From b793360b5ba745cca9e0d8e8314bd34798fd8135 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 25 Dec 2023 09:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-12-25T09:00:24.865873+00:00 --- CVE-2022/CVE-2022-342xx/CVE-2022-34267.json | 24 +++++++++++ CVE-2022/CVE-2022-342xx/CVE-2022-34268.json | 24 +++++++++++ CVE-2023/CVE-2023-288xx/CVE-2023-28872.json | 20 +++++++++ CVE-2023/CVE-2023-312xx/CVE-2023-31224.json | 20 +++++++++ CVE-2023/CVE-2023-312xx/CVE-2023-31297.json | 24 +++++++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36485.json | 28 +++++++++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36486.json | 28 +++++++++++++ CVE-2023/CVE-2023-371xx/CVE-2023-37185.json | 28 +++++++++++++ CVE-2023/CVE-2023-371xx/CVE-2023-37186.json | 28 +++++++++++++ CVE-2023/CVE-2023-371xx/CVE-2023-37187.json | 28 +++++++++++++ CVE-2023/CVE-2023-371xx/CVE-2023-37188.json | 28 +++++++++++++ CVE-2023/CVE-2023-388xx/CVE-2023-38826.json | 24 +++++++++++ CVE-2023/CVE-2023-470xx/CVE-2023-47091.json | 24 +++++++++++ CVE-2023/CVE-2023-472xx/CVE-2023-47247.json | 20 +++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48652.json | 24 +++++++++++ CVE-2023/CVE-2023-492xx/CVE-2023-49226.json | 24 +++++++++++ CVE-2023/CVE-2023-499xx/CVE-2023-49944.json | 24 +++++++++++ CVE-2023/CVE-2023-499xx/CVE-2023-49954.json | 20 +++++++++ CVE-2023/CVE-2023-71xx/CVE-2023-7100.json | 2 +- README.md | 45 +++++++++++---------- 20 files changed, 465 insertions(+), 22 deletions(-) create mode 100644 CVE-2022/CVE-2022-342xx/CVE-2022-34267.json create mode 100644 CVE-2022/CVE-2022-342xx/CVE-2022-34268.json create mode 100644 CVE-2023/CVE-2023-288xx/CVE-2023-28872.json create mode 100644 CVE-2023/CVE-2023-312xx/CVE-2023-31224.json create mode 100644 CVE-2023/CVE-2023-312xx/CVE-2023-31297.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36485.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36486.json create mode 100644 CVE-2023/CVE-2023-371xx/CVE-2023-37185.json create mode 100644 CVE-2023/CVE-2023-371xx/CVE-2023-37186.json create mode 100644 CVE-2023/CVE-2023-371xx/CVE-2023-37187.json create mode 100644 CVE-2023/CVE-2023-371xx/CVE-2023-37188.json create mode 100644 CVE-2023/CVE-2023-388xx/CVE-2023-38826.json create mode 100644 CVE-2023/CVE-2023-470xx/CVE-2023-47091.json create mode 100644 CVE-2023/CVE-2023-472xx/CVE-2023-47247.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48652.json create mode 100644 CVE-2023/CVE-2023-492xx/CVE-2023-49226.json create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49944.json create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49954.json diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34267.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34267.json new file mode 100644 index 00000000000..2f8490631e1 --- /dev/null +++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34267.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-34267", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T08:15:07.200", + "lastModified": "2023-12-25T08:15:07.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.rws.com/localization/products/trados-enterprise/worldserver/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34268.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34268.json new file mode 100644 index 00000000000..cbae73913e2 --- /dev/null +++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34268.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-34268", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T08:15:07.353", + "lastModified": "2023-12-25T08:15:07.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.rws.com/localization/products/trados-enterprise/worldserver/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28872.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28872.json new file mode 100644 index 00000000000..56360b505a1 --- /dev/null +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28872.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-28872", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T07:15:07.893", + "lastModified": "2023-12-25T07:15:07.893", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\\Temp\\NcpSupport* location." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://herolab.usd.de/en/security-advisories/usd-2022-0006/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31224.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31224.json new file mode 100644 index 00000000000..5e41526f6b9 --- /dev/null +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31224.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31224", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T08:15:07.430", + "lastModified": "2023-12-25T08:15:07.430", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "There is broken access control during authentication in Jamf Pro Server before 10.46.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://learn.jamf.com/bundle/jamf-pro-release-notes-10.47.0/page/Resolved_Issues.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31297.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31297.json new file mode 100644 index 00000000000..8c84b389e34 --- /dev/null +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31297.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31297", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T07:15:08.593", + "lastModified": "2023-12-25T07:15:08.593", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. There is XSS via the Name field when modifying a client." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://herolab.usd.de/en/security-advisories/usd-2022-0058/", + "source": "cve@mitre.org" + }, + { + "url": "https://herolab.usd.de/security-advisories/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36485.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36485.json new file mode 100644 index 00000000000..74b8c33e78e --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36485.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-36485", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T08:15:07.497", + "lastModified": "2023-12-25T08:15:07.497", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://docu.ilias.de/ilias.php?baseClass=ilrepositorygui&cmdNode=xd:kx:54&cmdClass=ilBlogPostingGUI&cmd=previewFullscreen&ref_id=3439&prvm=fsc&bmn=2023-12&blpg=786", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5987", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5988", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36486.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36486.json new file mode 100644 index 00000000000..3367c56204b --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36486.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-36486", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T08:15:07.560", + "lastModified": "2023-12-25T08:15:07.560", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://docu.ilias.de/ilias.php?baseClass=ilrepositorygui&cmdNode=xd:kx:54&cmdClass=ilBlogPostingGUI&cmd=previewFullscreen&ref_id=3439&prvm=fsc&bmn=2023-12&blpg=786", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5987", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5988", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37185.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37185.json new file mode 100644 index 00000000000..5d55d43adf5 --- /dev/null +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37185.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-37185", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T07:15:08.793", + "lastModified": "2023-12-25T07:15:08.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Blosc/c-blosc2/issues/519", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37186.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37186.json new file mode 100644 index 00000000000..2e8b3a136bc --- /dev/null +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37186.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-37186", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T07:15:08.980", + "lastModified": "2023-12-25T07:15:08.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Blosc/c-blosc2/issues/522", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37187.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37187.json new file mode 100644 index 00000000000..252c21c072c --- /dev/null +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37187.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-37187", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T07:15:09.183", + "lastModified": "2023-12-25T07:15:09.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Blosc/c-blosc2/issues/520", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37188.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37188.json new file mode 100644 index 00000000000..8c400efc243 --- /dev/null +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37188.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-37188", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T07:15:09.347", + "lastModified": "2023-12-25T07:15:09.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Blosc/c-blosc2/issues/521", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38826.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38826.json new file mode 100644 index 00000000000..dd47bb40569 --- /dev/null +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38826.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38826", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T08:15:07.630", + "lastModified": "2023-12-25T08:15:07.630", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. via the handlewpesearchform.do. searchString." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Oracle-Security/CVEs/tree/main/Follett%20Learning%20Solutions/Destiny/CVE-2023-38826", + "source": "cve@mitre.org" + }, + { + "url": "https://www.follettlearning.com/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47091.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47091.json new file mode 100644 index 00000000000..7607e698f78 --- /dev/null +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47091.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-47091", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T07:15:09.537", + "lastModified": "2023-12-25T07:15:09.537", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://advisories.stormshield.eu", + "source": "cve@mitre.org" + }, + { + "url": "https://advisories.stormshield.eu/2023-024/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47247.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47247.json new file mode 100644 index 00000000000..70912f829fc --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47247.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47247", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T07:15:09.683", + "lastModified": "2023-12-25T07:15:09.683", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://documentation.sysaid.com/docs/23334", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48652.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48652.json new file mode 100644 index 00000000000..b7fc046f9d3 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48652.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-48652", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T08:15:07.697", + "lastModified": "2023-12-25T08:15:07.697", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes", + "source": "cve@mitre.org" + }, + { + "url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49226.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49226.json new file mode 100644 index 00000000000..7bde8ed8c2b --- /dev/null +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49226.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49226", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T08:15:07.760", + "lastModified": "2023-12-25T08:15:07.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4", + "source": "cve@mitre.org" + }, + { + "url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49944.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49944.json new file mode 100644 index 00000000000..c7dddb2bc54 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49944.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49944", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T08:15:07.833", + "lastModified": "2023-12-25T08:15:07.833", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.beyondtrust.com/security", + "source": "cve@mitre.org" + }, + { + "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt23-08", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49954.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49954.json new file mode 100644 index 00000000000..ad165abddf9 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49954.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-49954", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-25T08:15:07.933", + "lastModified": "2023-12-25T08:15:07.933", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cve-2023-49954.github.io/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7100.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7100.json index 7bb944775c8..137d6db2e65 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7100.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7100.json @@ -2,7 +2,7 @@ "id": "CVE-2023-7100", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-25T03:15:08.840", - "lastModified": "2023-12-25T03:15:08.840", + "lastModified": "2023-12-25T08:15:08.013", "vulnStatus": "Received", "descriptions": [ { diff --git a/README.md b/README.md index 3e8f86d480e..92b532aa3c5 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-25T07:00:24.119321+00:00 +2023-12-25T09:00:24.865873+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-25T06:15:08.580000+00:00 +2023-12-25T08:15:08.013000+00:00 ``` ### Last Data Feed Release @@ -29,35 +29,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234187 +234205 ``` ### CVEs added in the last Commit -Recently added CVEs: `16` +Recently added CVEs: `18` -* [CVE-2022-39818](CVE-2022/CVE-2022-398xx/CVE-2022-39818.json) (`2023-12-25T06:15:07.880`) -* [CVE-2022-39820](CVE-2022/CVE-2022-398xx/CVE-2022-39820.json) (`2023-12-25T06:15:08.013`) -* [CVE-2022-39822](CVE-2022/CVE-2022-398xx/CVE-2022-39822.json) (`2023-12-25T06:15:08.060`) -* [CVE-2022-41760](CVE-2022/CVE-2022-417xx/CVE-2022-41760.json) (`2023-12-25T06:15:08.110`) -* [CVE-2022-41761](CVE-2022/CVE-2022-417xx/CVE-2022-41761.json) (`2023-12-25T06:15:08.157`) -* [CVE-2022-41762](CVE-2022/CVE-2022-417xx/CVE-2022-41762.json) (`2023-12-25T06:15:08.203`) -* [CVE-2022-43675](CVE-2022/CVE-2022-436xx/CVE-2022-43675.json) (`2023-12-25T06:15:08.253`) -* [CVE-2023-30451](CVE-2023/CVE-2023-304xx/CVE-2023-30451.json) (`2023-12-25T05:15:08.553`) -* [CVE-2023-51771](CVE-2023/CVE-2023-517xx/CVE-2023-51771.json) (`2023-12-25T05:15:08.730`) -* [CVE-2023-31289](CVE-2023/CVE-2023-312xx/CVE-2023-31289.json) (`2023-12-25T06:15:08.303`) -* [CVE-2023-31455](CVE-2023/CVE-2023-314xx/CVE-2023-31455.json) (`2023-12-25T06:15:08.350`) -* [CVE-2023-37225](CVE-2023/CVE-2023-372xx/CVE-2023-37225.json) (`2023-12-25T06:15:08.393`) -* [CVE-2023-40236](CVE-2023/CVE-2023-402xx/CVE-2023-40236.json) (`2023-12-25T06:15:08.440`) -* [CVE-2023-48654](CVE-2023/CVE-2023-486xx/CVE-2023-48654.json) (`2023-12-25T06:15:08.483`) -* [CVE-2023-49328](CVE-2023/CVE-2023-493xx/CVE-2023-49328.json) (`2023-12-25T06:15:08.530`) -* [CVE-2023-51772](CVE-2023/CVE-2023-517xx/CVE-2023-51772.json) (`2023-12-25T06:15:08.580`) +* [CVE-2022-34267](CVE-2022/CVE-2022-342xx/CVE-2022-34267.json) (`2023-12-25T08:15:07.200`) +* [CVE-2022-34268](CVE-2022/CVE-2022-342xx/CVE-2022-34268.json) (`2023-12-25T08:15:07.353`) +* [CVE-2023-28872](CVE-2023/CVE-2023-288xx/CVE-2023-28872.json) (`2023-12-25T07:15:07.893`) +* [CVE-2023-31297](CVE-2023/CVE-2023-312xx/CVE-2023-31297.json) (`2023-12-25T07:15:08.593`) +* [CVE-2023-37185](CVE-2023/CVE-2023-371xx/CVE-2023-37185.json) (`2023-12-25T07:15:08.793`) +* [CVE-2023-37186](CVE-2023/CVE-2023-371xx/CVE-2023-37186.json) (`2023-12-25T07:15:08.980`) +* [CVE-2023-37187](CVE-2023/CVE-2023-371xx/CVE-2023-37187.json) (`2023-12-25T07:15:09.183`) +* [CVE-2023-37188](CVE-2023/CVE-2023-371xx/CVE-2023-37188.json) (`2023-12-25T07:15:09.347`) +* [CVE-2023-47091](CVE-2023/CVE-2023-470xx/CVE-2023-47091.json) (`2023-12-25T07:15:09.537`) +* [CVE-2023-47247](CVE-2023/CVE-2023-472xx/CVE-2023-47247.json) (`2023-12-25T07:15:09.683`) +* [CVE-2023-31224](CVE-2023/CVE-2023-312xx/CVE-2023-31224.json) (`2023-12-25T08:15:07.430`) +* [CVE-2023-36485](CVE-2023/CVE-2023-364xx/CVE-2023-36485.json) (`2023-12-25T08:15:07.497`) +* [CVE-2023-36486](CVE-2023/CVE-2023-364xx/CVE-2023-36486.json) (`2023-12-25T08:15:07.560`) +* [CVE-2023-38826](CVE-2023/CVE-2023-388xx/CVE-2023-38826.json) (`2023-12-25T08:15:07.630`) +* [CVE-2023-48652](CVE-2023/CVE-2023-486xx/CVE-2023-48652.json) (`2023-12-25T08:15:07.697`) +* [CVE-2023-49226](CVE-2023/CVE-2023-492xx/CVE-2023-49226.json) (`2023-12-25T08:15:07.760`) +* [CVE-2023-49944](CVE-2023/CVE-2023-499xx/CVE-2023-49944.json) (`2023-12-25T08:15:07.833`) +* [CVE-2023-49954](CVE-2023/CVE-2023-499xx/CVE-2023-49954.json) (`2023-12-25T08:15:07.933`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2023-7100](CVE-2023/CVE-2023-71xx/CVE-2023-7100.json) (`2023-12-25T08:15:08.013`) ## Download and Usage