Auto-Update: 2023-05-23 02:00:32.764593+00:00

2025-07-09 16:05:11 +00:00 · 2023-05-23 02:00:36 +00:00 · 2023-05-23 02:00:36 +00:00 · ac3d8db7dd
commit ac3d8db7dd
parent 46fb032d7f
15 changed files with 352 additions and 17 deletions
--- a/CVE-2020/CVE-2020-200xx/CVE-2020-20012.json
+++ b/CVE-2020/CVE-2020-200xx/CVE-2020-20012.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2020-20012",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:09.627",
+  "lastModified": "2023-05-23T01:15:09.627",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://wzqpt.hfut.edu.cn/login.jsp?_p=YXM9MSZwPTEmbT1OJg__",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-254xx/CVE-2023-25440.json
+++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25440.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-25440",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:09.727",
+  "lastModified": "2023-05-23T01:15:09.727",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://civicrm.org/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://packetstormsecurity.com/files/172470/CiviCRM-5.59.alpha1-Cross-Site-Scripting.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-270xx/CVE-2023-27068.json
+++ b/CVE-2023/CVE-2023-270xx/CVE-2023-27068.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-27068",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:09.773",
+  "lastModified": "2023-05-23T01:15:09.773",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sitecore.com/products/sitecore-experience-platform",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-299xx/CVE-2023-29919.json
+++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29919.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-29919",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:09.820",
+  "lastModified": "2023-05-23T01:15:09.820",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/xiaosed/CVE-2023-29919/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.solarview.io/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-316xx/CVE-2023-31664.json
+++ b/CVE-2023/CVE-2023-316xx/CVE-2023-31664.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-31664",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:09.867",
+  "lastModified": "2023-05-23T01:15:09.867",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/adilkhan7/CVE-2023-31664",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/wso2/api-manager/issues?q=is%3Aissue+is%3Aclosed+label%3AComponent%2FAPIM+closed%3A2022-04-05..2023-03-11",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/wso2/product-apim/releases/tag/v4.2.0",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-316xx/CVE-2023-31670.json
+++ b/CVE-2023/CVE-2023-316xx/CVE-2023-31670.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-31670",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:09.917",
+  "lastModified": "2023-05-23T01:15:09.917",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/WebAssembly/wabt/issues/2199",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-317xx/CVE-2023-31708.json
+++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31708.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-31708",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:09.960",
+  "lastModified": "2023-05-23T01:15:09.960",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/weng-xianhu/eyoucms/issues/41",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-317xx/CVE-2023-31740.json
+++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31740.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-31740",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:10.003",
+  "lastModified": "2023-05-23T01:15:10.003",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://linksys.com",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31740/Linksys_E2000_RCE.pdf",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-317xx/CVE-2023-31741.json
+++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31741.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-31741",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:10.047",
+  "lastModified": "2023-05-23T01:15:10.047",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://linksys.com",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31741/Linksys_E2000_RCE_2.pdf",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-318xx/CVE-2023-31814.json
+++ b/CVE-2023/CVE-2023-318xx/CVE-2023-31814.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-31814",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:10.087",
+  "lastModified": "2023-05-23T01:15:10.087",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.dlink.com/en/security-bulletin/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-318xx/CVE-2023-31826.json
+++ b/CVE-2023/CVE-2023-318xx/CVE-2023-31826.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-31826",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:10.127",
+  "lastModified": "2023-05-23T01:15:10.127",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://nevado.skyscreamer.org/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/skyscreamer/nevado/issues/121",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/skyscreamer/nevado/releases",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://novysodope.github.io/2023/04/01/95/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-319xx/CVE-2023-31994.json
+++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31994.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-31994",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:10.170",
+  "lastModified": "2023-05-23T01:15:10.170",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.hanwhavision.com/wp-content/uploads/2023/04/Camera-Vulnerability-Report.pdf",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-319xx/CVE-2023-31995.json
+++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31995.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-31995",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:10.207",
+  "lastModified": "2023-05-23T01:15:10.207",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.hanwhavision.com/wp-content/uploads/2023/04/Camera-Vulnerability-Report.pdf",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-319xx/CVE-2023-31996.json
+++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31996.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-31996",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-23T01:15:10.247",
+  "lastModified": "2023-05-23T01:15:10.247",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.hanwhavision.com/wp-content/uploads/2023/04/Camera-Vulnerability-Report.pdf",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-05-22T23:55:27.334465+00:00
+2023-05-23T02:00:32.764593+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-05-22T23:15:09.493000+00:00
+2023-05-23T01:15:10.247000+00:00
 ```

 ### Last Data Feed Release
@ -23,36 +23,39 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2023-05-22T00:00:13.553778+00:00
+2023-05-23T00:00:13.549817+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-215788
+215802
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `7`
+Recently added CVEs: `14`

-* [CVE-2022-4945](CVE-2022/CVE-2022-49xx/CVE-2022-4945.json) (`2023-05-22T22:15:09.870`)
-* [CVE-2022-46658](CVE-2022/CVE-2022-466xx/CVE-2022-46658.json) (`2023-05-22T23:15:09.270`)
-* [CVE-2022-46738](CVE-2022/CVE-2022-467xx/CVE-2022-46738.json) (`2023-05-22T23:15:09.350`)
-* [CVE-2022-47311](CVE-2022/CVE-2022-473xx/CVE-2022-47311.json) (`2023-05-22T23:15:09.423`)
-* [CVE-2022-47320](CVE-2022/CVE-2022-473xx/CVE-2022-47320.json) (`2023-05-22T23:15:09.493`)
-* [CVE-2023-2504](CVE-2023/CVE-2023-25xx/CVE-2023-2504.json) (`2023-05-22T22:15:10.277`)
-* [CVE-2023-2505](CVE-2023/CVE-2023-25xx/CVE-2023-2505.json) (`2023-05-22T22:15:10.350`)
+* [CVE-2020-20012](CVE-2020/CVE-2020-200xx/CVE-2020-20012.json) (`2023-05-23T01:15:09.627`)
+* [CVE-2023-25440](CVE-2023/CVE-2023-254xx/CVE-2023-25440.json) (`2023-05-23T01:15:09.727`)
+* [CVE-2023-27068](CVE-2023/CVE-2023-270xx/CVE-2023-27068.json) (`2023-05-23T01:15:09.773`)
+* [CVE-2023-29919](CVE-2023/CVE-2023-299xx/CVE-2023-29919.json) (`2023-05-23T01:15:09.820`)
+* [CVE-2023-31664](CVE-2023/CVE-2023-316xx/CVE-2023-31664.json) (`2023-05-23T01:15:09.867`)
+* [CVE-2023-31670](CVE-2023/CVE-2023-316xx/CVE-2023-31670.json) (`2023-05-23T01:15:09.917`)
+* [CVE-2023-31708](CVE-2023/CVE-2023-317xx/CVE-2023-31708.json) (`2023-05-23T01:15:09.960`)
+* [CVE-2023-31740](CVE-2023/CVE-2023-317xx/CVE-2023-31740.json) (`2023-05-23T01:15:10.003`)
+* [CVE-2023-31741](CVE-2023/CVE-2023-317xx/CVE-2023-31741.json) (`2023-05-23T01:15:10.047`)
+* [CVE-2023-31814](CVE-2023/CVE-2023-318xx/CVE-2023-31814.json) (`2023-05-23T01:15:10.087`)
+* [CVE-2023-31826](CVE-2023/CVE-2023-318xx/CVE-2023-31826.json) (`2023-05-23T01:15:10.127`)
+* [CVE-2023-31994](CVE-2023/CVE-2023-319xx/CVE-2023-31994.json) (`2023-05-23T01:15:10.170`)
+* [CVE-2023-31995](CVE-2023/CVE-2023-319xx/CVE-2023-31995.json) (`2023-05-23T01:15:10.207`)
+* [CVE-2023-31996](CVE-2023/CVE-2023-319xx/CVE-2023-31996.json) (`2023-05-23T01:15:10.247`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `4`
+Recently modified CVEs: `0`

-* [CVE-2021-3803](CVE-2021/CVE-2021-38xx/CVE-2021-3803.json) (`2023-05-22T22:15:09.210`)
-* [CVE-2023-25832](CVE-2023/CVE-2023-258xx/CVE-2023-25832.json) (`2023-05-22T22:15:09.997`)
-* [CVE-2023-25833](CVE-2023/CVE-2023-258xx/CVE-2023-25833.json) (`2023-05-22T22:15:10.087`)
-* [CVE-2023-25834](CVE-2023/CVE-2023-258xx/CVE-2023-25834.json) (`2023-05-22T22:15:10.180`)


 ## Download and Usage