admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-29T22:00:25.078810+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-29 22:00:28 +00:00
parent 84255e4f0d
commit af063a2686
14 changed files with 855 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2022/CVE-2022-359xx/CVE-2022-35908.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-35908",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-29T21:15:09.943",
"lastModified": "2023-09-29T21:15:09.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent."
}
],
"metrics": {},
"references": [
{
"url": "https://community.cambiumnetworks.com/t/enterprise-wi-fi-system-software-release-6-4-2/87229",
"source": "cve@mitre.org"
},
{
"url": "https://www.cambiumnetworks.com/support/security/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-410xx/CVE-2023-41040.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41040",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-30T22:15:09.857",
"lastModified": "2023-09-06T18:15:08.720",
"lastModified": "2023-09-29T20:15:09.880",
"vulnStatus": "Modified",
"descriptions": [
{
@ -109,6 +109,10 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00036.html",
"source": "security-advisories@github.com"
}
]
}

96
CVE-2023/CVE-2023-431xx/CVE-2023-43124.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-43124",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2023-09-27T16:21:33.897",
"lastModified": "2023-09-27T18:31:31.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T20:19:05.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
},
{
"lang": "es",
"value": "Los clientes BIG-IP APM pueden enviar tr\u00e1fico IP fuera del t\u00fanel VPN. Nota: Las versiones de software que han llegado al Final del Soporte T\u00e9cnico (EoTS) no se eval\u00faan"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "f5sirt@f5.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
},
{
"source": "f5sirt@f5.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
@ -46,10 +70,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.1.5.2",
"versionEndIncluding": "14.1.5.6",
"matchCriteriaId": "F8A7814E-E979-4144-947B-AABDE82ABE7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.8",
"versionEndIncluding": "15.1.10",
"matchCriteriaId": "D2621C83-6720-469C-9961-63ABE98F5BAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.3.3",
"versionEndIncluding": "16.1.4",
"matchCriteriaId": "DF4893A8-36E2-4191-B7DE-7D476E428624"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "193B0F0E-68B9-4790-8365-8995E72183A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager_client:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.3",
"versionEndIncluding": "7.2.4",
"matchCriteriaId": "ACDA322A-B914-47D8-A265-8DF3D8F05700"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000136907",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-436xx/CVE-2023-43655.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-43655",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-29T20:15:09.987",
"lastModified": "2023-09-29T20:15:09.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/composer/composer/commit/955a48e6319c8962e5cd421b07c00ab3c728968c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/composer/composer/commit/95e091c921037b7b6564942845e7b738f6b95c9c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2023/CVE-2023-45xx/CVE-2023-4505.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-4505",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-27T15:19:40.627",
"lastModified": "2023-09-27T15:41:01.547",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T20:11:34.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server."
},
{
"lang": "es",
"value": "El complemento Staff / Employee Business Directory para Active Directory para WordPress es vulnerable a LDAP Passback en versiones hasta la 1.2.3 inclusive. Esto se debe a una validaci\u00f3n insuficiente al cambiar el servidor LDAP. Esto hace posible que atacantes autenticados, con acceso administrativo y superior, cambien el servidor LDAP y recuperen las credenciales del servidor LDAP original."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:miniorange:staff_\\/_employee_business_directory_for_active_directory:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3",
"matchCriteriaId": "D608A546-232D-4055-A2AE-2A85BA0A11A9"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/%40cybertrinchera/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wordpress.org/plugins/ldap-ad-staff-employee-directory-search/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ea40b96-4693-4f98-8e6e-2ed8186cedd8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-45xx/CVE-2023-4506.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-4506",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-27T15:19:40.777",
"lastModified": "2023-09-27T15:41:20.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T20:01:25.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server."
},
{
"lang": "es",
"value": "El complemento de integraci\u00f3n de Active Directory Integration / LDAP para WordPress es vulnerable a LDAP Passback en versiones hasta la 4.1.10 inclusive. Esto se debe a una validaci\u00f3n insuficiente al cambiar el servidor LDAP. Esto hace posible que atacantes autenticados, con acceso administrativo y superior, cambien el servidor LDAP y recuperen las credenciales del servidor LDAP original."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:miniorange:active_directory_integration_\\/_ldap_integration:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.1.10",
"matchCriteriaId": "32B50A3F-F852-4F04-B71C-B97BBC164067"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/%40cybertrinchera/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wordpress.org/plugins/ldap-login-for-intranet-sites/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0585969d-dd08-4058-9d72-138a55a2cdf1?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-52xx/CVE-2023-5217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5217",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-09-28T16:15:10.980",
"lastModified": "2023-09-29T18:37:00.010",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-29T21:15:10.023",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -139,6 +139,10 @@
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/29/7",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html",
"source": "chrome-cve-admin@google.com",

88
CVE-2023/CVE-2023-52xx/CVE-2023-5283.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5283",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T20:15:10.073",
"lastModified": "2023-09-29T20:15:10.073",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teacher_signup.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240911."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20teacher_signup.php%20%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240911",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240911",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5284.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5284",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T20:15:10.147",
"lastModified": "2023-09-29T20:15:10.147",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file upload_save_student.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240912."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20upload_save_student.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240912",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240912",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5285.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5285",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T20:15:10.217",
"lastModified": "2023-09-29T20:15:10.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENT_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-240913 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/OliverWu23/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240913",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240913",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5286.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5286",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T20:15:10.283",
"lastModified": "2023-09-29T20:15:10.283",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the argument category_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240914 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/xcodeOn1/XSS-Stored-Expense-Tracker-App",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240914",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240914",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5287.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5287",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T21:15:10.097",
"lastModified": "2023-09-29T21:15:10.097",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in BEECMS 4.0. This affects an unknown part of the file /admin/admin_content_tag.php?action=save_content. The manipulation of the argument tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240915. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/zhenjiaqi/CVE/issues/1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240915",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240915",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5293.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5293",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T21:15:10.177",
"lastModified": "2023-09-29T21:15:10.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in ECshop 4.1.5. Affected is an unknown function of the file /admin/leancloud.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240924."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/xhcccan/code/issues/1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240924",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240924",
"source": "cna@vuldb.com"
}
]
}

54
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-29T20:00:24.629808+00:00
2023-09-29T22:00:25.078810+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-29T19:48:19.453000+00:00
2023-09-29T21:15:10.177000+00:00
```
### Last Data Feed Release
@ -29,52 +29,32 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226625
226633
```
### CVEs added in the last Commit
Recently added CVEs: `8`
* [CVE-2023-26218](CVE-2023/CVE-2023-262xx/CVE-2023-26218.json) (`2023-09-29T18:15:09.687`)
* [CVE-2023-5276](CVE-2023/CVE-2023-52xx/CVE-2023-5276.json) (`2023-09-29T18:15:09.863`)
* [CVE-2023-5277](CVE-2023/CVE-2023-52xx/CVE-2023-5277.json) (`2023-09-29T18:15:09.963`)
* [CVE-2023-5278](CVE-2023/CVE-2023-52xx/CVE-2023-5278.json) (`2023-09-29T18:15:10.043`)
* [CVE-2023-5279](CVE-2023/CVE-2023-52xx/CVE-2023-5279.json) (`2023-09-29T18:15:10.117`)
* [CVE-2023-5280](CVE-2023/CVE-2023-52xx/CVE-2023-5280.json) (`2023-09-29T18:15:10.187`)
* [CVE-2023-5281](CVE-2023/CVE-2023-52xx/CVE-2023-5281.json) (`2023-09-29T19:15:09.493`)
* [CVE-2023-5282](CVE-2023/CVE-2023-52xx/CVE-2023-5282.json) (`2023-09-29T19:15:09.570`)
* [CVE-2022-35908](CVE-2022/CVE-2022-359xx/CVE-2022-35908.json) (`2023-09-29T21:15:09.943`)
* [CVE-2023-43655](CVE-2023/CVE-2023-436xx/CVE-2023-43655.json) (`2023-09-29T20:15:09.987`)
* [CVE-2023-5283](CVE-2023/CVE-2023-52xx/CVE-2023-5283.json) (`2023-09-29T20:15:10.073`)
* [CVE-2023-5284](CVE-2023/CVE-2023-52xx/CVE-2023-5284.json) (`2023-09-29T20:15:10.147`)
* [CVE-2023-5285](CVE-2023/CVE-2023-52xx/CVE-2023-5285.json) (`2023-09-29T20:15:10.217`)
* [CVE-2023-5286](CVE-2023/CVE-2023-52xx/CVE-2023-5286.json) (`2023-09-29T20:15:10.283`)
* [CVE-2023-5287](CVE-2023/CVE-2023-52xx/CVE-2023-5287.json) (`2023-09-29T21:15:10.097`)
* [CVE-2023-5293](CVE-2023/CVE-2023-52xx/CVE-2023-5293.json) (`2023-09-29T21:15:10.177`)
### CVEs modified in the last Commit
Recently modified CVEs: `46`
Recently modified CVEs: `5`
* [CVE-2023-27622](CVE-2023/CVE-2023-276xx/CVE-2023-27622.json) (`2023-09-29T18:40:15.887`)
* [CVE-2023-0456](CVE-2023/CVE-2023-04xx/CVE-2023-0456.json) (`2023-09-29T18:40:56.213`)
* [CVE-2023-42460](CVE-2023/CVE-2023-424xx/CVE-2023-42460.json) (`2023-09-29T18:41:31.073`)
* [CVE-2023-42453](CVE-2023/CVE-2023-424xx/CVE-2023-42453.json) (`2023-09-29T18:43:41.520`)
* [CVE-2023-5168](CVE-2023/CVE-2023-51xx/CVE-2023-5168.json) (`2023-09-29T18:44:04.247`)
* [CVE-2023-41888](CVE-2023/CVE-2023-418xx/CVE-2023-41888.json) (`2023-09-29T18:44:13.300`)
* [CVE-2023-40375](CVE-2023/CVE-2023-403xx/CVE-2023-40375.json) (`2023-09-29T18:47:31.213`)
* [CVE-2023-43226](CVE-2023/CVE-2023-432xx/CVE-2023-43226.json) (`2023-09-29T18:50:22.470`)
* [CVE-2023-43234](CVE-2023/CVE-2023-432xx/CVE-2023-43234.json) (`2023-09-29T18:50:51.993`)
* [CVE-2023-44174](CVE-2023/CVE-2023-441xx/CVE-2023-44174.json) (`2023-09-29T18:51:03.810`)
* [CVE-2023-43014](CVE-2023/CVE-2023-430xx/CVE-2023-43014.json) (`2023-09-29T18:53:50.133`)
* [CVE-2023-5185](CVE-2023/CVE-2023-51xx/CVE-2023-5185.json) (`2023-09-29T18:54:59.730`)
* [CVE-2023-43876](CVE-2023/CVE-2023-438xx/CVE-2023-43876.json) (`2023-09-29T18:55:30.073`)
* [CVE-2023-4316](CVE-2023/CVE-2023-43xx/CVE-2023-4316.json) (`2023-09-29T18:58:57.833`)
* [CVE-2023-43874](CVE-2023/CVE-2023-438xx/CVE-2023-43874.json) (`2023-09-29T19:04:52.850`)
* [CVE-2023-43873](CVE-2023/CVE-2023-438xx/CVE-2023-43873.json) (`2023-09-29T19:09:45.873`)
* [CVE-2023-44173](CVE-2023/CVE-2023-441xx/CVE-2023-44173.json) (`2023-09-29T19:12:30.633`)
* [CVE-2023-43013](CVE-2023/CVE-2023-430xx/CVE-2023-43013.json) (`2023-09-29T19:12:42.777`)
* [CVE-2023-43323](CVE-2023/CVE-2023-433xx/CVE-2023-43323.json) (`2023-09-29T19:14:51.303`)
* [CVE-2023-43872](CVE-2023/CVE-2023-438xx/CVE-2023-43872.json) (`2023-09-29T19:18:42.467`)
* [CVE-2023-43871](CVE-2023/CVE-2023-438xx/CVE-2023-43871.json) (`2023-09-29T19:24:00.853`)
* [CVE-2023-4260](CVE-2023/CVE-2023-42xx/CVE-2023-4260.json) (`2023-09-29T19:30:13.637`)
* [CVE-2023-4262](CVE-2023/CVE-2023-42xx/CVE-2023-4262.json) (`2023-09-29T19:38:26.390`)
* [CVE-2023-4264](CVE-2023/CVE-2023-42xx/CVE-2023-4264.json) (`2023-09-29T19:41:13.227`)
* [CVE-2023-4565](CVE-2023/CVE-2023-45xx/CVE-2023-4565.json) (`2023-09-29T19:48:19.453`)
* [CVE-2023-4506](CVE-2023/CVE-2023-45xx/CVE-2023-4506.json) (`2023-09-29T20:01:25.273`)
* [CVE-2023-4505](CVE-2023/CVE-2023-45xx/CVE-2023-4505.json) (`2023-09-29T20:11:34.617`)
* [CVE-2023-41040](CVE-2023/CVE-2023-410xx/CVE-2023-41040.json) (`2023-09-29T20:15:09.880`)
* [CVE-2023-43124](CVE-2023/CVE-2023-431xx/CVE-2023-43124.json) (`2023-09-29T20:19:05.013`)
* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-09-29T21:15:10.023`)
## Download and Usage