From 6688f1107685d9eb616c4734fe211eb09a2b6ed8 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 1 Sep 2023 12:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-01T12:00:25.286048+00:00 --- CVE-2022/CVE-2022-43xx/CVE-2022-4343.json | 59 ++++++++++++++++++++ CVE-2022/CVE-2022-443xx/CVE-2022-44349.json | 24 +++++++++ CVE-2022/CVE-2022-465xx/CVE-2022-46527.json | 24 +++++++++ CVE-2023/CVE-2023-01xx/CVE-2023-0120.json | 59 ++++++++++++++++++++ CVE-2023/CVE-2023-12xx/CVE-2023-1279.json | 59 ++++++++++++++++++++ CVE-2023/CVE-2023-15xx/CVE-2023-1555.json | 59 ++++++++++++++++++++ CVE-2023/CVE-2023-244xx/CVE-2023-24412.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-246xx/CVE-2023-24674.json | 24 +++++++++ CVE-2023/CVE-2023-246xx/CVE-2023-24675.json | 24 +++++++++ CVE-2023/CVE-2023-250xx/CVE-2023-25042.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-250xx/CVE-2023-25044.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-254xx/CVE-2023-25477.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-254xx/CVE-2023-25488.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-32xx/CVE-2023-3205.json | 59 ++++++++++++++++++++ CVE-2023/CVE-2023-32xx/CVE-2023-3210.json | 59 ++++++++++++++++++++ CVE-2023/CVE-2023-396xx/CVE-2023-39685.json | 20 +++++++ CVE-2023/CVE-2023-39xx/CVE-2023-3915.json | 59 ++++++++++++++++++++ CVE-2023/CVE-2023-39xx/CVE-2023-3950.json | 59 ++++++++++++++++++++ CVE-2023/CVE-2023-402xx/CVE-2023-40239.json | 20 +++++++ CVE-2023/CVE-2023-409xx/CVE-2023-40969.json | 24 +++++++++ CVE-2023/CVE-2023-409xx/CVE-2023-40970.json | 24 +++++++++ CVE-2023/CVE-2023-40xx/CVE-2023-4018.json | 59 ++++++++++++++++++++ CVE-2023/CVE-2023-413xx/CVE-2023-41364.json | 28 ++++++++++ CVE-2023/CVE-2023-43xx/CVE-2023-4378.json | 59 ++++++++++++++++++++ CVE-2023/CVE-2023-46xx/CVE-2023-4647.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-47xx/CVE-2023-4704.json | 59 ++++++++++++++++++++ README.md | 60 ++++++++++----------- 27 files changed, 1221 insertions(+), 30 deletions(-) create mode 100644 CVE-2022/CVE-2022-43xx/CVE-2022-4343.json create mode 100644 CVE-2022/CVE-2022-443xx/CVE-2022-44349.json create mode 100644 CVE-2022/CVE-2022-465xx/CVE-2022-46527.json create mode 100644 CVE-2023/CVE-2023-01xx/CVE-2023-0120.json create mode 100644 CVE-2023/CVE-2023-12xx/CVE-2023-1279.json create mode 100644 CVE-2023/CVE-2023-15xx/CVE-2023-1555.json create mode 100644 CVE-2023/CVE-2023-244xx/CVE-2023-24412.json create mode 100644 CVE-2023/CVE-2023-246xx/CVE-2023-24674.json create mode 100644 CVE-2023/CVE-2023-246xx/CVE-2023-24675.json create mode 100644 CVE-2023/CVE-2023-250xx/CVE-2023-25042.json create mode 100644 CVE-2023/CVE-2023-250xx/CVE-2023-25044.json create mode 100644 CVE-2023/CVE-2023-254xx/CVE-2023-25477.json create mode 100644 CVE-2023/CVE-2023-254xx/CVE-2023-25488.json create mode 100644 CVE-2023/CVE-2023-32xx/CVE-2023-3205.json create mode 100644 CVE-2023/CVE-2023-32xx/CVE-2023-3210.json create mode 100644 CVE-2023/CVE-2023-396xx/CVE-2023-39685.json create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3915.json create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3950.json create mode 100644 CVE-2023/CVE-2023-402xx/CVE-2023-40239.json create mode 100644 CVE-2023/CVE-2023-409xx/CVE-2023-40969.json create mode 100644 CVE-2023/CVE-2023-409xx/CVE-2023-40970.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4018.json create mode 100644 CVE-2023/CVE-2023-413xx/CVE-2023-41364.json create mode 100644 CVE-2023/CVE-2023-43xx/CVE-2023-4378.json create mode 100644 CVE-2023/CVE-2023-46xx/CVE-2023-4647.json create mode 100644 CVE-2023/CVE-2023-47xx/CVE-2023-4704.json diff --git a/CVE-2022/CVE-2022-43xx/CVE-2022-4343.json b/CVE-2022/CVE-2022-43xx/CVE-2022-4343.json new file mode 100644 index 00000000000..b9038944fe5 --- /dev/null +++ b/CVE-2022/CVE-2022-43xx/CVE-2022-4343.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2022-4343", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-01T11:15:40.037", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/385124", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/1767797", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-443xx/CVE-2022-44349.json b/CVE-2022/CVE-2022-443xx/CVE-2022-44349.json new file mode 100644 index 00000000000..bf55cc027f0 --- /dev/null +++ b/CVE-2022/CVE-2022-443xx/CVE-2022-44349.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-44349", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-01T10:15:07.677", + "lastModified": "2023-09-01T11:47:50.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/MVRC-ITSEC/CVEs/blob/main/CVE-2022-44349", + "source": "cve@mitre.org" + }, + { + "url": "https://www.navblue.aero/product/n-crew-planning/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-465xx/CVE-2022-46527.json b/CVE-2022/CVE-2022-465xx/CVE-2022-46527.json new file mode 100644 index 00000000000..6ff338fb4d5 --- /dev/null +++ b/CVE-2022/CVE-2022-465xx/CVE-2022-46527.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-46527", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-01T11:15:39.693", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-46527.pdf", + "source": "cve@mitre.org" + }, + { + "url": "https://www.elsys.se/en/ers-sound/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0120.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0120.json new file mode 100644 index 00000000000..a7033cdbd2f --- /dev/null +++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0120.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-0120", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-01T11:15:40.287", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/387531", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/1818425", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1279.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1279.json new file mode 100644 index 00000000000..e79e35b5b63 --- /dev/null +++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1279.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-1279", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-01T11:15:40.473", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.6, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-138" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/395437", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/1889230", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1555.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1555.json new file mode 100644 index 00000000000..6dfcb4d6ee9 --- /dev/null +++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1555.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-1555", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-01T11:15:40.663", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/398587", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/1911908", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24412.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24412.json new file mode 100644 index 00000000000..6e8cf723532 --- /dev/null +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24412.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-24412", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-09-01T11:15:40.863", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <=\u00a01.7.6 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/add-instagram/wordpress-image-social-feed-plugin-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-246xx/CVE-2023-24674.json b/CVE-2023/CVE-2023-246xx/CVE-2023-24674.json new file mode 100644 index 00000000000..8814e1fb647 --- /dev/null +++ b/CVE-2023/CVE-2023-246xx/CVE-2023-24674.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-24674", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-01T10:15:07.950", + "lastModified": "2023-09-01T11:47:50.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cupc4k3.medium.com/cve-2023-24674-uncovering-a-privilege-escalation-vulnerability-in-bludit-cms-dcf86c41107", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/@cupc4k3/privilege-scalation-in-bludit-cms-dcf86c41107", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-246xx/CVE-2023-24675.json b/CVE-2023/CVE-2023-246xx/CVE-2023-24675.json new file mode 100644 index 00000000000..93c44439c75 --- /dev/null +++ b/CVE-2023/CVE-2023-246xx/CVE-2023-24675.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-24675", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-01T10:15:08.080", + "lastModified": "2023-09-01T11:47:50.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cupc4k3.medium.com/cve-2023-24674-uncovering-a-privilege-escalation-vulnerability-in-bludit-cms-dcf86c41107", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/@cupc4k3/xss-stored-in-friendly-url-field-on-bludit-cms-641a9dd653f", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25042.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25042.json new file mode 100644 index 00000000000..cc6e18d9579 --- /dev/null +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25042.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25042", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-09-01T11:15:41.097", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <=\u00a02.3.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/oauth-twitter-feed-for-developers/wordpress-oauth-twitter-feed-for-developers-plugin-2-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25044.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25044.json new file mode 100644 index 00000000000..e803fe7e61d --- /dev/null +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25044.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25044", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-09-01T11:15:41.313", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <=\u00a04.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/social-share-boost/wordpress-social-share-boost-plugin-4-4-cross-site-scripting-xss-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25477.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25477.json new file mode 100644 index 00000000000..f5fdfc6f677 --- /dev/null +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25477.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25477", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-09-01T11:15:41.503", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotuwp Video Gallery plugin <=\u00a01.3.12 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/yotuwp-easy-youtube-embed/wordpress-video-gallery-youtube-playlist-channel-gallery-by-yotuwp-plugin-1-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25488.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25488.json new file mode 100644 index 00000000000..a32f0035aa1 --- /dev/null +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25488.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25488", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-09-01T11:15:41.677", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <=\u00a01.0.1.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-default-feature-image/wordpress-wp-default-feature-image-plugin-1-0-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3205.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3205.json new file mode 100644 index 00000000000..1d09d6e38b4 --- /dev/null +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3205.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3205", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-01T11:15:41.850", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415067", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2011464", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3210.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3210.json new file mode 100644 index 00000000000..c15176a63a7 --- /dev/null +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3210.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3210", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-01T11:15:42.053", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415074", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2011474", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-396xx/CVE-2023-39685.json b/CVE-2023/CVE-2023-396xx/CVE-2023-39685.json new file mode 100644 index 00000000000..cde3877efb5 --- /dev/null +++ b/CVE-2023/CVE-2023-396xx/CVE-2023-39685.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39685", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-01T10:15:08.217", + "lastModified": "2023-09-01T11:47:50.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/hjson/hjson-java/issues/27", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3915.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3915.json new file mode 100644 index 00000000000..a2f6e412cec --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3915.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3915", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-01T11:15:42.267", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-279" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417664", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2040834", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3950.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3950.json new file mode 100644 index 00000000000..3367e189c7e --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3950.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3950", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-01T11:15:42.457", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419675", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2079154", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40239.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40239.json new file mode 100644 index 00000000000..cd00f59237c --- /dev/null +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40239.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40239", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-01T11:15:42.657", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40969.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40969.json new file mode 100644 index 00000000000..dc88909ee91 --- /dev/null +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40969.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-40969", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-01T11:15:42.800", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SSRF-pop_p2p.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/slims/slims9_bulian/issues/204", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40970.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40970.json new file mode 100644 index 00000000000..4505162ec88 --- /dev/null +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40970.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-40970", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-01T11:15:42.923", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SQLI-loan_rules.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/slims/slims9_bulian/issues/205", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4018.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4018.json new file mode 100644 index 00000000000..07f1ea2f62f --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4018.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4018", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-01T11:15:43.037", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/420301", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2083440", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41364.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41364.json new file mode 100644 index 00000000000..9cb894e8994 --- /dev/null +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41364.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-41364", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-01T10:15:08.343", + "lastModified": "2023-09-01T11:47:50.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://herolab.usd.de/security-advisories/", + "source": "cve@mitre.org" + }, + { + "url": "https://herolab.usd.de/security-advisories/usd-2023-0002/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.tine-groupware.de/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4378.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4378.json new file mode 100644 index 00000000000..dc194a66846 --- /dev/null +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4378.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4378", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-01T11:15:43.113", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/422134", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2104591", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4647.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4647.json new file mode 100644 index 00000000000..6a0c00b686c --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4647.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4647", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-01T11:15:43.363", + "lastModified": "2023-09-01T11:47:43.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/414502", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4704.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4704.json new file mode 100644 index 00000000000..2b442a9b67e --- /dev/null +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4704.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4704", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-09-01T10:15:08.587", + "lastModified": "2023-09-01T11:47:50.290", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-15" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/instantsoft/icms2/commit/bc22d89691fdaf38055eba13dda8d959b16fa731", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/4a54134d-df1f-43d4-9b14-45f023cd654a", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 740fa1e4f4c..5e765be3140 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-01T08:00:24.795939+00:00 +2023-09-01T12:00:25.286048+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-01T07:32:13.003000+00:00 +2023-09-01T11:47:50.290000+00:00 ``` ### Last Data Feed Release @@ -29,44 +29,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223870 +223896 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `26` +* [CVE-2022-4343](CVE-2022/CVE-2022-43xx/CVE-2022-4343.json) (`2023-09-01T11:15:40.037`) +* [CVE-2022-44349](CVE-2022/CVE-2022-443xx/CVE-2022-44349.json) (`2023-09-01T10:15:07.677`) +* [CVE-2023-0120](CVE-2023/CVE-2023-01xx/CVE-2023-0120.json) (`2023-09-01T11:15:40.287`) +* [CVE-2023-1279](CVE-2023/CVE-2023-12xx/CVE-2023-1279.json) (`2023-09-01T11:15:40.473`) +* [CVE-2023-1555](CVE-2023/CVE-2023-15xx/CVE-2023-1555.json) (`2023-09-01T11:15:40.663`) +* [CVE-2023-24412](CVE-2023/CVE-2023-244xx/CVE-2023-24412.json) (`2023-09-01T11:15:40.863`) +* [CVE-2023-25042](CVE-2023/CVE-2023-250xx/CVE-2023-25042.json) (`2023-09-01T11:15:41.097`) +* [CVE-2023-25044](CVE-2023/CVE-2023-250xx/CVE-2023-25044.json) (`2023-09-01T11:15:41.313`) +* [CVE-2023-25477](CVE-2023/CVE-2023-254xx/CVE-2023-25477.json) (`2023-09-01T11:15:41.503`) +* [CVE-2023-25488](CVE-2023/CVE-2023-254xx/CVE-2023-25488.json) (`2023-09-01T11:15:41.677`) +* [CVE-2023-3205](CVE-2023/CVE-2023-32xx/CVE-2023-3205.json) (`2023-09-01T11:15:41.850`) +* [CVE-2023-3210](CVE-2023/CVE-2023-32xx/CVE-2023-3210.json) (`2023-09-01T11:15:42.053`) +* [CVE-2023-3915](CVE-2023/CVE-2023-39xx/CVE-2023-3915.json) (`2023-09-01T11:15:42.267`) +* [CVE-2023-3950](CVE-2023/CVE-2023-39xx/CVE-2023-3950.json) (`2023-09-01T11:15:42.457`) +* [CVE-2023-40239](CVE-2023/CVE-2023-402xx/CVE-2023-40239.json) (`2023-09-01T11:15:42.657`) +* [CVE-2023-40969](CVE-2023/CVE-2023-409xx/CVE-2023-40969.json) (`2023-09-01T11:15:42.800`) +* [CVE-2023-40970](CVE-2023/CVE-2023-409xx/CVE-2023-40970.json) (`2023-09-01T11:15:42.923`) +* [CVE-2023-4018](CVE-2023/CVE-2023-40xx/CVE-2023-4018.json) (`2023-09-01T11:15:43.037`) +* [CVE-2023-4378](CVE-2023/CVE-2023-43xx/CVE-2023-4378.json) (`2023-09-01T11:15:43.113`) +* [CVE-2023-4647](CVE-2023/CVE-2023-46xx/CVE-2023-4647.json) (`2023-09-01T11:15:43.363`) +* [CVE-2023-24674](CVE-2023/CVE-2023-246xx/CVE-2023-24674.json) (`2023-09-01T10:15:07.950`) +* [CVE-2023-24675](CVE-2023/CVE-2023-246xx/CVE-2023-24675.json) (`2023-09-01T10:15:08.080`) +* [CVE-2023-39685](CVE-2023/CVE-2023-396xx/CVE-2023-39685.json) (`2023-09-01T10:15:08.217`) +* [CVE-2023-41364](CVE-2023/CVE-2023-413xx/CVE-2023-41364.json) (`2023-09-01T10:15:08.343`) +* [CVE-2023-4704](CVE-2023/CVE-2023-47xx/CVE-2023-4704.json) (`2023-09-01T10:15:08.587`) ### CVEs modified in the last Commit -Recently modified CVEs: `41` +Recently modified CVEs: `0` -* [CVE-2023-39354](CVE-2023/CVE-2023-393xx/CVE-2023-39354.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-39355](CVE-2023/CVE-2023-393xx/CVE-2023-39355.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-39352](CVE-2023/CVE-2023-393xx/CVE-2023-39352.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-39353](CVE-2023/CVE-2023-393xx/CVE-2023-39353.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-39356](CVE-2023/CVE-2023-393xx/CVE-2023-39356.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-41749](CVE-2023/CVE-2023-417xx/CVE-2023-41749.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-41750](CVE-2023/CVE-2023-417xx/CVE-2023-41750.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-41751](CVE-2023/CVE-2023-417xx/CVE-2023-41751.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-4299](CVE-2023/CVE-2023-42xx/CVE-2023-4299.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-4688](CVE-2023/CVE-2023-46xx/CVE-2023-4688.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-40181](CVE-2023/CVE-2023-401xx/CVE-2023-40181.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-40186](CVE-2023/CVE-2023-401xx/CVE-2023-40186.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-40187](CVE-2023/CVE-2023-401xx/CVE-2023-40187.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-40188](CVE-2023/CVE-2023-401xx/CVE-2023-40188.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-40567](CVE-2023/CVE-2023-405xx/CVE-2023-40567.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-40569](CVE-2023/CVE-2023-405xx/CVE-2023-40569.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-40574](CVE-2023/CVE-2023-405xx/CVE-2023-40574.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-40575](CVE-2023/CVE-2023-405xx/CVE-2023-40575.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-40576](CVE-2023/CVE-2023-405xx/CVE-2023-40576.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-39912](CVE-2023/CVE-2023-399xx/CVE-2023-39912.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-4481](CVE-2023/CVE-2023-44xx/CVE-2023-4481.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-4695](CVE-2023/CVE-2023-46xx/CVE-2023-4695.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-4696](CVE-2023/CVE-2023-46xx/CVE-2023-4696.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-4697](CVE-2023/CVE-2023-46xx/CVE-2023-4697.json) (`2023-09-01T07:32:13.003`) -* [CVE-2023-4698](CVE-2023/CVE-2023-46xx/CVE-2023-4698.json) (`2023-09-01T07:32:13.003`) ## Download and Usage