admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-10T13:00:38.521150+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-10 13:03:27 +00:00
parent c2597212a3
commit 8a4d25e6e8
5 changed files with 190 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2023/CVE-2023-09xx/CVE-2023-0943.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-0943",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-21T20:15:12.653",
"lastModified": "2024-02-29T01:37:08.020",
"lastModified": "2024-03-10T12:15:06.370",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects some unknown processing of the file index.php?page=site_settings of the component Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591."
"value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with the input ../../shell.php leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591."
}
],
"metrics": {

88
CVE-2024/CVE-2024-23xx/CVE-2024-2354.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2354",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-10T11:15:45.873",
"lastModified": "2024-03-10T11:15:45.873",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/sweatxi/BugHub/blob/main/dreamer_cms_admin_menu_toEdit_csrf.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.256314",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.256314",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-23xx/CVE-2024-2355.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2355",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-10T12:15:06.613",
"lastModified": "2024-03-10T12:15:06.613",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6
},
"baseSeverity": "LOW",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-540"
}
]
}
],
"references": [
{
"url": "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20Sensitive%20Information%20Disclosure%5D%20on%20secret_coder.sql.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.256315",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.256315",
"source": "cna@vuldb.com"
}
]
}

14
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-10T09:00:37.406712+00:00
2024-03-10T13:00:38.521150+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-10T08:15:05.920000+00:00
2024-03-10T12:15:06.613000+00:00
```
### Last Data Feed Release
@ -29,20 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
240943
240945
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `2`
* [CVE-2024-2353](CVE-2024/CVE-2024-23xx/CVE-2024-2353.json) (`2024-03-10T08:15:05.920`)
* [CVE-2024-2354](CVE-2024/CVE-2024-23xx/CVE-2024-2354.json) (`2024-03-10T11:15:45.873`)
* [CVE-2024-2355](CVE-2024/CVE-2024-23xx/CVE-2024-2355.json) (`2024-03-10T12:15:06.613`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
* [CVE-2023-0943](CVE-2023/CVE-2023-09xx/CVE-2023-0943.json) (`2024-03-10T12:15:06.370`)
## Download and Usage

6
_state.csv
View File

@ -212300,7 +212300,7 @@ CVE-2023-0939,0,0,10a8bdc18a3b3c1249139b1cbb0116ef77d8e26b8ebc14d8e5f0a778955459
CVE-2023-0940,0,0,979dc0fb2858f696cb5b8ac0851b9926b2402566a0d423a0874489300b1edd51,2023-11-07T04:01:58.670000
CVE-2023-0941,0,0,ba0f89ab2234859dae53a39c6c558c734e9b51283f566e5299c7cc252ee4c64f,2023-10-20T20:33:35.087000
CVE-2023-0942,0,0,2d46866a21a5c35791e5f2c08afb5c6736d754307e66eada4ec722b0b75ee65b,2023-11-07T04:01:58.890000
CVE-2023-0943,0,0,759ee5cbff2520cbc7b25d1754ee193e159c2506f2bf92e9a9b480df08a20689,2024-02-29T01:37:08.020000
CVE-2023-0943,0,1,85cd57adb3d72149f9554207a219329d1858d7984150d7587f9255576c9b2417,2024-03-10T12:15:06.370000
CVE-2023-0944,0,0,8025411f768e94772551032d2611d107a9bb423bcf681dd25c72827cbd45f5ed,2023-04-17T16:59:53.617000
CVE-2023-0945,0,0,bb1ddcf574d884b2e28e404c9fe6c6728b91e96d4102a8e59ad10f10a5c209be,2024-02-29T01:37:08.107000
CVE-2023-0946,0,0,7c0078581357be73f490032276cef2469b462832f4570312e77894f1d522e785,2024-02-29T01:37:08.193000
@ -239808,7 +239808,9 @@ CVE-2024-23517,0,0,e4bbedbc00468997609a0c9179822a4e7c082017c830cbf85558e35c31daa
CVE-2024-23519,0,0,323d9800215ce0c9e36032433bafa6695128989b60bb35cada524fbfda63857e,2024-02-29T13:49:29.390000
CVE-2024-2352,0,0,b3572978026f02f658dedcfb604dde95cb554b87687641414ca2ed91b4f616de,2024-03-10T02:16:08.767000
CVE-2024-23525,0,0,d87ac004ae364b7188eb5b5618bc7a0354a8aea809beaa37863d308d19bc3d3a,2024-01-27T22:15:08.360000
CVE-2024-2353,1,1,199439703042b51907315fda2af84dfcccbaf3e56cc37024aa797aa253aa9c64,2024-03-10T08:15:05.920000
CVE-2024-2353,0,0,199439703042b51907315fda2af84dfcccbaf3e56cc37024aa797aa253aa9c64,2024-03-10T08:15:05.920000
CVE-2024-2354,1,1,01cfbc50304e594f6201a5b721bc573738b288c90917e917720ee51c606f5cea,2024-03-10T11:15:45.873000
CVE-2024-2355,1,1,9c73313b52b54c211f08ef86de692a1ad629e7b910c16159f90619e9afcfbc35,2024-03-10T12:15:06.613000
CVE-2024-23550,0,0,233aa541fdda788f0e4e95c8a9a0a8f5d7fa7689dcd559af0cf5e5843a531076,2024-02-13T00:57:33.613000
CVE-2024-23553,0,0,51ea2d50cc1ff4dbab518de2a29e9ef6a91bd6b91073c23eb1a7f0cb7c8f1090,2024-02-10T00:59:00.423000
CVE-2024-23591,0,0,f4c08614f6a162f49ecc99f020c088036b0b565e06b57796e1304b45ae78e59d,2024-02-20T22:15:08.353000

Can't render this file because it is too large.