Auto-Update: 2023-10-14T06:00:24.211202+00:00

CVE-2023/CVE-2023-261xx/CVE-2023-26155.json

@@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-26155",
+  "sourceIdentifier": "report@snyk.io",
+  "published": "2023-10-14T05:15:55.183",
+  "lastModified": "2023-10-14T05:15:55.183",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "report@snyk.io",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/nrhirani/node-qpdf/issues/23",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://security.snyk.io/vuln/SNYK-JS-NODEQPDF-5747918",
+      "source": "report@snyk.io"
+    }
+  ]
+}

CVE-2023/CVE-2023-301xx/CVE-2023-30148.json

@@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-30148",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-14T04:15:10.933",
+  "lastModified": "2023-10-14T04:15:10.933",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://security.friendsofpresta.org/modules/2023/10/10/opartmultihtmlblock.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-301xx/CVE-2023-30154.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-30154",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-14T04:15:11.393",
+  "lastModified": "2023-10-14T04:15:11.393",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://security.friendsofpresta.org/modules/2023/10/10/aftermailpresta.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-440xx/CVE-2023-44037.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-44037",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-14T05:15:55.267",
+  "lastModified": "2023-10-14T05:15:55.267",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://psirt.zpesystems.com/portal/en/kb/articles/security-advisory-zpe-ng-2023-002",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-458xx/CVE-2023-45855.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-45855",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-14T05:15:55.313",
+  "lastModified": "2023-10-14T05:15:55.313",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/SunshineOtaku/Report-CVE/blob/main/qdPM/9.2/Directory%20Traversal.md",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://qdpm.net",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-458xx/CVE-2023-45856.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-45856",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-14T05:15:55.360",
+  "lastModified": "2023-10-14T05:15:55.360",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/SunshineOtaku/Report-CVE/blob/main/qdPM/9.2/RCE.md",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://qdpm.net",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-10-14T04:00:24.306197+00:00
+2023-10-14T06:00:24.211202+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-10-14T03:15:10.550000+00:00
+2023-10-14T05:15:55.360000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,45 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-227786
+227792
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `6`
 
-* [CVE-2023-45852](CVE-2023/CVE-2023-458xx/CVE-2023-45852.json) (`2023-10-14T02:15:09.270`)
-* [CVE-2023-45853](CVE-2023/CVE-2023-458xx/CVE-2023-45853.json) (`2023-10-14T02:15:09.323`)
+* [CVE-2023-30148](CVE-2023/CVE-2023-301xx/CVE-2023-30148.json) (`2023-10-14T04:15:10.933`)
+* [CVE-2023-30154](CVE-2023/CVE-2023-301xx/CVE-2023-30154.json) (`2023-10-14T04:15:11.393`)
+* [CVE-2023-26155](CVE-2023/CVE-2023-261xx/CVE-2023-26155.json) (`2023-10-14T05:15:55.183`)
+* [CVE-2023-44037](CVE-2023/CVE-2023-440xx/CVE-2023-44037.json) (`2023-10-14T05:15:55.267`)
+* [CVE-2023-45855](CVE-2023/CVE-2023-458xx/CVE-2023-45855.json) (`2023-10-14T05:15:55.313`)
+* [CVE-2023-45856](CVE-2023/CVE-2023-458xx/CVE-2023-45856.json) (`2023-10-14T05:15:55.360`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `24`
+Recently modified CVEs: `0`
 
-* [CVE-2022-3431](CVE-2022/CVE-2022-34xx/CVE-2022-3431.json) (`2023-10-14T02:23:44.330`)
-* [CVE-2022-22995](CVE-2022/CVE-2022-229xx/CVE-2022-22995.json) (`2023-10-14T03:15:09.393`)
-* [CVE-2022-48337](CVE-2022/CVE-2022-483xx/CVE-2022-48337.json) (`2023-10-14T03:15:09.567`)
-* [CVE-2022-48338](CVE-2022/CVE-2022-483xx/CVE-2022-48338.json) (`2023-10-14T03:15:09.650`)
-* [CVE-2022-48339](CVE-2022/CVE-2022-483xx/CVE-2022-48339.json) (`2023-10-14T03:15:09.723`)
-* [CVE-2023-44846](CVE-2023/CVE-2023-448xx/CVE-2023-44846.json) (`2023-10-14T02:15:52.660`)
-* [CVE-2023-44847](CVE-2023/CVE-2023-448xx/CVE-2023-44847.json) (`2023-10-14T02:16:27.750`)
-* [CVE-2023-44848](CVE-2023/CVE-2023-448xx/CVE-2023-44848.json) (`2023-10-14T02:16:39.717`)
-* [CVE-2023-45047](CVE-2023/CVE-2023-450xx/CVE-2023-45047.json) (`2023-10-14T02:19:12.007`)
-* [CVE-2023-44110](CVE-2023/CVE-2023-441xx/CVE-2023-44110.json) (`2023-10-14T02:19:27.097`)
-* [CVE-2023-5470](CVE-2023/CVE-2023-54xx/CVE-2023-5470.json) (`2023-10-14T02:20:55.440`)
-* [CVE-2023-23651](CVE-2023/CVE-2023-236xx/CVE-2023-23651.json) (`2023-10-14T02:21:03.983`)
-* [CVE-2023-26366](CVE-2023/CVE-2023-263xx/CVE-2023-26366.json) (`2023-10-14T02:22:03.000`)
-* [CVE-2023-45205](CVE-2023/CVE-2023-452xx/CVE-2023-45205.json) (`2023-10-14T02:24:01.100`)
-* [CVE-2023-43788](CVE-2023/CVE-2023-437xx/CVE-2023-43788.json) (`2023-10-14T02:24:34.383`)
-* [CVE-2023-38640](CVE-2023/CVE-2023-386xx/CVE-2023-38640.json) (`2023-10-14T02:43:46.027`)
-* [CVE-2023-35074](CVE-2023/CVE-2023-350xx/CVE-2023-35074.json) (`2023-10-14T03:15:09.803`)
-* [CVE-2023-39928](CVE-2023/CVE-2023-399xx/CVE-2023-39928.json) (`2023-10-14T03:15:09.890`)
-* [CVE-2023-41074](CVE-2023/CVE-2023-410xx/CVE-2023-41074.json) (`2023-10-14T03:15:10.020`)
-* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2023-10-14T03:15:10.120`)
-* [CVE-2023-5218](CVE-2023/CVE-2023-52xx/CVE-2023-5218.json) (`2023-10-14T03:15:10.277`)
-* [CVE-2023-5475](CVE-2023/CVE-2023-54xx/CVE-2023-5475.json) (`2023-10-14T03:15:10.380`)
-* [CVE-2023-5484](CVE-2023/CVE-2023-54xx/CVE-2023-5484.json) (`2023-10-14T03:15:10.463`)
-* [CVE-2023-5487](CVE-2023/CVE-2023-54xx/CVE-2023-5487.json) (`2023-10-14T03:15:10.550`)
 
 
 ## Download and Usage