admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-03T05:00:25.105272+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-03 05:00:28 +00:00
parent b7abdbfa81
commit 963dd644cc
33 changed files with 1535 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2023/CVE-2023-457xx/CVE-2023-45722.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-45722",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:09.200",
"lastModified": "2024-01-03T03:15:09.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. \u00a0The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2023/CVE-2023-457xx/CVE-2023-45723.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-45723",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:09.380",
"lastModified": "2024-01-03T03:15:09.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. \u00a0Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2023/CVE-2023-457xx/CVE-2023-45724.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-45724",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:09.537",
"lastModified": "2024-01-03T03:15:09.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
"source": "psirt@hcl.com"
}
]
}

78
CVE-2023/CVE-2023-459xx/CVE-2023-45957.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-45957",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T16:15:08.327",
"lastModified": "2023-12-22T20:32:41.017",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T03:06:41.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en el componente admin/AdminRequestSqlController.php de thirty bees anteriores a 1.5.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante un manejo incorrecto del error $e->getMessage()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thirtybees:thirty_bees:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.0",
"matchCriteriaId": "6F616AF3-86CE-490F-A99D-5FA8C80254BE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/thirtybees/thirtybees/commit/f5b2c1e0094ce53fded1443bab99a604ae8e2968",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thirtybees/thirtybees/compare/1.4.0...1.5.0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://zigrin.com/advisories/thirty-bees-stored-cross-site-scripting-xss/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-499xx/CVE-2023-49933.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49933",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T05:15:08.810",
"lastModified": "2023-12-20T18:50:47.213",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-03T03:15:09.697",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -87,6 +87,14 @@
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html",
"source": "cve@mitre.org",

12
CVE-2023/CVE-2023-499xx/CVE-2023-49934.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49934",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T05:15:10.023",
"lastModified": "2023-12-20T18:49:55.000",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-03T03:15:09.803",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -73,6 +73,14 @@
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html",
"source": "cve@mitre.org",

12
CVE-2023/CVE-2023-499xx/CVE-2023-49935.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49935",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T05:15:10.490",
"lastModified": "2023-12-20T18:47:36.937",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-03T03:15:09.867",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -80,6 +80,14 @@
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html",
"source": "cve@mitre.org",

12
CVE-2023/CVE-2023-499xx/CVE-2023-49936.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49936",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T05:15:10.980",
"lastModified": "2023-12-20T18:47:01.043",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-03T03:15:09.927",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -87,6 +87,14 @@
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html",
"source": "cve@mitre.org",

12
CVE-2023/CVE-2023-499xx/CVE-2023-49937.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49937",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T05:15:11.493",
"lastModified": "2023-12-21T17:17:34.317",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-03T03:15:09.990",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -87,6 +87,14 @@
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html",
"source": "cve@mitre.org",

12
CVE-2023/CVE-2023-499xx/CVE-2023-49938.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49938",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-14T05:15:11.890",
"lastModified": "2023-12-19T16:08:07.640",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-03T03:15:10.053",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -77,6 +77,14 @@
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html",
"source": "cve@mitre.org",

43
CVE-2023/CVE-2023-503xx/CVE-2023-50341.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-50341",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:10.127",
"lastModified": "2024-01-03T03:15:10.127",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a \"Missing Access Control\" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2023/CVE-2023-503xx/CVE-2023-50342.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-50342",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:10.817",
"lastModified": "2024-01-03T03:15:10.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. \u00a0A user can obtain certain details about another user as a result of improper access control.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2023/CVE-2023-503xx/CVE-2023-50343.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-50343",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:11.210",
"lastModified": "2024-01-03T03:15:11.210",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2023/CVE-2023-503xx/CVE-2023-50344.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-50344",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:11.373",
"lastModified": "2024-01-03T03:15:11.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
"source": "psirt@hcl.com"
}
]
}

56
CVE-2023/CVE-2023-507xx/CVE-2023-50712.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50712",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T20:15:07.443",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T03:12:23.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available."
},
{
"lang": "es",
"value": "Iris es una plataforma colaborativa web que tiene como objetivo ayudar a los servicios de respuesta a incidentes a compartir detalles t\u00e9cnicos durante las investigaciones. Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en iris-web, que afecta a varias ubicaciones en versiones anteriores a la v2.3.7. La vulnerabilidad puede permitir a un atacante inyectar scripts maliciosos en la aplicaci\u00f3n, que luego podr\u00edan ejecutarse cuando un usuario visite las ubicaciones afectadas. Esto podr\u00eda provocar acceso no autorizado, robo de datos u otras actividades maliciosas relacionadas. Un atacante debe autenticarse en la aplicaci\u00f3n para aprovechar esta vulnerabilidad. El problema se solucion\u00f3 en la versi\u00f3n v2.3.7 de iris-web. No hay soluciones conocidas disponibles."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +74,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dfir-iris:iris:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.7",
"matchCriteriaId": "1D39F424-50ED-4F5B-ACE2-9524841C32E1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-507xx/CVE-2023-50725.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50725",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T20:15:07.657",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T03:20:02.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: \"/failed/?class=<script>alert(document.cookie)</script>\" and \"/queues/><img src=a onerror=alert(document.cookie)>\". This issue has been patched in version 2.2.1."
},
{
"lang": "es",
"value": "Resque es una librer\u00eda Ruby respaldada por Redis para crear jobs en segundo plano, colocarlos en varias colas y procesarlos m\u00e1s tarde. Se ha descubierto que las siguientes rutas en resque-web son vulnerables al XSS reflejado: \"/failed/?class=\" y \"/queues/&gt;\". Este problema se solucion\u00f3 en la versi\u00f3n 2.2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +70,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:resque:resque:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "2.2.1",
"matchCriteriaId": "C9D16E9F-4E53-4657-99FF-1CD6DB37F6C9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/resque/resque/commit/ee99d2ed6cc75d9d384483b70c2d96d312115f07",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/resque/resque/pull/1790",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/resque/resque/security/advisories/GHSA-gc3j-vvwf-4rp8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/resque/CVE-2023-50725.yml",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-507xx/CVE-2023-50727.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50727",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T21:15:07.690",
"lastModified": "2023-12-25T03:08:20.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T03:25:51.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /\"><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0."
},
{
"lang": "es",
"value": "Resque es una librer\u00eda Ruby respaldada por Redis para crear trabajos en segundo plano, colocarlos en varias colas y procesarlos m\u00e1s tarde. El problema de XSS reflejado ocurre cuando /queues se agrega con /\"&gt;. Este problema se solucion\u00f3 en la versi\u00f3n 2.6.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:resque:resque:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "2.6.0",
"matchCriteriaId": "443F9594-AEFD-4F85-BFEF-5C7C70C44DF7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/resque/resque/commit/7623b8dfbdd0a07eb04b19fb25b16a8d6f087f9a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/resque/resque/pull/1865",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/resque/resque/security/advisories/GHSA-r9mq-m72x-257g",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51034.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51034",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.877",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T03:17:07.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface."
},
{
"lang": "es",
"value": "TOTOlink EX1200L V9.3.5u.6146_B20201023 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios a trav\u00e9s de la interfaz cstecgi.cgi UploadFirmwareFile."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*",
"matchCriteriaId": "F2A5A448-0444-4DA7-8C74-66AA5300D40D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BC1501-2EAC-43B7-83E0-04FBA874D29D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_UploadFirmwareFile/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-510xx/CVE-2023-51035.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51035",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.920",
"lastModified": "2023-12-22T20:32:25.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T03:15:54.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface."
},
{
"lang": "es",
"value": "TOTOLINK EX1200L V9.3.5u.6146_B20201023 es vulnerable a la ejecuci\u00f3n de comandos arbitrarios en la interfaz cstecgi.cgi NTPSyncWithHost."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*",
"matchCriteriaId": "F2A5A448-0444-4DA7-8C74-66AA5300D40D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BC1501-2EAC-43B7-83E0-04FBA874D29D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_NTPSyncWithHost/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-516xx/CVE-2023-51661.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51661",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T15:15:08.377",
"lastModified": "2023-12-22T20:32:41.017",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T03:03:04.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4."
},
{
"lang": "es",
"value": "Wasmer es un runtime de WebAssembly que permite que los contenedores se ejecuten en cualquier lugar: desde el escritorio hasta la nube, Edge e incluso el navegador. Los programas Wasm pueden acceder al sistema de archivos fuera del entorno limitado. Los proveedores de servicios que ejecutan c\u00f3digo Wasm que no es de confianza en Wasmer pueden exponer inesperadamente el sistema de archivos del host. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 4.2.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +80,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wasmer:wasmer:*:*:*:*:*:rust:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "4.2.4",
"matchCriteriaId": "14DB3027-8D4F-47CB-9B0C-9603C74C4299"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wasmerio/wasmer/commit/4d63febf9d8b257b0531963b85df48d45d0dbf3c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/wasmerio/wasmer/issues/4267",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-71xx/CVE-2023-7134.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7134",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T20:16:07.607",
"lastModified": "2023-12-28T20:21:23.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T04:54:46.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249137 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Medicine Tracking System 1.0. Ha sido calificada como cr\u00edtica. Este problema afecta alg\u00fan procesamiento desconocido. La manipulaci\u00f3n de la p\u00e1gina de argumentos conduce a path traversal: '../filedir'. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249137."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:medicine_tracker_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44A35599-C92F-4A69-B7B1-C768223118FD"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@2839549219ljk/medicine-tracking-system-rce-vulnerability-1f009165b915",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249137",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249137",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-71xx/CVE-2023-7135.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7135",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T21:15:07.897",
"lastModified": "2023-12-29T03:13:50.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T04:54:08.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in code-projects Record Management System 1.0. Affected is an unknown function of the file /main/offices.php of the component Offices Handler. The manipulation of the argument officename with the input \"><script src=\"https://js.rip/b23tmbxf49\"></script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249138 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en code-projects Record Management System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /main/offices.php del componente Offices Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento officename con la entrada \"&gt; conduce a cross site scripting. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser utilizado. VDB-249138 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:record_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "885E7D96-AB41-42EC-9FCD-9A75D814A98C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Record_Management_System/Record_Management_System-Blind_Cross_Site_Scripting-1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249138",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249138",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-71xx/CVE-2023-7136.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7136",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T21:15:08.130",
"lastModified": "2023-12-29T03:13:50.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T04:54:01.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in code-projects Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /main/doctype.php of the component Document Type Handler. The manipulation of the argument docname with the input \"><script src=\"https://js.rip/b23tmbxf49\"></script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249139."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en code-projects Record Management System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /main/doctype.php del componente Document Type Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento docname con la entrada \"&gt; conduce a cross site scripting. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser utilizada. El identificador asociado de esta vulnerabilidad es VDB-249139."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:record_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "885E7D96-AB41-42EC-9FCD-9A75D814A98C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Record_Management_System/Record_Management_System-Blind_Cross_Site_Scripting-2.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249139",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249139",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-71xx/CVE-2023-7137.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7137",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T22:15:45.373",
"lastModified": "2023-12-29T03:13:50.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T04:53:54.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249140."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como cr\u00edtica fue encontrada en code-projects Client Details System 1.0. Una funci\u00f3n desconocida del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento uemail conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249140."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-SQL_Injection_1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249140",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249140",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-71xx/CVE-2023-7138.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7138",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T22:15:45.603",
"lastModified": "2023-12-29T03:13:50.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T04:53:48.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en code-projects Client Details System 1.0 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /admin del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento username o conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249141."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-SQL_Injection_2.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249141",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249141",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-71xx/CVE-2023-7139.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7139",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T23:15:44.263",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T04:53:39.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/regester.php of the component HTTP POST Request Handler. The manipulation of the argument fname/lname/email/contact leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249142 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en code-projects Client Details System 1.0 y se clasific\u00f3 como problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /admin/regester.php del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento fname/lname/email/contact conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249142 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-SQL_Injection_3.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249142",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249142",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-71xx/CVE-2023-7140.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7140",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-28T23:15:44.623",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T04:53:29.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249143."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en code-projects Client Details System 1.0 y se clasific\u00f3 como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo /admin/manage-users.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249143."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-SQL_Injection_4.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249143",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249143",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-71xx/CVE-2023-7141.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7141",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T00:15:50.517",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T04:53:19.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249144."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en code-projects Client Details System 1.0. Ha sido clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin/update-clients.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento uid conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249144."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-SQL_Injection_5.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249144",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249144",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-71xx/CVE-2023-7142.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7142",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T00:15:50.740",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T04:53:10.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en code-projects Client Details System 1.0. Ha sido declarada problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin/clientview.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento ID conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249145."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-SQL_Injection_6.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249145",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249145",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-71xx/CVE-2023-7143.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7143",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T01:15:43.917",
"lastModified": "2023-12-29T03:13:44.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T04:53:01.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en code-projects Client Details System 1.0. Ha sido calificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin/regester.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento fname/lname/email/contact conduce a cross site scripting. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249146 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:client_details_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F03ABFA2-6EA3-4C52-95A1-D1B683862F4D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-Blind_Cross_Site_Scripting.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249146",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249146",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-71xx/CVE-2023-7149.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7149",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T04:15:11.103",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T04:49:35.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:qr_code_generator:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98482386-BBC2-4F5E-AFDB-AEB5CFA588AD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h4md153v63n/CVEs/blob/main/QR_Code_Generator/QR_Code_Generator-Reflected_Cross_Site_Scripting.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.249153",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249153",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-71xx/CVE-2023-7155.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7155",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T05:15:09.843",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T04:49:27.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D414DE2C-F2F3-4159-9D7F-A81930652C97"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@heishou/inventory-management-system-sql-injection-f6d67247c7ae",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249177",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249177",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-03T03:00:25.072289+00:00
2024-01-03T05:00:25.105272+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-03T02:51:33.450000+00:00
2024-01-03T04:54:46.117000+00:00
```
### Last Data Feed Release
@ -29,37 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234742
234749
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `7`
* [CVE-2023-41776](CVE-2023/CVE-2023-417xx/CVE-2023-41776.json) (`2024-01-03T02:15:42.993`)
* [CVE-2023-41779](CVE-2023/CVE-2023-417xx/CVE-2023-41779.json) (`2024-01-03T02:15:43.217`)
* [CVE-2023-41780](CVE-2023/CVE-2023-417xx/CVE-2023-41780.json) (`2024-01-03T02:15:43.403`)
* [CVE-2023-41783](CVE-2023/CVE-2023-417xx/CVE-2023-41783.json) (`2024-01-03T02:15:43.573`)
* [CVE-2023-50345](CVE-2023/CVE-2023-503xx/CVE-2023-50345.json) (`2024-01-03T02:15:43.757`)
* [CVE-2023-50346](CVE-2023/CVE-2023-503xx/CVE-2023-50346.json) (`2024-01-03T02:15:43.913`)
* [CVE-2023-50348](CVE-2023/CVE-2023-503xx/CVE-2023-50348.json) (`2024-01-03T02:15:44.070`)
* [CVE-2023-50350](CVE-2023/CVE-2023-503xx/CVE-2023-50350.json) (`2024-01-03T02:15:44.227`)
* [CVE-2023-50351](CVE-2023/CVE-2023-503xx/CVE-2023-50351.json) (`2024-01-03T02:15:44.387`)
* [CVE-2023-45722](CVE-2023/CVE-2023-457xx/CVE-2023-45722.json) (`2024-01-03T03:15:09.200`)
* [CVE-2023-45723](CVE-2023/CVE-2023-457xx/CVE-2023-45723.json) (`2024-01-03T03:15:09.380`)
* [CVE-2023-45724](CVE-2023/CVE-2023-457xx/CVE-2023-45724.json) (`2024-01-03T03:15:09.537`)
* [CVE-2023-50341](CVE-2023/CVE-2023-503xx/CVE-2023-50341.json) (`2024-01-03T03:15:10.127`)
* [CVE-2023-50342](CVE-2023/CVE-2023-503xx/CVE-2023-50342.json) (`2024-01-03T03:15:10.817`)
* [CVE-2023-50343](CVE-2023/CVE-2023-503xx/CVE-2023-50343.json) (`2024-01-03T03:15:11.210`)
* [CVE-2023-50344](CVE-2023/CVE-2023-503xx/CVE-2023-50344.json) (`2024-01-03T03:15:11.373`)
### CVEs modified in the last Commit
Recently modified CVEs: `9`
Recently modified CVEs: `25`
* [CVE-2023-7024](CVE-2023/CVE-2023-70xx/CVE-2023-7024.json) (`2024-01-03T02:00:01.237`)
* [CVE-2023-7101](CVE-2023/CVE-2023-71xx/CVE-2023-7101.json) (`2024-01-03T02:00:01.237`)
* [CVE-2023-49391](CVE-2023/CVE-2023-493xx/CVE-2023-49391.json) (`2024-01-03T02:17:23.870`)
* [CVE-2023-48298](CVE-2023/CVE-2023-482xx/CVE-2023-48298.json) (`2024-01-03T02:23:30.487`)
* [CVE-2023-27319](CVE-2023/CVE-2023-273xx/CVE-2023-27319.json) (`2024-01-03T02:24:18.600`)
* [CVE-2023-4255](CVE-2023/CVE-2023-42xx/CVE-2023-4255.json) (`2024-01-03T02:30:35.597`)
* [CVE-2023-43741](CVE-2023/CVE-2023-437xx/CVE-2023-43741.json) (`2024-01-03T02:33:51.573`)
* [CVE-2023-43116](CVE-2023/CVE-2023-431xx/CVE-2023-43116.json) (`2024-01-03T02:41:10.107`)
* [CVE-2023-4256](CVE-2023/CVE-2023-42xx/CVE-2023-4256.json) (`2024-01-03T02:51:33.450`)
* [CVE-2023-51661](CVE-2023/CVE-2023-516xx/CVE-2023-51661.json) (`2024-01-03T03:03:04.737`)
* [CVE-2023-45957](CVE-2023/CVE-2023-459xx/CVE-2023-45957.json) (`2024-01-03T03:06:41.180`)
* [CVE-2023-50712](CVE-2023/CVE-2023-507xx/CVE-2023-50712.json) (`2024-01-03T03:12:23.060`)
* [CVE-2023-49933](CVE-2023/CVE-2023-499xx/CVE-2023-49933.json) (`2024-01-03T03:15:09.697`)
* [CVE-2023-49934](CVE-2023/CVE-2023-499xx/CVE-2023-49934.json) (`2024-01-03T03:15:09.803`)
* [CVE-2023-49935](CVE-2023/CVE-2023-499xx/CVE-2023-49935.json) (`2024-01-03T03:15:09.867`)
* [CVE-2023-49936](CVE-2023/CVE-2023-499xx/CVE-2023-49936.json) (`2024-01-03T03:15:09.927`)
* [CVE-2023-49937](CVE-2023/CVE-2023-499xx/CVE-2023-49937.json) (`2024-01-03T03:15:09.990`)
* [CVE-2023-49938](CVE-2023/CVE-2023-499xx/CVE-2023-49938.json) (`2024-01-03T03:15:10.053`)
* [CVE-2023-51035](CVE-2023/CVE-2023-510xx/CVE-2023-51035.json) (`2024-01-03T03:15:54.027`)
* [CVE-2023-51034](CVE-2023/CVE-2023-510xx/CVE-2023-51034.json) (`2024-01-03T03:17:07.367`)
* [CVE-2023-50725](CVE-2023/CVE-2023-507xx/CVE-2023-50725.json) (`2024-01-03T03:20:02.863`)
* [CVE-2023-50727](CVE-2023/CVE-2023-507xx/CVE-2023-50727.json) (`2024-01-03T03:25:51.337`)
* [CVE-2023-7155](CVE-2023/CVE-2023-71xx/CVE-2023-7155.json) (`2024-01-03T04:49:27.117`)
* [CVE-2023-7149](CVE-2023/CVE-2023-71xx/CVE-2023-7149.json) (`2024-01-03T04:49:35.240`)
* [CVE-2023-7143](CVE-2023/CVE-2023-71xx/CVE-2023-7143.json) (`2024-01-03T04:53:01.273`)
* [CVE-2023-7142](CVE-2023/CVE-2023-71xx/CVE-2023-7142.json) (`2024-01-03T04:53:10.423`)
* [CVE-2023-7141](CVE-2023/CVE-2023-71xx/CVE-2023-7141.json) (`2024-01-03T04:53:19.940`)
* [CVE-2023-7140](CVE-2023/CVE-2023-71xx/CVE-2023-7140.json) (`2024-01-03T04:53:29.893`)
* [CVE-2023-7139](CVE-2023/CVE-2023-71xx/CVE-2023-7139.json) (`2024-01-03T04:53:39.277`)
* [CVE-2023-7138](CVE-2023/CVE-2023-71xx/CVE-2023-7138.json) (`2024-01-03T04:53:48.110`)
* [CVE-2023-7137](CVE-2023/CVE-2023-71xx/CVE-2023-7137.json) (`2024-01-03T04:53:54.747`)
* [CVE-2023-7136](CVE-2023/CVE-2023-71xx/CVE-2023-7136.json) (`2024-01-03T04:54:01.213`)
* [CVE-2023-7135](CVE-2023/CVE-2023-71xx/CVE-2023-7135.json) (`2024-01-03T04:54:08.240`)
* [CVE-2023-7134](CVE-2023/CVE-2023-71xx/CVE-2023-7134.json) (`2024-01-03T04:54:46.117`)
## Download and Usage