From 9213f4aed281e493e3bb8773a1384bbe16d2b6ff Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 14 Oct 2023 14:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-14T14:00:24.873392+00:00 --- CVE-2023/CVE-2023-12xx/CVE-2023-1259.json | 59 +++++++++++++++ CVE-2023/CVE-2023-49xx/CVE-2023-4911.json | 6 +- CVE-2023/CVE-2023-55xx/CVE-2023-5579.json | 88 +++++++++++++++++++++++ CVE-2023/CVE-2023-55xx/CVE-2023-5580.json | 88 +++++++++++++++++++++++ CVE-2023/CVE-2023-55xx/CVE-2023-5581.json | 88 +++++++++++++++++++++++ README.md | 20 +++--- 6 files changed, 338 insertions(+), 11 deletions(-) create mode 100644 CVE-2023/CVE-2023-12xx/CVE-2023-1259.json create mode 100644 CVE-2023/CVE-2023-55xx/CVE-2023-5579.json create mode 100644 CVE-2023/CVE-2023-55xx/CVE-2023-5580.json create mode 100644 CVE-2023/CVE-2023-55xx/CVE-2023-5581.json diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1259.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1259.json new file mode 100644 index 00000000000..33a477dc45f --- /dev/null +++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1259.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-1259", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-10-14T12:15:09.897", + "lastModified": "2023-10-14T12:15:09.897", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/hotjar/tags/1.0.14/includes/class-hotjar.php#L40", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c640bcb-b6bf-4865-b713-32ca846e4ed9?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json index 60340ba381d..090caec7727 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4911", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-03T18:15:10.463", - "lastModified": "2023-10-14T00:15:10.243", + "lastModified": "2023-10-14T12:15:10.007", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -174,6 +174,10 @@ "url": "http://www.openwall.com/lists/oss-security/2023/10/13/11", "source": "secalert@redhat.com" }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/14/3", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/errata/RHSA-2023:5453", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5579.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5579.json new file mode 100644 index 00000000000..24068b0e103 --- /dev/null +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5579.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5579", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-10-14T12:15:10.277", + "lastModified": "2023-10-14T12:15:10.277", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242144." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 5.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cojoben/Sendbox/blob/main/README.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.242144", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.242144", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5580.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5580.json new file mode 100644 index 00000000000..3060bcaba96 --- /dev/null +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5580.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5580", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-10-14T12:15:10.353", + "lastModified": "2023-10-14T12:15:10.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in SourceCodester Library System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-242145 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/GodRone/CVE/blob/main/SerBermz_SQL%20injection.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.242145", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.242145", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5581.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5581.json new file mode 100644 index 00000000000..9f56a0642fd --- /dev/null +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5581.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5581", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-10-14T13:15:09.743", + "lastModified": "2023-10-14T13:15:09.743", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242146 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/GodRone/MedicineTrackerSystem/blob/main/Medicine%20Tracker%20System_XSS.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.242146", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.242146", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 90d2b793e90..c2a2b2f3408 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-14T12:00:24.611700+00:00 +2023-10-14T14:00:24.873392+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-14T11:15:45.800000+00:00 +2023-10-14T13:15:09.743000+00:00 ``` ### Last Data Feed Release @@ -29,24 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227797 +227801 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `4` -* [CVE-2023-42663](CVE-2023/CVE-2023-426xx/CVE-2023-42663.json) (`2023-10-14T10:15:09.940`) -* [CVE-2023-42780](CVE-2023/CVE-2023-427xx/CVE-2023-42780.json) (`2023-10-14T10:15:10.303`) -* [CVE-2023-42792](CVE-2023/CVE-2023-427xx/CVE-2023-42792.json) (`2023-10-14T10:15:10.377`) -* [CVE-2023-45348](CVE-2023/CVE-2023-453xx/CVE-2023-45348.json) (`2023-10-14T10:15:10.473`) -* [CVE-2023-5578](CVE-2023/CVE-2023-55xx/CVE-2023-5578.json) (`2023-10-14T11:15:45.800`) +* [CVE-2023-1259](CVE-2023/CVE-2023-12xx/CVE-2023-1259.json) (`2023-10-14T12:15:09.897`) +* [CVE-2023-5579](CVE-2023/CVE-2023-55xx/CVE-2023-5579.json) (`2023-10-14T12:15:10.277`) +* [CVE-2023-5580](CVE-2023/CVE-2023-55xx/CVE-2023-5580.json) (`2023-10-14T12:15:10.353`) +* [CVE-2023-5581](CVE-2023/CVE-2023-55xx/CVE-2023-5581.json) (`2023-10-14T13:15:09.743`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2023-10-14T12:15:10.007`) ## Download and Usage