From b4efa65c92ea32fcd24c318178bc703c35e7267b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 26 Dec 2023 05:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-12-26T05:00:24.622668+00:00 --- CVE-2021/CVE-2021-416xx/CVE-2021-41617.json | 6 +- CVE-2023/CVE-2023-270xx/CVE-2023-27043.json | 26 +++++- CVE-2023/CVE-2023-271xx/CVE-2023-27150.json | 24 ++++++ CVE-2023/CVE-2023-286xx/CVE-2023-28616.json | 20 +++++ CVE-2023/CVE-2023-487xx/CVE-2023-48795.json | 6 +- CVE-2023/CVE-2023-507xx/CVE-2023-50784.json | 12 ++- CVE-2023/CVE-2023-513xx/CVE-2023-51385.json | 6 +- CVE-2023/CVE-2023-71xx/CVE-2023-7111.json | 88 +++++++++++++++++++++ README.md | 21 +++-- 9 files changed, 196 insertions(+), 13 deletions(-) create mode 100644 CVE-2023/CVE-2023-271xx/CVE-2023-27150.json create mode 100644 CVE-2023/CVE-2023-286xx/CVE-2023-28616.json create mode 100644 CVE-2023/CVE-2023-71xx/CVE-2023-7111.json diff --git a/CVE-2021/CVE-2021-416xx/CVE-2021-41617.json b/CVE-2021/CVE-2021-416xx/CVE-2021-41617.json index 8c5a072b6fa..b6f5586da21 100644 --- a/CVE-2021/CVE-2021-416xx/CVE-2021-41617.json +++ b/CVE-2021/CVE-2021-416xx/CVE-2021-41617.json @@ -2,7 +2,7 @@ "id": "CVE-2021-41617", "sourceIdentifier": "cve@mitre.org", "published": "2021-09-26T19:15:07.263", - "lastModified": "2023-12-22T13:15:08.413", + "lastModified": "2023-12-26T04:15:07.520", "vulnStatus": "Modified", "descriptions": [ { @@ -263,6 +263,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-270xx/CVE-2023-27043.json b/CVE-2023/CVE-2023-270xx/CVE-2023-27043.json index d70618ca489..1fb6cae5ffc 100644 --- a/CVE-2023/CVE-2023-270xx/CVE-2023-27043.json +++ b/CVE-2023/CVE-2023-270xx/CVE-2023-27043.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27043", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-19T00:15:07.973", - "lastModified": "2023-06-01T14:15:11.143", + "lastModified": "2023-12-26T03:15:07.860", "vulnStatus": "Modified", "descriptions": [ { @@ -84,6 +84,30 @@ "Issue Tracking" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/", + "source": "cve@mitre.org" + }, { "url": "https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27150.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27150.json new file mode 100644 index 00000000000..f9a85becb98 --- /dev/null +++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27150.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-27150", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-26T04:15:07.713", + "lastModified": "2023-12-26T04:15:07.713", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.esecforte.com/cve-2023-27150-cross-site-scripting-xss/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.opencrx.org/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28616.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28616.json new file mode 100644 index 00000000000..390752b5e99 --- /dev/null +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28616.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-28616", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-26T04:15:07.790", + "lastModified": "2023-12-26T04:15:07.790", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://advisories.stormshield.eu/2023-006", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json index abe7dfcbc68..c712df93140 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48795.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48795", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-18T16:15:10.897", - "lastModified": "2023-12-24T21:15:25.297", + "lastModified": "2023-12-26T04:15:07.850", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -228,6 +228,10 @@ "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "source": "cve@mitre.org" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50784.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50784.json index bf89b6e44bb..4265028f36d 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50784.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50784.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50784", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-16T23:15:40.770", - "lastModified": "2023-12-21T16:09:40.850", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-26T03:15:08.927", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -78,6 +78,14 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6TFYPQOKYRGPEAKOWSO6PSCBV6LUR3/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZT7QU4FCQBHYOYVD7FW5QAWNAQCSGLA/", + "source": "cve@mitre.org" + }, { "url": "https://www.unrealircd.org/index/news", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51385.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51385.json index 16895a4b793..2862d908100 100644 --- a/CVE-2023/CVE-2023-513xx/CVE-2023-51385.json +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51385.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51385", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-18T19:15:08.773", - "lastModified": "2023-12-22T14:15:06.983", + "lastModified": "2023-12-26T04:15:08.067", "vulnStatus": "Modified", "descriptions": [ { @@ -76,6 +76,10 @@ "Patch" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", + "source": "cve@mitre.org" + }, { "url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7111.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7111.json new file mode 100644 index 00000000000..ae56074eca5 --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7111.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7111", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-26T03:15:09.040", + "lastModified": "2023-12-26T03:15:09.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-3.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249006", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249006", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f22f34d5d60..8e2c87e2cd1 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-25T11:00:24.858437+00:00 +2023-12-26T05:00:24.622668+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-25T09:15:07.223000+00:00 +2023-12-26T04:15:08.067000+00:00 ``` ### Last Data Feed Release @@ -23,26 +23,33 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-12-25T01:00:28.242575+00:00 +2023-12-26T01:00:28.278008+00:00 ``` ### Total Number of included CVEs ```plain -234206 +234209 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -* [CVE-2023-38321](CVE-2023/CVE-2023-383xx/CVE-2023-38321.json) (`2023-12-25T09:15:07.223`) +* [CVE-2023-7111](CVE-2023/CVE-2023-71xx/CVE-2023-7111.json) (`2023-12-26T03:15:09.040`) +* [CVE-2023-27150](CVE-2023/CVE-2023-271xx/CVE-2023-27150.json) (`2023-12-26T04:15:07.713`) +* [CVE-2023-28616](CVE-2023/CVE-2023-286xx/CVE-2023-28616.json) (`2023-12-26T04:15:07.790`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `5` +* [CVE-2021-41617](CVE-2021/CVE-2021-416xx/CVE-2021-41617.json) (`2023-12-26T04:15:07.520`) +* [CVE-2023-27043](CVE-2023/CVE-2023-270xx/CVE-2023-27043.json) (`2023-12-26T03:15:07.860`) +* [CVE-2023-50784](CVE-2023/CVE-2023-507xx/CVE-2023-50784.json) (`2023-12-26T03:15:08.927`) +* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-26T04:15:07.850`) +* [CVE-2023-51385](CVE-2023/CVE-2023-513xx/CVE-2023-51385.json) (`2023-12-26T04:15:08.067`) ## Download and Usage