admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-22T00:55:25.346220+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-22 00:55:29 +00:00
parent e1f2f4be5e
commit 9437e8c35f
21 changed files with 1146 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2023/CVE-2023-375xx/CVE-2023-37520.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-37520",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-12-21T23:15:08.453",
"lastModified": "2023-12-21T23:15:08.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated\u00a0Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376",
"source": "psirt@hcl.com"
}
]
}

59
CVE-2023/CVE-2023-482xx/CVE-2023-48298.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-48298",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-21T23:15:09.047",
"lastModified": "2023-12-21T23:15:09.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ClickHouse\u00ae is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://github.com/ClickHouse/ClickHouse/pull/56795",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-483xx/CVE-2023-48308.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-48308",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T00:15:34.650",
"lastModified": "2023-12-22T00:15:34.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1258"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/calendar/pull/5553",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fv3c-qvjr-5rv8",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-490xx/CVE-2023-49084.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49084",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-21T23:15:09.337",
"lastModified": "2023-12-21T23:15:09.337",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-490xx/CVE-2023-49086.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49086",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T00:15:34.857",
"lastModified": "2023-12-22T00:15:34.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack.\nExploitation of the vulnerability is possible for an authorized user. The vulnerable component is\nthe `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in\nthe attacked user's browser. This issue has been patched in version 1.2.26.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49677.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49677",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:09.547",
"lastModified": "2023-12-21T23:15:09.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'cmbQual' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49678.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49678",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:09.780",
"lastModified": "2023-12-21T23:15:09.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDesc' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49679.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49679",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:10.003",
"lastModified": "2023-12-21T23:15:10.003",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTitle' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49680.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49680",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:10.250",
"lastModified": "2023-12-21T23:15:10.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTotal' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49681.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49681",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:10.457",
"lastModified": "2023-12-21T23:15:10.457",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'cmbQual' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49682.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49682",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:10.693",
"lastModified": "2023-12-21T23:15:10.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDate' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49683.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49683",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T23:15:10.937",
"lastModified": "2023-12-21T23:15:10.937",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDesc' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49684.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49684",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:35.050",
"lastModified": "2023-12-22T00:15:35.050",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTitle' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49685.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49685",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:35.237",
"lastModified": "2023-12-22T00:15:35.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTime' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49686.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49686",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:35.433",
"lastModified": "2023-12-22T00:15:35.433",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTotal' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49687.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49687",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:35.630",
"lastModified": "2023-12-22T00:15:35.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtPass' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49688.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49688",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:35.840",
"lastModified": "2023-12-22T00:15:35.840",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtUser' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49689.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49689",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:36.050",
"lastModified": "2023-12-22T00:15:36.050",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'JobId' parameter of the Employer/DeleteJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

59
CVE-2023/CVE-2023-496xx/CVE-2023-49690.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49690",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-22T00:15:36.260",
"lastModified": "2023-12-22T00:15:36.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'WalkinId' parameter of the Employer/DeleteJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/pollini/",
"source": "help@fluidattacks.com"
},
{
"url": "https://www.kashipara.com/",
"source": "help@fluidattacks.com"
}
]
}

24
CVE-2023/CVE-2023-70xx/CVE-2023-7024.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-7024",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-12-21T23:15:11.213",
"lastModified": "2023-12-21T23:15:11.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1513170",
"source": "chrome-cve-admin@google.com"
}
]
}

80
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-21T23:00:25.161980+00:00
2023-12-22T00:55:25.346220+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-21T22:15:15.773000+00:00
2023-12-22T00:15:36.260000+00:00
```
### Last Data Feed Release
@ -29,69 +29,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234038
234058
```
### CVEs added in the last Commit
Recently added CVEs: `31`
Recently added CVEs: `20`
* [CVE-2023-48685](CVE-2023/CVE-2023-486xx/CVE-2023-48685.json) (`2023-12-21T21:15:09.867`)
* [CVE-2023-48686](CVE-2023/CVE-2023-486xx/CVE-2023-48686.json) (`2023-12-21T21:15:10.200`)
* [CVE-2023-48687](CVE-2023/CVE-2023-486xx/CVE-2023-48687.json) (`2023-12-21T21:15:10.507`)
* [CVE-2023-48688](CVE-2023/CVE-2023-486xx/CVE-2023-48688.json) (`2023-12-21T21:15:10.830`)
* [CVE-2023-48689](CVE-2023/CVE-2023-486xx/CVE-2023-48689.json) (`2023-12-21T21:15:11.130`)
* [CVE-2023-48690](CVE-2023/CVE-2023-486xx/CVE-2023-48690.json) (`2023-12-21T21:15:11.437`)
* [CVE-2023-48716](CVE-2023/CVE-2023-487xx/CVE-2023-48716.json) (`2023-12-21T21:15:11.710`)
* [CVE-2023-48717](CVE-2023/CVE-2023-487xx/CVE-2023-48717.json) (`2023-12-21T21:15:12.013`)
* [CVE-2023-48718](CVE-2023/CVE-2023-487xx/CVE-2023-48718.json) (`2023-12-21T21:15:12.297`)
* [CVE-2023-48719](CVE-2023/CVE-2023-487xx/CVE-2023-48719.json) (`2023-12-21T21:15:12.590`)
* [CVE-2023-48720](CVE-2023/CVE-2023-487xx/CVE-2023-48720.json) (`2023-12-21T21:15:12.870`)
* [CVE-2023-48722](CVE-2023/CVE-2023-487xx/CVE-2023-48722.json) (`2023-12-21T21:15:13.160`)
* [CVE-2023-51379](CVE-2023/CVE-2023-513xx/CVE-2023-51379.json) (`2023-12-21T21:15:13.480`)
* [CVE-2023-51380](CVE-2023/CVE-2023-513xx/CVE-2023-51380.json) (`2023-12-21T21:15:13.757`)
* [CVE-2023-6690](CVE-2023/CVE-2023-66xx/CVE-2023-6690.json) (`2023-12-21T21:15:14.053`)
* [CVE-2023-6746](CVE-2023/CVE-2023-67xx/CVE-2023-6746.json) (`2023-12-21T21:15:14.303`)
* [CVE-2023-6802](CVE-2023/CVE-2023-68xx/CVE-2023-6802.json) (`2023-12-21T21:15:14.570`)
* [CVE-2023-6803](CVE-2023/CVE-2023-68xx/CVE-2023-6803.json) (`2023-12-21T21:15:14.800`)
* [CVE-2023-6804](CVE-2023/CVE-2023-68xx/CVE-2023-6804.json) (`2023-12-21T21:15:15.020`)
* [CVE-2023-6847](CVE-2023/CVE-2023-68xx/CVE-2023-6847.json) (`2023-12-21T21:15:15.340`)
* [CVE-2023-27319](CVE-2023/CVE-2023-273xx/CVE-2023-27319.json) (`2023-12-21T22:15:13.100`)
* [CVE-2023-37519](CVE-2023/CVE-2023-375xx/CVE-2023-37519.json) (`2023-12-21T22:15:13.930`)
* [CVE-2023-48723](CVE-2023/CVE-2023-487xx/CVE-2023-48723.json) (`2023-12-21T22:15:14.823`)
* [CVE-2023-7050](CVE-2023/CVE-2023-70xx/CVE-2023-7050.json) (`2023-12-21T22:15:15.397`)
* [CVE-2023-7051](CVE-2023/CVE-2023-70xx/CVE-2023-7051.json) (`2023-12-21T22:15:15.773`)
* [CVE-2023-37520](CVE-2023/CVE-2023-375xx/CVE-2023-37520.json) (`2023-12-21T23:15:08.453`)
* [CVE-2023-48298](CVE-2023/CVE-2023-482xx/CVE-2023-48298.json) (`2023-12-21T23:15:09.047`)
* [CVE-2023-49084](CVE-2023/CVE-2023-490xx/CVE-2023-49084.json) (`2023-12-21T23:15:09.337`)
* [CVE-2023-49677](CVE-2023/CVE-2023-496xx/CVE-2023-49677.json) (`2023-12-21T23:15:09.547`)
* [CVE-2023-49678](CVE-2023/CVE-2023-496xx/CVE-2023-49678.json) (`2023-12-21T23:15:09.780`)
* [CVE-2023-49679](CVE-2023/CVE-2023-496xx/CVE-2023-49679.json) (`2023-12-21T23:15:10.003`)
* [CVE-2023-49680](CVE-2023/CVE-2023-496xx/CVE-2023-49680.json) (`2023-12-21T23:15:10.250`)
* [CVE-2023-49681](CVE-2023/CVE-2023-496xx/CVE-2023-49681.json) (`2023-12-21T23:15:10.457`)
* [CVE-2023-49682](CVE-2023/CVE-2023-496xx/CVE-2023-49682.json) (`2023-12-21T23:15:10.693`)
* [CVE-2023-49683](CVE-2023/CVE-2023-496xx/CVE-2023-49683.json) (`2023-12-21T23:15:10.937`)
* [CVE-2023-7024](CVE-2023/CVE-2023-70xx/CVE-2023-7024.json) (`2023-12-21T23:15:11.213`)
* [CVE-2023-48308](CVE-2023/CVE-2023-483xx/CVE-2023-48308.json) (`2023-12-22T00:15:34.650`)
* [CVE-2023-49086](CVE-2023/CVE-2023-490xx/CVE-2023-49086.json) (`2023-12-22T00:15:34.857`)
* [CVE-2023-49684](CVE-2023/CVE-2023-496xx/CVE-2023-49684.json) (`2023-12-22T00:15:35.050`)
* [CVE-2023-49685](CVE-2023/CVE-2023-496xx/CVE-2023-49685.json) (`2023-12-22T00:15:35.237`)
* [CVE-2023-49686](CVE-2023/CVE-2023-496xx/CVE-2023-49686.json) (`2023-12-22T00:15:35.433`)
* [CVE-2023-49687](CVE-2023/CVE-2023-496xx/CVE-2023-49687.json) (`2023-12-22T00:15:35.630`)
* [CVE-2023-49688](CVE-2023/CVE-2023-496xx/CVE-2023-49688.json) (`2023-12-22T00:15:35.840`)
* [CVE-2023-49689](CVE-2023/CVE-2023-496xx/CVE-2023-49689.json) (`2023-12-22T00:15:36.050`)
* [CVE-2023-49690](CVE-2023/CVE-2023-496xx/CVE-2023-49690.json) (`2023-12-22T00:15:36.260`)
### CVEs modified in the last Commit
Recently modified CVEs: `28`
Recently modified CVEs: `0`
* [CVE-2022-27218](CVE-2022/CVE-2022-272xx/CVE-2022-27218.json) (`2023-12-21T21:53:32.773`)
* [CVE-2022-28135](CVE-2022/CVE-2022-281xx/CVE-2022-28135.json) (`2023-12-21T21:53:55.317`)
* [CVE-2022-27208](CVE-2022/CVE-2022-272xx/CVE-2022-27208.json) (`2023-12-21T21:53:59.197`)
* [CVE-2022-27212](CVE-2022/CVE-2022-272xx/CVE-2022-27212.json) (`2023-12-21T21:54:02.937`)
* [CVE-2022-29044](CVE-2022/CVE-2022-290xx/CVE-2022-29044.json) (`2023-12-21T21:54:07.530`)
* [CVE-2022-30945](CVE-2022/CVE-2022-309xx/CVE-2022-30945.json) (`2023-12-21T21:54:14.583`)
* [CVE-2022-25183](CVE-2022/CVE-2022-251xx/CVE-2022-25183.json) (`2023-12-21T21:54:23.297`)
* [CVE-2022-29047](CVE-2022/CVE-2022-290xx/CVE-2022-29047.json) (`2023-12-21T21:54:31.177`)
* [CVE-2022-29045](CVE-2022/CVE-2022-290xx/CVE-2022-29045.json) (`2023-12-21T21:54:37.523`)
* [CVE-2022-29049](CVE-2022/CVE-2022-290xx/CVE-2022-29049.json) (`2023-12-21T21:54:41.677`)
* [CVE-2022-30949](CVE-2022/CVE-2022-309xx/CVE-2022-30949.json) (`2023-12-21T21:54:57.407`)
* [CVE-2022-27217](CVE-2022/CVE-2022-272xx/CVE-2022-27217.json) (`2023-12-21T21:55:10.330`)
* [CVE-2022-3172](CVE-2022/CVE-2022-31xx/CVE-2022-3172.json) (`2023-12-21T22:15:08.130`)
* [CVE-2023-38140](CVE-2023/CVE-2023-381xx/CVE-2023-38140.json) (`2023-12-21T21:49:53.360`)
* [CVE-2023-36803](CVE-2023/CVE-2023-368xx/CVE-2023-36803.json) (`2023-12-21T21:49:57.347`)
* [CVE-2023-1194](CVE-2023/CVE-2023-11xx/CVE-2023-1194.json) (`2023-12-21T22:15:08.460`)
* [CVE-2023-22329](CVE-2023/CVE-2023-223xx/CVE-2023-22329.json) (`2023-12-21T22:15:08.750`)
* [CVE-2023-25756](CVE-2023/CVE-2023-257xx/CVE-2023-25756.json) (`2023-12-21T22:15:11.410`)
* [CVE-2023-28376](CVE-2023/CVE-2023-283xx/CVE-2023-28376.json) (`2023-12-21T22:15:13.493`)
* [CVE-2023-34055](CVE-2023/CVE-2023-340xx/CVE-2023-34055.json) (`2023-12-21T22:15:13.760`)
* [CVE-2023-3893](CVE-2023/CVE-2023-38xx/CVE-2023-3893.json) (`2023-12-21T22:15:14.160`)
* [CVE-2023-3955](CVE-2023/CVE-2023-39xx/CVE-2023-3955.json) (`2023-12-21T22:15:14.280`)
* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2023-12-21T22:15:14.453`)
* [CVE-2023-43665](CVE-2023/CVE-2023-436xx/CVE-2023-43665.json) (`2023-12-21T22:15:14.690`)
* [CVE-2023-4809](CVE-2023/CVE-2023-48xx/CVE-2023-4809.json) (`2023-12-21T22:15:15.217`)
## Download and Usage