From ac3d8db7dd9e991c975138c667a4cbf1a1d68061 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 23 May 2023 02:00:36 +0000 Subject: [PATCH] Auto-Update: 2023-05-23 02:00:32.764593+00:00 --- CVE-2020/CVE-2020-200xx/CVE-2020-20012.json | 24 +++++++++++++ CVE-2023/CVE-2023-254xx/CVE-2023-25440.json | 24 +++++++++++++ CVE-2023/CVE-2023-270xx/CVE-2023-27068.json | 28 ++++++++++++++++ CVE-2023/CVE-2023-299xx/CVE-2023-29919.json | 24 +++++++++++++ CVE-2023/CVE-2023-316xx/CVE-2023-31664.json | 28 ++++++++++++++++ CVE-2023/CVE-2023-316xx/CVE-2023-31670.json | 20 +++++++++++ CVE-2023/CVE-2023-317xx/CVE-2023-31708.json | 20 +++++++++++ CVE-2023/CVE-2023-317xx/CVE-2023-31740.json | 24 +++++++++++++ CVE-2023/CVE-2023-317xx/CVE-2023-31741.json | 24 +++++++++++++ CVE-2023/CVE-2023-318xx/CVE-2023-31814.json | 24 +++++++++++++ CVE-2023/CVE-2023-318xx/CVE-2023-31826.json | 32 ++++++++++++++++++ CVE-2023/CVE-2023-319xx/CVE-2023-31994.json | 20 +++++++++++ CVE-2023/CVE-2023-319xx/CVE-2023-31995.json | 20 +++++++++++ CVE-2023/CVE-2023-319xx/CVE-2023-31996.json | 20 +++++++++++ README.md | 37 +++++++++++---------- 15 files changed, 352 insertions(+), 17 deletions(-) create mode 100644 CVE-2020/CVE-2020-200xx/CVE-2020-20012.json create mode 100644 CVE-2023/CVE-2023-254xx/CVE-2023-25440.json create mode 100644 CVE-2023/CVE-2023-270xx/CVE-2023-27068.json create mode 100644 CVE-2023/CVE-2023-299xx/CVE-2023-29919.json create mode 100644 CVE-2023/CVE-2023-316xx/CVE-2023-31664.json create mode 100644 CVE-2023/CVE-2023-316xx/CVE-2023-31670.json create mode 100644 CVE-2023/CVE-2023-317xx/CVE-2023-31708.json create mode 100644 CVE-2023/CVE-2023-317xx/CVE-2023-31740.json create mode 100644 CVE-2023/CVE-2023-317xx/CVE-2023-31741.json create mode 100644 CVE-2023/CVE-2023-318xx/CVE-2023-31814.json create mode 100644 CVE-2023/CVE-2023-318xx/CVE-2023-31826.json create mode 100644 CVE-2023/CVE-2023-319xx/CVE-2023-31994.json create mode 100644 CVE-2023/CVE-2023-319xx/CVE-2023-31995.json create mode 100644 CVE-2023/CVE-2023-319xx/CVE-2023-31996.json diff --git a/CVE-2020/CVE-2020-200xx/CVE-2020-20012.json b/CVE-2020/CVE-2020-200xx/CVE-2020-20012.json new file mode 100644 index 00000000000..b4802cfae29 --- /dev/null +++ b/CVE-2020/CVE-2020-200xx/CVE-2020-20012.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2020-20012", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:09.627", + "lastModified": "2023-05-23T01:15:09.627", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://wzqpt.hfut.edu.cn/login.jsp?_p=YXM9MSZwPTEmbT1OJg__", + "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25440.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25440.json new file mode 100644 index 00000000000..474cbacafb4 --- /dev/null +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25440.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-25440", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:09.727", + "lastModified": "2023-05-23T01:15:09.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://civicrm.org/", + "source": "cve@mitre.org" + }, + { + "url": "https://packetstormsecurity.com/files/172470/CiviCRM-5.59.alpha1-Cross-Site-Scripting.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-270xx/CVE-2023-27068.json b/CVE-2023/CVE-2023-270xx/CVE-2023-27068.json new file mode 100644 index 00000000000..c723e9d0bba --- /dev/null +++ b/CVE-2023/CVE-2023-270xx/CVE-2023-27068.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-27068", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:09.773", + "lastModified": "2023-05-23T01:15:09.773", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner", + "source": "cve@mitre.org" + }, + { + "url": "https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sitecore.com/products/sitecore-experience-platform", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29919.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29919.json new file mode 100644 index 00000000000..93a8a369f9c --- /dev/null +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29919.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-29919", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:09.820", + "lastModified": "2023-05-23T01:15:09.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/xiaosed/CVE-2023-29919/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.solarview.io/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-316xx/CVE-2023-31664.json b/CVE-2023/CVE-2023-316xx/CVE-2023-31664.json new file mode 100644 index 00000000000..aac9e716953 --- /dev/null +++ b/CVE-2023/CVE-2023-316xx/CVE-2023-31664.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-31664", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:09.867", + "lastModified": "2023-05-23T01:15:09.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/adilkhan7/CVE-2023-31664", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/wso2/api-manager/issues?q=is%3Aissue+is%3Aclosed+label%3AComponent%2FAPIM+closed%3A2022-04-05..2023-03-11", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/wso2/product-apim/releases/tag/v4.2.0", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-316xx/CVE-2023-31670.json b/CVE-2023/CVE-2023-316xx/CVE-2023-31670.json new file mode 100644 index 00000000000..b4741be5673 --- /dev/null +++ b/CVE-2023/CVE-2023-316xx/CVE-2023-31670.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31670", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:09.917", + "lastModified": "2023-05-23T01:15:09.917", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/WebAssembly/wabt/issues/2199", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31708.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31708.json new file mode 100644 index 00000000000..ecc2682c149 --- /dev/null +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31708.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31708", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:09.960", + "lastModified": "2023-05-23T01:15:09.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/weng-xianhu/eyoucms/issues/41", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31740.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31740.json new file mode 100644 index 00000000000..34037a9b57b --- /dev/null +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31740.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31740", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:10.003", + "lastModified": "2023-05-23T01:15:10.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://linksys.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31740/Linksys_E2000_RCE.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31741.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31741.json new file mode 100644 index 00000000000..87c94d90e38 --- /dev/null +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31741.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31741", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:10.047", + "lastModified": "2023-05-23T01:15:10.047", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://linksys.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31741/Linksys_E2000_RCE_2.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-318xx/CVE-2023-31814.json b/CVE-2023/CVE-2023-318xx/CVE-2023-31814.json new file mode 100644 index 00000000000..1f1b7767ed2 --- /dev/null +++ b/CVE-2023/CVE-2023-318xx/CVE-2023-31814.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31814", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:10.087", + "lastModified": "2023-05-23T01:15:10.087", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade", + "source": "cve@mitre.org" + }, + { + "url": "https://www.dlink.com/en/security-bulletin/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-318xx/CVE-2023-31826.json b/CVE-2023/CVE-2023-318xx/CVE-2023-31826.json new file mode 100644 index 00000000000..5d04c58e138 --- /dev/null +++ b/CVE-2023/CVE-2023-318xx/CVE-2023-31826.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-31826", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:10.127", + "lastModified": "2023-05-23T01:15:10.127", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://nevado.skyscreamer.org/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/skyscreamer/nevado/issues/121", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/skyscreamer/nevado/releases", + "source": "cve@mitre.org" + }, + { + "url": "https://novysodope.github.io/2023/04/01/95/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31994.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31994.json new file mode 100644 index 00000000000..44c5a16e218 --- /dev/null +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31994.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31994", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:10.170", + "lastModified": "2023-05-23T01:15:10.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.hanwhavision.com/wp-content/uploads/2023/04/Camera-Vulnerability-Report.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31995.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31995.json new file mode 100644 index 00000000000..babb7ec4dac --- /dev/null +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31995.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31995", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:10.207", + "lastModified": "2023-05-23T01:15:10.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.hanwhavision.com/wp-content/uploads/2023/04/Camera-Vulnerability-Report.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31996.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31996.json new file mode 100644 index 00000000000..13be15be170 --- /dev/null +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31996.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31996", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-23T01:15:10.247", + "lastModified": "2023-05-23T01:15:10.247", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.hanwhavision.com/wp-content/uploads/2023/04/Camera-Vulnerability-Report.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a600538fb2a..0e19ccc22ab 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-22T23:55:27.334465+00:00 +2023-05-23T02:00:32.764593+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-22T23:15:09.493000+00:00 +2023-05-23T01:15:10.247000+00:00 ``` ### Last Data Feed Release @@ -23,36 +23,39 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-05-22T00:00:13.553778+00:00 +2023-05-23T00:00:13.549817+00:00 ``` ### Total Number of included CVEs ```plain -215788 +215802 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `14` -* [CVE-2022-4945](CVE-2022/CVE-2022-49xx/CVE-2022-4945.json) (`2023-05-22T22:15:09.870`) -* [CVE-2022-46658](CVE-2022/CVE-2022-466xx/CVE-2022-46658.json) (`2023-05-22T23:15:09.270`) -* [CVE-2022-46738](CVE-2022/CVE-2022-467xx/CVE-2022-46738.json) (`2023-05-22T23:15:09.350`) -* [CVE-2022-47311](CVE-2022/CVE-2022-473xx/CVE-2022-47311.json) (`2023-05-22T23:15:09.423`) -* [CVE-2022-47320](CVE-2022/CVE-2022-473xx/CVE-2022-47320.json) (`2023-05-22T23:15:09.493`) -* [CVE-2023-2504](CVE-2023/CVE-2023-25xx/CVE-2023-2504.json) (`2023-05-22T22:15:10.277`) -* [CVE-2023-2505](CVE-2023/CVE-2023-25xx/CVE-2023-2505.json) (`2023-05-22T22:15:10.350`) +* [CVE-2020-20012](CVE-2020/CVE-2020-200xx/CVE-2020-20012.json) (`2023-05-23T01:15:09.627`) +* [CVE-2023-25440](CVE-2023/CVE-2023-254xx/CVE-2023-25440.json) (`2023-05-23T01:15:09.727`) +* [CVE-2023-27068](CVE-2023/CVE-2023-270xx/CVE-2023-27068.json) (`2023-05-23T01:15:09.773`) +* [CVE-2023-29919](CVE-2023/CVE-2023-299xx/CVE-2023-29919.json) (`2023-05-23T01:15:09.820`) +* [CVE-2023-31664](CVE-2023/CVE-2023-316xx/CVE-2023-31664.json) (`2023-05-23T01:15:09.867`) +* [CVE-2023-31670](CVE-2023/CVE-2023-316xx/CVE-2023-31670.json) (`2023-05-23T01:15:09.917`) +* [CVE-2023-31708](CVE-2023/CVE-2023-317xx/CVE-2023-31708.json) (`2023-05-23T01:15:09.960`) +* [CVE-2023-31740](CVE-2023/CVE-2023-317xx/CVE-2023-31740.json) (`2023-05-23T01:15:10.003`) +* [CVE-2023-31741](CVE-2023/CVE-2023-317xx/CVE-2023-31741.json) (`2023-05-23T01:15:10.047`) +* [CVE-2023-31814](CVE-2023/CVE-2023-318xx/CVE-2023-31814.json) (`2023-05-23T01:15:10.087`) +* [CVE-2023-31826](CVE-2023/CVE-2023-318xx/CVE-2023-31826.json) (`2023-05-23T01:15:10.127`) +* [CVE-2023-31994](CVE-2023/CVE-2023-319xx/CVE-2023-31994.json) (`2023-05-23T01:15:10.170`) +* [CVE-2023-31995](CVE-2023/CVE-2023-319xx/CVE-2023-31995.json) (`2023-05-23T01:15:10.207`) +* [CVE-2023-31996](CVE-2023/CVE-2023-319xx/CVE-2023-31996.json) (`2023-05-23T01:15:10.247`) ### CVEs modified in the last Commit -Recently modified CVEs: `4` +Recently modified CVEs: `0` -* [CVE-2021-3803](CVE-2021/CVE-2021-38xx/CVE-2021-3803.json) (`2023-05-22T22:15:09.210`) -* [CVE-2023-25832](CVE-2023/CVE-2023-258xx/CVE-2023-25832.json) (`2023-05-22T22:15:09.997`) -* [CVE-2023-25833](CVE-2023/CVE-2023-258xx/CVE-2023-25833.json) (`2023-05-22T22:15:10.087`) -* [CVE-2023-25834](CVE-2023/CVE-2023-258xx/CVE-2023-25834.json) (`2023-05-22T22:15:10.180`) ## Download and Usage