admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-31T00:55:24.716120+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-31 00:55:28 +00:00
parent 51714ba8ed
commit 7045cdb4b4
13 changed files with 651 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2023/CVE-2023-437xx/CVE-2023-43797.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-43797",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.317",
"lastModified": "2023-10-30T23:15:08.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby messages starting in versions 2.6.11 and 2.7.0-beta.3. There are no known workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/bigbluebutton/bigbluebutton/commit/304bc851a00558f99a908880f4ac44234a074c9d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/pull/18392",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-v6wg-q866-h73x",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-437xx/CVE-2023-43798.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-43798",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.397",
"lastModified": "2023-10-30T23:15:08.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/bigbluebutton/bigbluebutton/pull/18494",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/pull/18580",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3q22-hph2-cff7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-h98v-2h8w-99c4",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44397.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44397",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.467",
"lastModified": "2023-10-30T23:15:08.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CloudExplorer Lite is an open source, lightweight cloud management platform. Prior to version 1.4.1, the gateway filter of CloudExplorer Lite uses a controller with path starting with `matching/API/`, which can cause a permission bypass. Version 1.4.1 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-fqxr-7g94-vrfj",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2023/CVE-2023-456xx/CVE-2023-45670.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-45670",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.543",
"lastModified": "2023-10-30T23:15:08.543",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via \"drive-by\" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L1060",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/blakeblackshear/frigate/blob/6aedc39a9a421cf48000a727f36b4c1495848a1d/frigate/http.py#L998",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/blakeblackshear/frigate/discussions/8366",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-xq49-hv88-jr6h",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-456xx/CVE-2023-45671.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45671",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.620",
"lastModified": "2023-10-30T23:15:08.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-456xx/CVE-2023-45672.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-45672",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.697",
"lastModified": "2023-10-30T23:15:08.697",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/config.py#L1244-L1244",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L998-L998",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/util/builtin.py#L110-L110",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428",
"source": "security-advisories@github.com"
}
]
}

15
CVE-2023/CVE-2023-458xx/CVE-2023-45804.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-45804",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-30T23:15:08.773",
"lastModified": "2023-10-30T23:15:08.773",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** User requested a CVE number by mistake"
}
],
"metrics": {},
"references": []
}

59
CVE-2023/CVE-2023-461xx/CVE-2023-46129.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46129",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T00:15:09.933",
"lastModified": "2023-10-31T00:15:09.933",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library's `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing. \nFIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-321"
},
{
"lang": "en",
"value": "CWE-325"
}
]
}
],
"references": [
{
"url": "https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-461xx/CVE-2023-46138.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46138",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T00:15:10.023",
"lastModified": "2023-10-31T00:15:10.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is `admin[@]mycompany[.]com`, and users reset their passwords by sending an email. Currently, the domain `mycompany.com` has not been registered. However, if it is registered in the future, it may affect the password reset functionality. This issue has been patched in version 3.8.0 by changing the default email domain to `example.com`. Those who cannot upgrade may change the default email domain to `example.com` manually."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-640"
}
]
}
],
"references": [
{
"url": "https://github.com/jumpserver/jumpserver/commit/15a5dda9e0cdbe2ac618a6b2a09df8928f485c88",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-9mrc-75cv-46cq",
"source": "security-advisories@github.com"
}
]
}

79
CVE-2023/CVE-2023-461xx/CVE-2023-46139.json Normal file
View File

@ -0,0 +1,79 @@
{
"id": "CVE-2023-46139",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-31T00:15:10.107",
"lastModified": "2023-10-31T00:15:10.107",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic actually obtains the signature of the last block with an id of `0x7109871a`, while the verification logic during Android installation is to obtain the first one. In addition to the actual signature upgrade that has been fixed (KSU thought it was V2 but was actually V3), there is also the problem of actual signature downgrading (KSU thought it was V2 but was actually V1). Find a condition in the signature verification logic that will cause the signature not to be found error, and KernelSU does not implement the same conditions, so KSU thinks there is a V2 signature, but the APK signature verification actually uses the V1 signature. This issue is fixed in version 0.7.0. As workarounds, keep the KernelSU manager installed and avoid installing unknown apps."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "http://aospxref.com/android-14.0.0_r2/xref/frameworks/base/core/java/android/util/apk/ApkSigningBlockUtils.java#770",
"source": "security-advisories@github.com"
},
{
"url": "http://aospxref.com/android-14.0.0_r2/xref/frameworks/base/core/java/android/util/apk/ApkSigningBlockUtils.java#783",
"source": "security-advisories@github.com"
},
{
"url": "https://drive.google.com/drive/folders/1XdYCCAhC_mkt1k1IyUiwcgFsuOFvwNRl",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tiann/KernelSU/blob/344c08bb79ba12b692016750cda363f9f3500182/kernel/apk_sign.c#L179C32-L179C32",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tiann/KernelSU/blob/344c08bb79ba12b692016750cda363f9f3500182/kernel/apk_sign.c#L188",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tiann/KernelSU/commit/d24813b2c3738f2f9bd762932141cadd948c354f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tiann/KernelSU/security/advisories/GHSA-86cp-3prf-pwqq",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2023/CVE-2023-464xx/CVE-2023-46478.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-46478",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T23:15:08.820",
"lastModified": "2023-10-30T23:15:08.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/mr-xmen786/CVE-2023-46478/tree/main",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-465xx/CVE-2023-46502.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-46502",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T23:15:08.857",
"lastModified": "2023-10-30T23:15:08.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/spookhorror/9519fc66d3946e887e4a86c06ddbee0e",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/opencrx/opencrx/commit/ce7a71db0bb34ecbcb0e822d40598e410a48b399",
"source": "cve@mitre.org"
}
]
}

50
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-30T23:00:24.855472+00:00
2023-10-31T00:55:24.716120+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-30T22:15:10.843000+00:00
2023-10-31T00:15:10.107000+00:00
```
### Last Data Feed Release
@ -29,47 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
229285
229297
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `12`
* [CVE-2022-39172](CVE-2022/CVE-2022-391xx/CVE-2022-39172.json) (`2023-10-30T22:15:09.677`)
* [CVE-2023-43792](CVE-2023/CVE-2023-437xx/CVE-2023-43792.json) (`2023-10-30T21:15:07.500`)
* [CVE-2023-5349](CVE-2023/CVE-2023-53xx/CVE-2023-5349.json) (`2023-10-30T21:15:07.643`)
* [CVE-2023-42323](CVE-2023/CVE-2023-423xx/CVE-2023-42323.json) (`2023-10-30T22:15:10.320`)
* [CVE-2023-45956](CVE-2023/CVE-2023-459xx/CVE-2023-45956.json) (`2023-10-30T22:15:10.843`)
* [CVE-2023-43797](CVE-2023/CVE-2023-437xx/CVE-2023-43797.json) (`2023-10-30T23:15:08.317`)
* [CVE-2023-43798](CVE-2023/CVE-2023-437xx/CVE-2023-43798.json) (`2023-10-30T23:15:08.397`)
* [CVE-2023-44397](CVE-2023/CVE-2023-443xx/CVE-2023-44397.json) (`2023-10-30T23:15:08.467`)
* [CVE-2023-45670](CVE-2023/CVE-2023-456xx/CVE-2023-45670.json) (`2023-10-30T23:15:08.543`)
* [CVE-2023-45671](CVE-2023/CVE-2023-456xx/CVE-2023-45671.json) (`2023-10-30T23:15:08.620`)
* [CVE-2023-45672](CVE-2023/CVE-2023-456xx/CVE-2023-45672.json) (`2023-10-30T23:15:08.697`)
* [CVE-2023-45804](CVE-2023/CVE-2023-458xx/CVE-2023-45804.json) (`2023-10-30T23:15:08.773`)
* [CVE-2023-46478](CVE-2023/CVE-2023-464xx/CVE-2023-46478.json) (`2023-10-30T23:15:08.820`)
* [CVE-2023-46502](CVE-2023/CVE-2023-465xx/CVE-2023-46502.json) (`2023-10-30T23:15:08.857`)
* [CVE-2023-46129](CVE-2023/CVE-2023-461xx/CVE-2023-46129.json) (`2023-10-31T00:15:09.933`)
* [CVE-2023-46138](CVE-2023/CVE-2023-461xx/CVE-2023-46138.json) (`2023-10-31T00:15:10.023`)
* [CVE-2023-46139](CVE-2023/CVE-2023-461xx/CVE-2023-46139.json) (`2023-10-31T00:15:10.107`)
### CVEs modified in the last Commit
Recently modified CVEs: `23`
Recently modified CVEs: `0`
* [CVE-2020-27218](CVE-2020/CVE-2020-272xx/CVE-2020-27218.json) (`2023-10-30T22:15:08.770`)
* [CVE-2022-25318](CVE-2022/CVE-2022-253xx/CVE-2022-25318.json) (`2023-10-30T22:15:08.983`)
* [CVE-2022-25319](CVE-2022/CVE-2022-253xx/CVE-2022-25319.json) (`2023-10-30T22:15:09.067`)
* [CVE-2022-25320](CVE-2022/CVE-2022-253xx/CVE-2022-25320.json) (`2023-10-30T22:15:09.133`)
* [CVE-2022-25321](CVE-2022/CVE-2022-253xx/CVE-2022-25321.json) (`2023-10-30T22:15:09.183`)
* [CVE-2022-29528](CVE-2022/CVE-2022-295xx/CVE-2022-29528.json) (`2023-10-30T22:15:09.240`)
* [CVE-2022-29529](CVE-2022/CVE-2022-295xx/CVE-2022-29529.json) (`2023-10-30T22:15:09.297`)
* [CVE-2022-29530](CVE-2022/CVE-2022-295xx/CVE-2022-29530.json) (`2023-10-30T22:15:09.353`)
* [CVE-2022-29531](CVE-2022/CVE-2022-295xx/CVE-2022-29531.json) (`2023-10-30T22:15:09.407`)
* [CVE-2022-29532](CVE-2022/CVE-2022-295xx/CVE-2022-29532.json) (`2023-10-30T22:15:09.463`)
* [CVE-2022-29533](CVE-2022/CVE-2022-295xx/CVE-2022-29533.json) (`2023-10-30T22:15:09.540`)
* [CVE-2022-29534](CVE-2022/CVE-2022-295xx/CVE-2022-29534.json) (`2023-10-30T22:15:09.597`)
* [CVE-2022-47928](CVE-2022/CVE-2022-479xx/CVE-2022-47928.json) (`2023-10-30T22:15:09.723`)
* [CVE-2022-48328](CVE-2022/CVE-2022-483xx/CVE-2022-48328.json) (`2023-10-30T22:15:09.787`)
* [CVE-2023-47090](CVE-2023/CVE-2023-470xx/CVE-2023-47090.json) (`2023-10-30T21:15:07.583`)
* [CVE-2023-24070](CVE-2023/CVE-2023-240xx/CVE-2023-24070.json) (`2023-10-30T22:15:09.867`)
* [CVE-2023-28883](CVE-2023/CVE-2023-288xx/CVE-2023-28883.json) (`2023-10-30T22:15:09.943`)
* [CVE-2023-28884](CVE-2023/CVE-2023-288xx/CVE-2023-28884.json) (`2023-10-30T22:15:10.007`)
* [CVE-2023-2541](CVE-2023/CVE-2023-25xx/CVE-2023-2541.json) (`2023-10-30T22:15:10.063`)
* [CVE-2023-36478](CVE-2023/CVE-2023-364xx/CVE-2023-36478.json) (`2023-10-30T22:15:10.153`)
* [CVE-2023-37307](CVE-2023/CVE-2023-373xx/CVE-2023-37307.json) (`2023-10-30T22:15:10.243`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-30T22:15:10.370`)
* [CVE-2023-44824](CVE-2023/CVE-2023-448xx/CVE-2023-44824.json) (`2023-10-30T22:15:10.790`)
## Download and Usage