Auto-Update: 2023-10-06T12:00:24.699851+00:00

2025-05-07 11:07:05 +00:00 · 2023-10-06 12:00:28 +00:00 · 2023-10-06 12:00:28 +00:00 · a092c0acb0
commit a092c0acb0
parent 7d7cecee12
7 changed files with 309 additions and 5 deletions
--- a/CVE-2023/CVE-2023-447xx/CVE-2023-44758.json
+++ b/CVE-2023/CVE-2023-447xx/CVE-2023-44758.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-44758",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-06T11:15:11.260",
+  "lastModified": "2023-10-06T11:15:11.260",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/sromanhu/GDidees-CMS-Stored-XSS---Title/tree/main",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-44xx/CVE-2023-4469.json
+++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4469.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-4469",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-10-06T10:15:18.527",
+  "lastModified": "2023-10-06T10:15:18.527",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2975179/profile-extra-fields",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/916c73e8-a150-4b35-8773-ea0ec29f7fd1?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-452xx/CVE-2023-45244.json
+++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45244.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-45244",
+  "sourceIdentifier": "security@acronis.com",
+  "published": "2023-10-06T10:15:18.047",
+  "lastModified": "2023-10-06T11:15:11.337",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35895."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@acronis.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@acronis.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://security-advisory.acronis.com/advisories/SEC-5907",
+      "source": "security@acronis.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-452xx/CVE-2023-45245.json
+++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45245.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-45245",
+  "sourceIdentifier": "security@acronis.com",
+  "published": "2023-10-06T10:15:18.450",
+  "lastModified": "2023-10-06T10:15:18.450",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@acronis.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.3,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@acronis.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://security-advisory.acronis.com/advisories/SEC-6017",
+      "source": "security@acronis.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-452xx/CVE-2023-45246.json
+++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45246.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-45246",
+  "sourceIdentifier": "security@acronis.com",
+  "published": "2023-10-06T11:15:11.447",
+  "lastModified": "2023-10-06T11:15:11.447",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36343."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@acronis.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@acronis.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-287"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://security-advisory.acronis.com/advisories/SEC-5903",
+      "source": "security@acronis.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-45xx/CVE-2023-4530.json
+++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4530.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-4530",
+  "sourceIdentifier": "cve@usom.gov.tr",
+  "published": "2023-10-06T10:15:18.630",
+  "lastModified": "2023-10-06T10:15:18.630",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@usom.gov.tr",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@usom.gov.tr",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.usom.gov.tr/bildirim/tr-23-0571",
+      "source": "cve@usom.gov.tr"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-10-06T10:00:25.833983+00:00
+2023-10-06T12:00:24.699851+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-10-06T08:15:43.293000+00:00
+2023-10-06T11:15:11.447000+00:00
 ```

 ### Last Data Feed Release
@ -29,14 +29,19 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-227088
+227094
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `6`

-* [CVE-2015-10126](CVE-2015/CVE-2015-101xx/CVE-2015-10126.json) (`2023-10-06T08:15:43.293`)
+* [CVE-2023-45245](CVE-2023/CVE-2023-452xx/CVE-2023-45245.json) (`2023-10-06T10:15:18.450`)
+* [CVE-2023-4469](CVE-2023/CVE-2023-44xx/CVE-2023-4469.json) (`2023-10-06T10:15:18.527`)
+* [CVE-2023-4530](CVE-2023/CVE-2023-45xx/CVE-2023-4530.json) (`2023-10-06T10:15:18.630`)
+* [CVE-2023-44758](CVE-2023/CVE-2023-447xx/CVE-2023-44758.json) (`2023-10-06T11:15:11.260`)
+* [CVE-2023-45244](CVE-2023/CVE-2023-452xx/CVE-2023-45244.json) (`2023-10-06T10:15:18.047`)
+* [CVE-2023-45246](CVE-2023/CVE-2023-452xx/CVE-2023-45246.json) (`2023-10-06T11:15:11.447`)


 ### CVEs modified in the last Commit