admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-25T09:00:24.865873+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-25 09:00:28 +00:00
parent 932d6bc2a2
commit b793360b5b
20 changed files with 465 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2022/CVE-2022-342xx/CVE-2022-34267.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-34267",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.200",
"lastModified": "2023-12-25T08:15:07.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint."
}
],
"metrics": {},
"references": [
{
"url": "https://www.rws.com/localization/products/trados-enterprise/worldserver/",
"source": "cve@mitre.org"
},
{
"url": "https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver",
"source": "cve@mitre.org"
}
]
}

24
CVE-2022/CVE-2022-342xx/CVE-2022-34268.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-34268",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.353",
"lastModified": "2023-12-25T08:15:07.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host."
}
],
"metrics": {},
"references": [
{
"url": "https://www.rws.com/localization/products/trados-enterprise/worldserver/",
"source": "cve@mitre.org"
},
{
"url": "https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-288xx/CVE-2023-28872.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-28872",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:07.893",
"lastModified": "2023-12-25T07:15:07.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\\Temp\\NcpSupport* location."
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0006/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-312xx/CVE-2023-31224.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31224",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.430",
"lastModified": "2023-12-25T08:15:07.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is broken access control during authentication in Jamf Pro Server before 10.46.1."
}
],
"metrics": {},
"references": [
{
"url": "https://learn.jamf.com/bundle/jamf-pro-release-notes-10.47.0/page/Resolved_Issues.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-312xx/CVE-2023-31297.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31297",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:08.593",
"lastModified": "2023-12-25T07:15:08.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. There is XSS via the Name field when modifying a client."
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0058/",
"source": "cve@mitre.org"
},
{
"url": "https://herolab.usd.de/security-advisories/",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-364xx/CVE-2023-36485.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-36485",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.497",
"lastModified": "2023-12-25T08:15:07.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file."
}
],
"metrics": {},
"references": [
{
"url": "https://docu.ilias.de/ilias.php?baseClass=ilrepositorygui&cmdNode=xd:kx:54&cmdClass=ilBlogPostingGUI&cmd=previewFullscreen&ref_id=3439&prvm=fsc&bmn=2023-12&blpg=786",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5987",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5988",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-364xx/CVE-2023-36486.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-36486",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.560",
"lastModified": "2023-12-25T08:15:07.560",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename."
}
],
"metrics": {},
"references": [
{
"url": "https://docu.ilias.de/ilias.php?baseClass=ilrepositorygui&cmdNode=xd:kx:54&cmdClass=ilBlogPostingGUI&cmd=previewFullscreen&ref_id=3439&prvm=fsc&bmn=2023-12&blpg=786",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5987",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5988",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-371xx/CVE-2023-37185.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-37185",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:08.793",
"lastModified": "2023-12-25T07:15:08.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Blosc/c-blosc2/issues/519",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-371xx/CVE-2023-37186.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-37186",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:08.980",
"lastModified": "2023-12-25T07:15:08.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Blosc/c-blosc2/issues/522",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-371xx/CVE-2023-37187.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-37187",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:09.183",
"lastModified": "2023-12-25T07:15:09.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Blosc/c-blosc2/issues/520",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-371xx/CVE-2023-37188.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-37188",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:09.347",
"lastModified": "2023-12-25T07:15:09.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Blosc/c-blosc2/issues/521",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-388xx/CVE-2023-38826.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38826",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.630",
"lastModified": "2023-12-25T08:15:07.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. via the handlewpesearchform.do. searchString."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Oracle-Security/CVEs/tree/main/Follett%20Learning%20Solutions/Destiny/CVE-2023-38826",
"source": "cve@mitre.org"
},
{
"url": "https://www.follettlearning.com/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-470xx/CVE-2023-47091.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47091",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:09.537",
"lastModified": "2023-12-25T07:15:09.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible."
}
],
"metrics": {},
"references": [
{
"url": "https://advisories.stormshield.eu",
"source": "cve@mitre.org"
},
{
"url": "https://advisories.stormshield.eu/2023-024/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-472xx/CVE-2023-47247.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47247",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:09.683",
"lastModified": "2023-12-25T07:15:09.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102."
}
],
"metrics": {},
"references": [
{
"url": "https://documentation.sysaid.com/docs/23334",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-486xx/CVE-2023-48652.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48652",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.697",
"lastModified": "2023-12-25T08:15:07.697",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated."
}
],
"metrics": {},
"references": [
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes",
"source": "cve@mitre.org"
},
{
"url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-492xx/CVE-2023-49226.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49226",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.760",
"lastModified": "2023-12-25T08:15:07.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root."
}
],
"metrics": {},
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4",
"source": "cve@mitre.org"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-499xx/CVE-2023-49944.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49944",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.833",
"lastModified": "2023-12-25T08:15:07.833",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature."
}
],
"metrics": {},
"references": [
{
"url": "https://www.beyondtrust.com/security",
"source": "cve@mitre.org"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt23-08",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-499xx/CVE-2023-49954.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49954",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.933",
"lastModified": "2023-12-25T08:15:07.933",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address."
}
],
"metrics": {},
"references": [
{
"url": "https://cve-2023-49954.github.io/",
"source": "cve@mitre.org"
}
]
}

2
CVE-2023/CVE-2023-71xx/CVE-2023-7100.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-7100",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-25T03:15:08.840",
"lastModified": "2023-12-25T03:15:08.840",
"lastModified": "2023-12-25T08:15:08.013",
"vulnStatus": "Received",
"descriptions": [
{

45
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-25T07:00:24.119321+00:00
2023-12-25T09:00:24.865873+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-25T06:15:08.580000+00:00
2023-12-25T08:15:08.013000+00:00
```
### Last Data Feed Release
@ -29,35 +29,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234187
234205
```
### CVEs added in the last Commit
Recently added CVEs: `16`
Recently added CVEs: `18`
* [CVE-2022-39818](CVE-2022/CVE-2022-398xx/CVE-2022-39818.json) (`2023-12-25T06:15:07.880`)
* [CVE-2022-39820](CVE-2022/CVE-2022-398xx/CVE-2022-39820.json) (`2023-12-25T06:15:08.013`)
* [CVE-2022-39822](CVE-2022/CVE-2022-398xx/CVE-2022-39822.json) (`2023-12-25T06:15:08.060`)
* [CVE-2022-41760](CVE-2022/CVE-2022-417xx/CVE-2022-41760.json) (`2023-12-25T06:15:08.110`)
* [CVE-2022-41761](CVE-2022/CVE-2022-417xx/CVE-2022-41761.json) (`2023-12-25T06:15:08.157`)
* [CVE-2022-41762](CVE-2022/CVE-2022-417xx/CVE-2022-41762.json) (`2023-12-25T06:15:08.203`)
* [CVE-2022-43675](CVE-2022/CVE-2022-436xx/CVE-2022-43675.json) (`2023-12-25T06:15:08.253`)
* [CVE-2023-30451](CVE-2023/CVE-2023-304xx/CVE-2023-30451.json) (`2023-12-25T05:15:08.553`)
* [CVE-2023-51771](CVE-2023/CVE-2023-517xx/CVE-2023-51771.json) (`2023-12-25T05:15:08.730`)
* [CVE-2023-31289](CVE-2023/CVE-2023-312xx/CVE-2023-31289.json) (`2023-12-25T06:15:08.303`)
* [CVE-2023-31455](CVE-2023/CVE-2023-314xx/CVE-2023-31455.json) (`2023-12-25T06:15:08.350`)
* [CVE-2023-37225](CVE-2023/CVE-2023-372xx/CVE-2023-37225.json) (`2023-12-25T06:15:08.393`)
* [CVE-2023-40236](CVE-2023/CVE-2023-402xx/CVE-2023-40236.json) (`2023-12-25T06:15:08.440`)
* [CVE-2023-48654](CVE-2023/CVE-2023-486xx/CVE-2023-48654.json) (`2023-12-25T06:15:08.483`)
* [CVE-2023-49328](CVE-2023/CVE-2023-493xx/CVE-2023-49328.json) (`2023-12-25T06:15:08.530`)
* [CVE-2023-51772](CVE-2023/CVE-2023-517xx/CVE-2023-51772.json) (`2023-12-25T06:15:08.580`)
* [CVE-2022-34267](CVE-2022/CVE-2022-342xx/CVE-2022-34267.json) (`2023-12-25T08:15:07.200`)
* [CVE-2022-34268](CVE-2022/CVE-2022-342xx/CVE-2022-34268.json) (`2023-12-25T08:15:07.353`)
* [CVE-2023-28872](CVE-2023/CVE-2023-288xx/CVE-2023-28872.json) (`2023-12-25T07:15:07.893`)
* [CVE-2023-31297](CVE-2023/CVE-2023-312xx/CVE-2023-31297.json) (`2023-12-25T07:15:08.593`)
* [CVE-2023-37185](CVE-2023/CVE-2023-371xx/CVE-2023-37185.json) (`2023-12-25T07:15:08.793`)
* [CVE-2023-37186](CVE-2023/CVE-2023-371xx/CVE-2023-37186.json) (`2023-12-25T07:15:08.980`)
* [CVE-2023-37187](CVE-2023/CVE-2023-371xx/CVE-2023-37187.json) (`2023-12-25T07:15:09.183`)
* [CVE-2023-37188](CVE-2023/CVE-2023-371xx/CVE-2023-37188.json) (`2023-12-25T07:15:09.347`)
* [CVE-2023-47091](CVE-2023/CVE-2023-470xx/CVE-2023-47091.json) (`2023-12-25T07:15:09.537`)
* [CVE-2023-47247](CVE-2023/CVE-2023-472xx/CVE-2023-47247.json) (`2023-12-25T07:15:09.683`)
* [CVE-2023-31224](CVE-2023/CVE-2023-312xx/CVE-2023-31224.json) (`2023-12-25T08:15:07.430`)
* [CVE-2023-36485](CVE-2023/CVE-2023-364xx/CVE-2023-36485.json) (`2023-12-25T08:15:07.497`)
* [CVE-2023-36486](CVE-2023/CVE-2023-364xx/CVE-2023-36486.json) (`2023-12-25T08:15:07.560`)
* [CVE-2023-38826](CVE-2023/CVE-2023-388xx/CVE-2023-38826.json) (`2023-12-25T08:15:07.630`)
* [CVE-2023-48652](CVE-2023/CVE-2023-486xx/CVE-2023-48652.json) (`2023-12-25T08:15:07.697`)
* [CVE-2023-49226](CVE-2023/CVE-2023-492xx/CVE-2023-49226.json) (`2023-12-25T08:15:07.760`)
* [CVE-2023-49944](CVE-2023/CVE-2023-499xx/CVE-2023-49944.json) (`2023-12-25T08:15:07.833`)
* [CVE-2023-49954](CVE-2023/CVE-2023-499xx/CVE-2023-49954.json) (`2023-12-25T08:15:07.933`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
* [CVE-2023-7100](CVE-2023/CVE-2023-71xx/CVE-2023-7100.json) (`2023-12-25T08:15:08.013`)
## Download and Usage