2972.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2972.json new file mode 100644 index 00000000000..09154847234 --- /dev/null +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2972.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-2972", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-05-30T11:15:09.373", + "lastModified": "2023-05-30T11:15:09.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1321" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/antfu/utils/commit/7f8b16c6181c988bdb96613fbb2533b345f68682", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/009f1cd9-401c-49a7-bd08-be35cff6faef", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2973.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2973.json new file mode 100644 index 00000000000..b7547ba8e2e --- /dev/null +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2973.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2973", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-30T11:15:09.457", + "lastModified": "2023-05-30T11:15:09.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Students Online Internship Timesheet Syste 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_company. The manipulation of the argument name with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230204." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ShallowDream888/VulnerabilityReport/blob/main/XSS.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.230204", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.230204", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33234.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33234.json new file mode 100644 index 00000000000..54cc6c1ea28 --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33234.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-33234", + "sourceIdentifier": "security@apache.org", + "published": "2023-05-30T11:15:09.553", + "lastModified": "2023-05-30T11:15:09.553", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection.\n\nIn order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connection object in this manner.\u00a0 Operators should upgrade to provider version 7.0.0 which has removed the vulnerability.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/n1vpgl6h2qsdm52o9m2tx1oo86tl4gnq", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index dd21bee8f8a..be637a0f493 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-30T10:00:25.876080+00:00 +2023-05-30T12:00:23.931959+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-30T08:15:10.450000+00:00 +2023-05-30T11:15:09.553000+00:00 ``` ### Last Data Feed Release @@ -29,32 +29,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -216346 +216350 ``` ### CVEs added in the last Commit -Recently added CVEs: `19` +Recently added CVEs: `4` -* [CVE-2022-4676](CVE-2022/CVE-2022-46xx/CVE-2022-4676.json) (`2023-05-30T08:15:09.307`) -* [CVE-2023-0329](CVE-2023/CVE-2023-03xx/CVE-2023-0329.json) (`2023-05-30T08:15:09.397`) -* [CVE-2023-0443](CVE-2023/CVE-2023-04xx/CVE-2023-0443.json) (`2023-05-30T08:15:09.460`) -* [CVE-2023-0733](CVE-2023/CVE-2023-07xx/CVE-2023-0733.json) (`2023-05-30T08:15:09.523`) -* [CVE-2023-0766](CVE-2023/CVE-2023-07xx/CVE-2023-0766.json) (`2023-05-30T08:15:09.590`) -* [CVE-2023-1524](CVE-2023/CVE-2023-15xx/CVE-2023-1524.json) (`2023-05-30T08:15:09.657`) -* [CVE-2023-1938](CVE-2023/CVE-2023-19xx/CVE-2023-1938.json) (`2023-05-30T08:15:09.713`) -* [CVE-2023-2023](CVE-2023/CVE-2023-20xx/CVE-2023-2023.json) (`2023-05-30T08:15:09.787`) -* [CVE-2023-2111](CVE-2023/CVE-2023-21xx/CVE-2023-2111.json) (`2023-05-30T08:15:09.837`) -* [CVE-2023-2113](CVE-2023/CVE-2023-21xx/CVE-2023-2113.json) (`2023-05-30T08:15:09.900`) -* [CVE-2023-2117](CVE-2023/CVE-2023-21xx/CVE-2023-2117.json) (`2023-05-30T08:15:09.963`) -* [CVE-2023-2223](CVE-2023/CVE-2023-22xx/CVE-2023-2223.json) (`2023-05-30T08:15:10.030`) -* [CVE-2023-2256](CVE-2023/CVE-2023-22xx/CVE-2023-2256.json) (`2023-05-30T08:15:10.097`) -* [CVE-2023-2287](CVE-2023/CVE-2023-22xx/CVE-2023-2287.json) (`2023-05-30T08:15:10.157`) -* [CVE-2023-2288](CVE-2023/CVE-2023-22xx/CVE-2023-2288.json) (`2023-05-30T08:15:10.217`) -* [CVE-2023-2296](CVE-2023/CVE-2023-22xx/CVE-2023-2296.json) (`2023-05-30T08:15:10.280`) -* [CVE-2023-2470](CVE-2023/CVE-2023-24xx/CVE-2023-2470.json) (`2023-05-30T08:15:10.337`) -* [CVE-2023-2518](CVE-2023/CVE-2023-25xx/CVE-2023-2518.json) (`2023-05-30T08:15:10.390`) -* [CVE-2023-30601](CVE-2023/CVE-2023-306xx/CVE-2023-30601.json) (`2023-05-30T08:15:10.450`) +* [CVE-2022-45853](CVE-2022/CVE-2022-458xx/CVE-2022-45853.json) (`2023-05-30T11:15:09.237`) +* [CVE-2023-2972](CVE-2023/CVE-2023-29xx/CVE-2023-2972.json) (`2023-05-30T11:15:09.373`) +* [CVE-2023-2973](CVE-2023/CVE-2023-29xx/CVE-2023-2973.json) (`2023-05-30T11:15:09.457`) +* [CVE-2023-33234](CVE-2023/CVE-2023-332xx/CVE-2023-33234.json) (`2023-05-30T11:15:09.553`) ### CVEs modified in the last Commit