admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-10T23:55:25.317069+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-10 23:55:28 +00:00
parent e88bf0f591
commit 9d953f7e47
36 changed files with 279 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2022/CVE-2022-251xx/CVE-2022-25187.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25187",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.477",
"lastModified": "2023-07-10T19:04:21.817",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:10.237",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -65,7 +65,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "jenkinsci-cert@googlegroups.com",
"type": "Primary",
"description": [
{
@ -75,12 +75,12 @@
]
},
{
"source": "jenkinsci-cert@googlegroups.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-256"
"value": "CWE-212"
}
]
}

8
CVE-2022/CVE-2022-253xx/CVE-2022-25319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25319",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-02-18T06:15:10.507",
"lastModified": "2022-02-25T15:32:12.577",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:10.363",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -101,6 +101,10 @@
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-forgotten-endpoint-authentication-bypass-with-open-prefix/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2022/CVE-2022-253xx/CVE-2022-25321.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25321",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-02-18T06:15:10.587",
"lastModified": "2022-02-24T20:20:45.723",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:10.443",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -109,6 +109,10 @@
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-be-careful-with-reflections-for-your-web-application-security/",
"source": "cve@mitre.org"
}
]
}

28
CVE-2022/CVE-2022-272xx/CVE-2022-27211.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-27211",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:11.947",
"lastModified": "2023-06-28T13:44:06.287",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:10.507",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
"value": "A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
},
{
"lang": "es",
@ -65,8 +65,18 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "jenkinsci-cert@googlegroups.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -77,16 +87,6 @@
"value": "CWE-863"
}
]
},
{
"source": "jenkinsci-cert@googlegroups.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

8
CVE-2022/CVE-2022-295xx/CVE-2022-29528.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-29528",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.417",
"lastModified": "2022-04-27T03:58:01.493",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:10.603",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -117,6 +117,10 @@
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-exploring-the-phar-deserialization-php-vulnerability-a-white-box-testing-example/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2022/CVE-2022-295xx/CVE-2022-29529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-29529",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.467",
"lastModified": "2022-04-27T03:57:43.477",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:10.687",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -109,6 +109,10 @@
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2022/CVE-2022-295xx/CVE-2022-29530.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-29530",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.513",
"lastModified": "2022-04-27T03:57:27.483",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:10.753",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -109,6 +109,10 @@
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2022/CVE-2022-295xx/CVE-2022-29531.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-29531",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.557",
"lastModified": "2022-04-27T03:57:13.803",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:10.817",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -109,6 +109,10 @@
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2022/CVE-2022-295xx/CVE-2022-29532.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-29532",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.597",
"lastModified": "2022-04-27T03:56:50.550",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:10.890",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -109,6 +109,10 @@
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2022/CVE-2022-295xx/CVE-2022-29534.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-29534",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.687",
"lastModified": "2022-04-27T03:55:50.343",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:10.957",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -109,6 +109,10 @@
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-the-impact-of-a-php-vulnerability-exploring-the-password-confirmation-bypass-in-misp/",
"source": "cve@mitre.org"
}
]
}

10
CVE-2022/CVE-2022-341xx/CVE-2022-34180.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34180",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.867",
"lastModified": "2023-07-21T17:18:09.007",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:11.043",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -65,7 +65,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "jenkinsci-cert@googlegroups.com",
"type": "Primary",
"description": [
{
@ -75,12 +75,12 @@
]
},
{
"source": "jenkinsci-cert@googlegroups.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
"value": "CWE-863"
}
]
}

10
CVE-2022/CVE-2022-412xx/CVE-2022-41230.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41230",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.217",
"lastModified": "2023-06-27T14:39:11.823",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:11.177",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -40,7 +40,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "jenkinsci-cert@googlegroups.com",
"type": "Primary",
"description": [
{
@ -50,12 +50,12 @@
]
},
{
"source": "jenkinsci-cert@googlegroups.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "CWE-862"
}
]
}

8
CVE-2022/CVE-2022-483xx/CVE-2022-48328.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48328",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-20T04:15:11.147",
"lastModified": "2023-02-28T20:21:02.497",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:11.283",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -85,6 +85,10 @@
"tags": [
"Release Notes"
]
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-hiding-in-plain-sight-the-hidden-danger-of-sql-injection-in-input-field-names/",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-262xx/CVE-2023-26220.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26220",
"sourceIdentifier": "security@tibco.com",
"published": "2023-10-10T23:15:09.933",
"lastModified": "2023-10-10T23:25:33.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@tibco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@tibco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.tibco.com/services/support/advisories",
"source": "security@tibco.com"
}
]
}

20
CVE-2023/CVE-2023-361xx/CVE-2023-36126.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36126",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T22:15:11.370",
"lastModified": "2023-10-10T23:25:33.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "There is a Cross Site Scripting (XSS) vulnerability in the \"theme\" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0"
}
],
"metrics": {},
"references": [
{
"url": "https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-361xx/CVE-2023-36127.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36127",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T22:15:11.417",
"lastModified": "2023-10-10T23:25:33.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users."
}
],
"metrics": {},
"references": [
{
"url": "https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-389xx/CVE-2023-38997.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-38997",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.593",
"lastModified": "2023-08-15T15:09:19.793",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.033",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability in the Captive Portal templates of OPNsense before 23.7 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive."
"value": "A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive."
}
],
"metrics": {

6
CVE-2023/CVE-2023-389xx/CVE-2023-38998.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-38998",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.660",
"lastModified": "2023-08-15T15:08:56.100",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.107",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An open redirect in the Login page of OPNsense before 23.7 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL."
"value": "An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL."
}
],
"metrics": {

6
CVE-2023/CVE-2023-389xx/CVE-2023-38999.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-38999",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.723",
"lastModified": "2023-08-15T15:08:31.697",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.170",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request."
"value": "A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request."
}
],
"metrics": {

6
CVE-2023/CVE-2023-390xx/CVE-2023-39000.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39000",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.787",
"lastModified": "2023-08-15T15:08:37.267",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.240",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense before 23.7 allows attackers to inject arbitrary JavaScript via the URL path."
"value": "A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path."
}
],
"metrics": {

6
CVE-2023/CVE-2023-390xx/CVE-2023-39001.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39001",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.850",
"lastModified": "2023-08-15T15:08:40.217",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.307",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows attackers to execute arbitrary commands via a crafted backup configuration file."
"value": "A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file."
}
],
"metrics": {

6
CVE-2023/CVE-2023-390xx/CVE-2023-39002.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39002",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.900",
"lastModified": "2023-08-15T15:07:34.543",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.367",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
"value": "A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
}
],
"metrics": {

6
CVE-2023/CVE-2023-390xx/CVE-2023-39003.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39003",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:14.953",
"lastModified": "2023-08-15T17:54:22.027",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.427",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "OPNsense before 23.7 was discovered to contain insecure permissions in the directory /tmp."
"value": "OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp."
}
],
"metrics": {

6
CVE-2023/CVE-2023-390xx/CVE-2023-39004.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39004",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:15.013",
"lastModified": "2023-08-15T17:16:17.817",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.507",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation."
"value": "Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation."
}
],
"metrics": {

6
CVE-2023/CVE-2023-390xx/CVE-2023-39005.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39005",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:15.077",
"lastModified": "2023-08-15T17:52:49.717",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.577",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions exist for configd.socket in OPNsense before 23.7."
"value": "Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2."
}
],
"metrics": {

6
CVE-2023/CVE-2023-390xx/CVE-2023-39006.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39006",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:15.140",
"lastModified": "2023-08-14T14:13:35.830",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.640",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The Crash Reporter (crash_reporter.php) component of OPNsense before 23.7 mishandles input sanitization."
"value": "The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization."
}
],
"metrics": {

4
CVE-2023/CVE-2023-390xx/CVE-2023-39007.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39007",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:15.207",
"lastModified": "2023-09-28T05:15:46.107",
"lastModified": "2023-10-10T23:15:10.710",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php."
"value": "/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php."
}
],
"metrics": {

6
CVE-2023/CVE-2023-390xx/CVE-2023-39008.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39008",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T19:15:15.270",
"lastModified": "2023-08-14T14:13:44.650",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.780",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands."
"value": "A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands."
}
],
"metrics": {

25
CVE-2023/CVE-2023-428xx/CVE-2023-42824.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42824",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-10-04T19:15:10.490",
"lastModified": "2023-10-07T03:10:55.283",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.847",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-10-05",
"cisaActionDue": "2023-10-26",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -11,7 +11,7 @@
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.0.3 and iPadOS 17.0.3. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6."
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.0.3 and iPadOS 17.0.3, iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6."
},
{
"lang": "es",
@ -79,13 +79,6 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/12",
"source": "product-security@apple.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://support.apple.com/en-us/HT213961",
"source": "product-security@apple.com",
@ -95,12 +88,12 @@
]
},
{
"url": "https://support.apple.com/kb/HT213961",
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
"url": "https://support.apple.com/en-us/HT213972",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213972",
"source": "product-security@apple.com"
}
]
}

4
CVE-2023/CVE-2023-436xx/CVE-2023-43641.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43641",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-09T22:15:12.707",
"lastModified": "2023-10-10T12:16:32.703",
"lastModified": "2023-10-10T22:15:11.540",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -56,7 +56,7 @@
"source": "security-advisories@github.com"
},
{
"url": "https://security.gentoo.org/glsa/202310-10",
"url": "https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj",
"source": "security-advisories@github.com"
}
]

8
CVE-2023/CVE-2023-438xx/CVE-2023-43871.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43871",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T14:15:23.883",
"lastModified": "2023-09-29T19:24:00.853",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.913",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -68,6 +68,10 @@
}
],
"references": [
{
"url": "https://github.com/sromanhu/CVE-2023-43871-WBCE-Arbitrary-File-Upload--XSS---Media/blob/main/README.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sromanhu/WBCE-File-Upload--XSS---Media/blob/main/README.md",
"source": "cve@mitre.org",

8
CVE-2023/CVE-2023-438xx/CVE-2023-43877.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43877",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T22:15:09.937",
"lastModified": "2023-10-07T03:11:45.713",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T23:15:10.983",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -68,6 +68,10 @@
}
],
"references": [
{
"url": "https://github.com/sromanhu/CVE-2023-43878-RiteCMS-Stored-XSS---MainMenu/blob/main/README.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sromanhu/RiteCMS-Stored-XSS---Home",
"source": "cve@mitre.org",

6
CVE-2023/CVE-2023-443xx/CVE-2023-44389.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-44389",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T21:15:10.360",
"lastModified": "2023-10-10T18:57:47.523",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T22:15:11.623",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6"
"value": "Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6."
},
{
"lang": "es",

6
CVE-2023/CVE-2023-444xx/CVE-2023-44487.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44487",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T14:15:10.883",
"lastModified": "2023-10-10T21:15:09.593",
"lastModified": "2023-10-10T22:15:11.710",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -80,6 +80,10 @@
"url": "https://github.com/dotnet/announcements/issues/277",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/eclipse/jetty.project/issues/10679",
"source": "cve@mitre.org"

4
CVE-2023/CVE-2023-453xx/CVE-2023-45312.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45312",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T21:15:09.680",
"lastModified": "2023-10-10T21:15:09.680",
"vulnStatus": "Received",
"lastModified": "2023-10-10T23:25:33.373",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

57
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-10T22:00:25.045996+00:00
2023-10-10T23:55:25.317069+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-10T21:15:09.733000+00:00
2023-10-10T23:25:33.373000+00:00
```
### Last Data Feed Release
@ -29,38 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227517
227520
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `3`
* [CVE-2023-45312](CVE-2023/CVE-2023-453xx/CVE-2023-45312.json) (`2023-10-10T21:15:09.680`)
* [CVE-2023-36126](CVE-2023/CVE-2023-361xx/CVE-2023-36126.json) (`2023-10-10T22:15:11.370`)
* [CVE-2023-36127](CVE-2023/CVE-2023-361xx/CVE-2023-36127.json) (`2023-10-10T22:15:11.417`)
* [CVE-2023-26220](CVE-2023/CVE-2023-262xx/CVE-2023-26220.json) (`2023-10-10T23:15:09.933`)
### CVEs modified in the last Commit
Recently modified CVEs: `18`
Recently modified CVEs: `32`
* [CVE-2022-34355](CVE-2022/CVE-2022-343xx/CVE-2022-34355.json) (`2023-10-10T20:41:30.020`)
* [CVE-2023-43321](CVE-2023/CVE-2023-433xx/CVE-2023-43321.json) (`2023-10-10T20:00:32.087`)
* [CVE-2023-35803](CVE-2023/CVE-2023-358xx/CVE-2023-35803.json) (`2023-10-10T20:04:36.633`)
* [CVE-2023-43809](CVE-2023/CVE-2023-438xx/CVE-2023-43809.json) (`2023-10-10T20:12:47.170`)
* [CVE-2023-30995](CVE-2023/CVE-2023-309xx/CVE-2023-30995.json) (`2023-10-10T20:15:09.650`)
* [CVE-2023-44807](CVE-2023/CVE-2023-448xx/CVE-2023-44807.json) (`2023-10-10T20:16:41.627`)
* [CVE-2023-5214](CVE-2023/CVE-2023-52xx/CVE-2023-5214.json) (`2023-10-10T20:24:44.750`)
* [CVE-2023-41950](CVE-2023/CVE-2023-419xx/CVE-2023-41950.json) (`2023-10-10T20:40:08.160`)
* [CVE-2023-3725](CVE-2023/CVE-2023-37xx/CVE-2023-3725.json) (`2023-10-10T20:44:03.887`)
* [CVE-2023-36123](CVE-2023/CVE-2023-361xx/CVE-2023-36123.json) (`2023-10-10T20:47:20.130`)
* [CVE-2023-44146](CVE-2023/CVE-2023-441xx/CVE-2023-44146.json) (`2023-10-10T20:49:38.620`)
* [CVE-2023-41801](CVE-2023/CVE-2023-418xx/CVE-2023-41801.json) (`2023-10-10T20:53:59.430`)
* [CVE-2023-32972](CVE-2023/CVE-2023-329xx/CVE-2023-32972.json) (`2023-10-10T20:54:43.317`)
* [CVE-2023-41732](CVE-2023/CVE-2023-417xx/CVE-2023-41732.json) (`2023-10-10T20:54:49.370`)
* [CVE-2023-42794](CVE-2023/CVE-2023-427xx/CVE-2023-42794.json) (`2023-10-10T21:15:09.440`)
* [CVE-2023-42795](CVE-2023/CVE-2023-427xx/CVE-2023-42795.json) (`2023-10-10T21:15:09.517`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-10T21:15:09.593`)
* [CVE-2023-45648](CVE-2023/CVE-2023-456xx/CVE-2023-45648.json) (`2023-10-10T21:15:09.733`)
* [CVE-2022-29531](CVE-2022/CVE-2022-295xx/CVE-2022-29531.json) (`2023-10-10T22:15:10.817`)
* [CVE-2022-29532](CVE-2022/CVE-2022-295xx/CVE-2022-29532.json) (`2023-10-10T22:15:10.890`)
* [CVE-2022-29534](CVE-2022/CVE-2022-295xx/CVE-2022-29534.json) (`2023-10-10T22:15:10.957`)
* [CVE-2022-34180](CVE-2022/CVE-2022-341xx/CVE-2022-34180.json) (`2023-10-10T22:15:11.043`)
* [CVE-2022-41230](CVE-2022/CVE-2022-412xx/CVE-2022-41230.json) (`2023-10-10T22:15:11.177`)
* [CVE-2022-48328](CVE-2022/CVE-2022-483xx/CVE-2022-48328.json) (`2023-10-10T22:15:11.283`)
* [CVE-2023-43641](CVE-2023/CVE-2023-436xx/CVE-2023-43641.json) (`2023-10-10T22:15:11.540`)
* [CVE-2023-44389](CVE-2023/CVE-2023-443xx/CVE-2023-44389.json) (`2023-10-10T22:15:11.623`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-10T22:15:11.710`)
* [CVE-2023-38997](CVE-2023/CVE-2023-389xx/CVE-2023-38997.json) (`2023-10-10T23:15:10.033`)
* [CVE-2023-38998](CVE-2023/CVE-2023-389xx/CVE-2023-38998.json) (`2023-10-10T23:15:10.107`)
* [CVE-2023-38999](CVE-2023/CVE-2023-389xx/CVE-2023-38999.json) (`2023-10-10T23:15:10.170`)
* [CVE-2023-39000](CVE-2023/CVE-2023-390xx/CVE-2023-39000.json) (`2023-10-10T23:15:10.240`)
* [CVE-2023-39001](CVE-2023/CVE-2023-390xx/CVE-2023-39001.json) (`2023-10-10T23:15:10.307`)
* [CVE-2023-39002](CVE-2023/CVE-2023-390xx/CVE-2023-39002.json) (`2023-10-10T23:15:10.367`)
* [CVE-2023-39003](CVE-2023/CVE-2023-390xx/CVE-2023-39003.json) (`2023-10-10T23:15:10.427`)
* [CVE-2023-39004](CVE-2023/CVE-2023-390xx/CVE-2023-39004.json) (`2023-10-10T23:15:10.507`)
* [CVE-2023-39005](CVE-2023/CVE-2023-390xx/CVE-2023-39005.json) (`2023-10-10T23:15:10.577`)
* [CVE-2023-39006](CVE-2023/CVE-2023-390xx/CVE-2023-39006.json) (`2023-10-10T23:15:10.640`)
* [CVE-2023-39007](CVE-2023/CVE-2023-390xx/CVE-2023-39007.json) (`2023-10-10T23:15:10.710`)
* [CVE-2023-39008](CVE-2023/CVE-2023-390xx/CVE-2023-39008.json) (`2023-10-10T23:15:10.780`)
* [CVE-2023-42824](CVE-2023/CVE-2023-428xx/CVE-2023-42824.json) (`2023-10-10T23:15:10.847`)
* [CVE-2023-43871](CVE-2023/CVE-2023-438xx/CVE-2023-43871.json) (`2023-10-10T23:15:10.913`)
* [CVE-2023-43877](CVE-2023/CVE-2023-438xx/CVE-2023-43877.json) (`2023-10-10T23:15:10.983`)
* [CVE-2023-45312](CVE-2023/CVE-2023-453xx/CVE-2023-45312.json) (`2023-10-10T23:25:33.373`)
## Download and Usage