admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-09T23:55:24.734270+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-09 23:55:28 +00:00
parent 8c97ab3703
commit 72d8ddbe1a
5 changed files with 263 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-436xx/CVE-2023-43641.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-43641",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-09T22:15:12.707",
"lastModified": "2023-10-09T22:15:12.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/",
"source": "security-advisories@github.com"
}
]
}

24
CVE-2023/CVE-2023-438xx/CVE-2023-43899.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43899",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T22:15:12.807",
"lastModified": "2023-10-09T22:15:12.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/len0m0/9cb2e87cb517db297be1b2f110248295",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/len0m0/hansuncmssqli/blob/main/README.md",
"source": "cve@mitre.org"
}
]
}

88
CVE-2023/CVE-2023-54xx/CVE-2023-5462.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5462",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-09T22:15:12.863",
"lastModified": "2023-10-09T22:15:12.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Modbus Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-241585 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/1jik8hRjD8N2IkxOHP5wsJUEya09jCv2n",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.241585",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.241585",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-54xx/CVE-2023-5463.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5463",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-09T22:15:12.937",
"lastModified": "2023-10-09T22:15:12.937",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/1mpRxWOPjxVS980r0qu1IY_Hf0irKO-cu",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.241586",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.241586",
"source": "cna@vuldb.com"
}
]
}

24
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-09T22:00:24.883787+00:00
2023-10-09T23:55:24.734270+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-09T21:15:10.273000+00:00
2023-10-09T22:15:12.937000+00:00
```
### Last Data Feed Release
@ -29,25 +29,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227262
227266
```
### CVEs added in the last Commit
Recently added CVEs: `12`
Recently added CVEs: `4`
* [CVE-2022-36228](CVE-2022/CVE-2022-362xx/CVE-2022-36228.json) (`2023-10-09T21:15:09.850`)
* [CVE-2022-3728](CVE-2022/CVE-2022-37xx/CVE-2022-3728.json) (`2023-10-09T21:15:09.910`)
* [CVE-2022-48182](CVE-2022/CVE-2022-481xx/CVE-2022-48182.json) (`2023-10-09T21:15:10.003`)
* [CVE-2022-48183](CVE-2022/CVE-2022-481xx/CVE-2022-48183.json) (`2023-10-09T21:15:10.080`)
* [CVE-2023-44392](CVE-2023/CVE-2023-443xx/CVE-2023-44392.json) (`2023-10-09T20:15:10.393`)
* [CVE-2023-44467](CVE-2023/CVE-2023-444xx/CVE-2023-44467.json) (`2023-10-09T20:15:10.480`)
* [CVE-2023-44811](CVE-2023/CVE-2023-448xx/CVE-2023-44811.json) (`2023-10-09T20:15:10.533`)
* [CVE-2023-44821](CVE-2023/CVE-2023-448xx/CVE-2023-44821.json) (`2023-10-09T20:15:10.583`)
* [CVE-2023-5461](CVE-2023/CVE-2023-54xx/CVE-2023-5461.json) (`2023-10-09T20:15:10.633`)
* [CVE-2023-43271](CVE-2023/CVE-2023-432xx/CVE-2023-43271.json) (`2023-10-09T21:15:10.173`)
* [CVE-2023-44812](CVE-2023/CVE-2023-448xx/CVE-2023-44812.json) (`2023-10-09T21:15:10.227`)
* [CVE-2023-44813](CVE-2023/CVE-2023-448xx/CVE-2023-44813.json) (`2023-10-09T21:15:10.273`)
* [CVE-2023-43641](CVE-2023/CVE-2023-436xx/CVE-2023-43641.json) (`2023-10-09T22:15:12.707`)
* [CVE-2023-43899](CVE-2023/CVE-2023-438xx/CVE-2023-43899.json) (`2023-10-09T22:15:12.807`)
* [CVE-2023-5462](CVE-2023/CVE-2023-54xx/CVE-2023-5462.json) (`2023-10-09T22:15:12.863`)
* [CVE-2023-5463](CVE-2023/CVE-2023-54xx/CVE-2023-5463.json) (`2023-10-09T22:15:12.937`)
### CVEs modified in the last Commit