admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-29T18:00:25.269975+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-29 18:00:28 +00:00
parent 1241fa2106
commit b8e3ba1d22
33 changed files with 1846 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-362xx/CVE-2022-36227.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36227",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-22T02:15:11.003",
"lastModified": "2023-02-06T14:31:23.887",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-29T17:15:46.613",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -125,6 +125,10 @@
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202309-14",
"source": "cve@mitre.org"
}
]
}

85
CVE-2023/CVE-2023-202xx/CVE-2023-20254.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20254",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-27T18:15:11.690",
"lastModified": "2023-09-27T18:31:27.343",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T17:49:36.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled.\r\n\r This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el sistema de gesti\u00f3n de sesiones de la funci\u00f3n multiinquilino de Cisco Catalyst SD-WAN Manager podr\u00eda permitir que un atacante remoto autenticado acceda a otro tenant que est\u00e1 siendo administrado por la misma instancia de Cisco Catalyst SD-WAN Manager. Esta vulnerabilidad requiere que est\u00e9 habilitada la funci\u00f3n multi-tenant. Esta vulnerabilidad se debe a una gesti\u00f3n insuficiente de la sesi\u00f3n de usuario dentro del sistema Cisco Catalyst SD-WAN Manager. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud manipulada a un sistema afectado. Un exploit exitoso podr\u00eda permitir al atacante obtener acceso no autorizado a informaci\u00f3n sobre otro tenant, realizar cambios en la configuraci\u00f3n o posiblemente desconectar a un tenant, provocando una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,65 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.6.3.4",
"matchCriteriaId": "E6BF7AEE-61BF-488D-8439-35B85529DD45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.7",
"versionEndExcluding": "20.9.3.2",
"matchCriteriaId": "DFA494E8-5817-49FF-AF87-C1E5CC6A366B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.10",
"versionEndExcluding": "20.10.1.2",
"matchCriteriaId": "DB339115-6B31-4A04-89BC-A053C964CDD4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.11",
"versionEndExcluding": "20.11.1.2",
"matchCriteriaId": "FD884D68-559B-4169-9790-D8C6F694593E"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-23xx/CVE-2023-2358.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2358",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2023-09-27T15:18:50.790",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T17:32:30.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nHitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext.\u00a0\n\n"
},
{
"lang": "es",
"value": "Hitachi Vantara Pentaho Business Analytics Server anterior a las versiones 9.5.0.0 y 9.3.0.4, incluida la 8.3.xx, guarda las contrase\u00f1as del paso Copiar Archivos en texto plano de Hadoop."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
},
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
@ -46,10 +80,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachivantara:pentaho_business_analytics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.3.0.5",
"matchCriteriaId": "43991A37-EAC7-40F6-B00C-08F48725C0F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachivantara:pentaho_business_analytics:8.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC48F42D-D076-45F5-B572-7609B00C7201"
}
]
}
]
}
],
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/19668208622221",
"source": "security.vulnerabilities@hitachivantara.com"
"source": "security.vulnerabilities@hitachivantara.com",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-280xx/CVE-2023-28055.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28055",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-09-27T15:18:49.297",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T17:36:40.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.\n\n"
},
{
"lang": "es",
"value": "Dell NetWorker, versi\u00f3n 19.7 tiene una vulnerabilidad de autorizaci\u00f3n incorrecta en el cliente NetWorker. Un atacante no autenticado dentro de la misma red podr\u00eda explotar esto manipulando un comando que conduzca a obtener acceso completo al archivo del servidor, lo que resultar\u00eda en fugas de informaci\u00f3n, denegaci\u00f3n de servicio y ejecuci\u00f3n de c\u00f3digo arbitrario. Dell recomienda a los clientes actualizar lo antes posible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +70,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.7",
"versionEndExcluding": "19.7.0.5",
"matchCriteriaId": "E80B4170-769A-4FB5-B1D8-FAD7FD280ED1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.8",
"versionEndExcluding": "19.8.0.3",
"matchCriteriaId": "17D5F7EF-8B4D-46C5-BDC2-F0214B43DB8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.9",
"versionEndExcluding": "19.9.0.2",
"matchCriteriaId": "E4EC1A05-4A1A-4633-8F7E-13D43070AD98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:networker:19.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "880E3083-10D9-451F-A21B-91D36570596A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000218003/dsa-2023-294-security-update-for-dell-networker-nw-client-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-304xx/CVE-2023-30415.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-30415",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T16:15:10.563",
"lastModified": "2023-09-28T18:19:27.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T16:57:27.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Sourcecodester Packers and Movers Management System v1.0 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro id en /inquiries/view_inquiry.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:packers_and_movers_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00E7A5FB-799D-42CF-97F9-7250B4C49C6B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/174758/Packers-And-Movers-Management-System-1.0-SQL-Injection.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://robsware.github.io/2023/09/01/firstcve",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

51
CVE-2023/CVE-2023-304xx/CVE-2023-30471.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-30471",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-27T15:18:51.087",
"lastModified": "2023-09-27T15:41:01.547",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T17:16:36.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <=\u00a01.4.7 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Cornel Raiu WP Search Analytics &lt;= versiones 1.4.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cornelraiu:wp_search_analytics:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4.8",
"matchCriteriaId": "3C7B2AF1-465B-430C-8C28-67FEE12EA423"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/search-analytics/wordpress-wp-search-analytics-plugin-1-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-30xx/CVE-2023-3024.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3024",
"sourceIdentifier": "product-security@silabs.com",
"published": "2023-09-29T17:15:47.043",
"lastModified": "2023-09-29T17:27:25.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-security@silabs.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "product-security@silabs.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://github.com/SiliconLabs/gecko_sdk",
"source": "product-security@silabs.com"
},
{
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ViQvHQAV/?operationContext=S1",
"source": "product-security@silabs.com"
}
]
}

6
CVE-2023/CVE-2023-379xx/CVE-2023-37941.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-37941",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-06T14:15:10.483",
"lastModified": "2023-09-12T14:53:13.953",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-29T17:15:46.723",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0."
"value": "If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend.\n\nThe Superset metadata db is an 'internal' component that is typically \nonly accessible directly by the system administrator and the superset \nprocess itself. Gaining access to that database should\n be difficult and require significant privileges.\n\nThis vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.\n\n"
}
],
"metrics": {

12
CVE-2023/CVE-2023-381xx/CVE-2023-38139.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38139",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-09-12T17:15:16.470",
"lastModified": "2023-09-14T20:14:21.843",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-29T17:15:46.800",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de Elevaci\u00f3n de Privilegios del Kernel de Windows"
}
],
"metrics": {
@ -146,6 +150,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174849/Microsoft-Windows-Kernel-Refcount-Overflow-Use-After-Free.html",
"source": "secure@microsoft.com"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38139",
"source": "secure@microsoft.com",

6
CVE-2023/CVE-2023-393xx/CVE-2023-39308.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39308",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.183",
"lastModified": "2023-09-29T15:52:15.247",
"lastModified": "2023-09-29T16:15:10.527",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -50,6 +50,10 @@
{
"url": "https://patchstack.com/database/vulnerability/userfeedback-lite/wordpress-userfeedback-lite-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
{
"url": "https://revan-ar.medium.com/cve-2023-39308-wordpress-plugin-user-feedback-1-0-7-unauthenticated-stored-xss-db992a01686a",
"source": "audit@patchstack.com"
}
]
}

32
CVE-2023/CVE-2023-394xx/CVE-2023-39410.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-39410",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-29T17:15:46.923",
"lastModified": "2023-09-29T17:27:25.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds",
"source": "security@apache.org"
}
]
}

111
CVE-2023/CVE-2023-403xx/CVE-2023-40391.json
View File

@ -2,31 +2,128 @@
"id": "CVE-2023-40391",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:19:05.977",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-29T17:43:11.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en tvOS 17, iOS 17 y iPadOS 17, macOS Sonoma 14, Xcode 15. Es posible que una aplicaci\u00f3n pueda revelar la memoria del kernel."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0",
"matchCriteriaId": "3F8A729D-45AA-4E88-AB5B-E2C1241834D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "B511B802-B0A2-412D-ADA4-8B783BDF1880"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "E22CC7F9-F302-40B1-9B02-00FBC9805199"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "93620AD0-115A-4F86-B533-76A190AF41A0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213939",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-422xx/CVE-2023-42222.json
View File

@ -2,27 +2,94 @@
"id": "CVE-2023-42222",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T03:15:11.643",
"lastModified": "2023-09-28T12:44:04.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T17:31:44.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances."
},
{
"lang": "es",
"value": "WebCatalog anterior a 49.0 es vulnerable a un control de acceso incorrecto. WebCatalog llama a la funci\u00f3n Electron shell.openExternal sin verificar que la URL sea para un recurso http o https, en algunas circunstancias."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webcatalog:webcatalog:*:*:*:*:*:*:*:*",
"versionEndExcluding": "49.0",
"matchCriteriaId": "B016158B-8577-4858-BEF0-403269B34BB4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/itssixtyn3in/CVE-2023-42222",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://webcatalog.io/changelog/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.electronjs.org/docs/latest/tutorial/security#15-do-not-use-shellopenexternal-with-untrusted-content",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-427xx/CVE-2023-42793.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42793",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-09-19T17:15:08.330",
"lastModified": "2023-09-28T21:15:09.937",
"vulnStatus": "Modified",
"lastModified": "2023-09-29T17:15:47.117",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -89,6 +89,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html",
"source": "security@jetbrains.com"
},
{
"url": "https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/",
"source": "security@jetbrains.com"

68
CVE-2023/CVE-2023-432xx/CVE-2023-43291.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43291",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T15:19:33.877",
"lastModified": "2023-09-27T15:41:42.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T17:25:25.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component."
},
{
"lang": "es",
"value": "La Deserializaci\u00f3n de Datos No Confiables en emlog pro v.2.1.15 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente cache.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*",
"versionEndIncluding": "2.1.15",
"matchCriteriaId": "3BA8E0D9-78AD-4721-A4D3-A21A6EF30FEB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Dar1in9s/e3db6b04daacb68633a97581bbd5921b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

68
CVE-2023/CVE-2023-433xx/CVE-2023-43331.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43331",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T15:19:34.003",
"lastModified": "2023-09-27T15:40:47.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T16:29:51.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en la funci\u00f3n Agregar Usuario de Small CRM v3.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el campo Nombre."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:small_crm_project:small_crm:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51675DD-9B72-44A9-AE72-24AF1B6BA813"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Kartikhunter/CVE/blob/main/CVE-2023-43331",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-438xx/CVE-2023-43857.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43857",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T15:19:34.827",
"lastModified": "2023-09-27T15:41:42.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T16:11:48.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Dreamer CMS v4.1.3 contiene una vulnerabilidad de Cross-Site Scripting (XSS) almacenadas a trav\u00e9s del componente /admin/u/toIndex."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dreamer_cms_project:dreamer_cms:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8278D9D-0CD5-4659-8BD6-8A4557D57C2C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/iteachyou/dreamer_cms/issues/I834WV",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

67
CVE-2023/CVE-2023-438xx/CVE-2023-43879.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-43879",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T15:15:12.637",
"lastModified": "2023-09-28T18:19:27.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T16:35:38.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu."
},
{
"lang": "es",
"value": "Rite CMS 3.0 tiene una vulnerabilidad de Cross-Site Scripting (XSS) que permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en los Bloques de Contenido Global en el Men\u00fa de Administraci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ritecms:ritecms:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5685F4C3-7F88-4548-98F0-93E731778DBE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sromanhu/RiteCMS-Stored-XSS---GlobalContent/tree/main",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

68
CVE-2023/CVE-2023-438xx/CVE-2023-43884.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43884",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T15:15:12.697",
"lastModified": "2023-09-28T18:19:27.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T16:27:23.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en el ID de Referencia del panel Transacciones de Subrion v4.2.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro 'ID de referencia'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intelliants:subrion:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C1813C-DBF7-4ADF-8FC0-23608A417D29"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dpuenteramirez/XSS-ReferenceID-Subrion_4.2.1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product"
]
}
]
}

76
CVE-2023/CVE-2023-440xx/CVE-2023-44047.json
View File

@ -2,23 +2,89 @@
"id": "CVE-2023-44047",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T20:15:09.850",
"lastModified": "2023-09-28T12:44:13.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T16:24:15.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection."
},
{
"lang": "es",
"value": "El sistema de Toll Tax Management Sourcecodester v1 es vulnerable a la inyecci\u00f3n SQL"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:toll_tax_management_system_project:toll_tax_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B086840-9699-4F09-B9AE-CE881B545C43"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/xcodeOn1/SQLI-TollTax/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
},
{
"url": "https://github.com/xcodeOn1/xcode0x-CVEs/blob/main/CVE/CVE-2023-44047.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-440xx/CVE-2023-44048.json
View File

@ -2,23 +2,89 @@
"id": "CVE-2023-44048",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T20:15:13.493",
"lastModified": "2023-09-28T12:44:13.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T17:52:10.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Sourcecodester Expense Tracker v1 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de la categor\u00eda \"add\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:expense_tracker_project:expense_tracker:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFABE52-45A6-4F70-B8D2-07C3EBA7289D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/xcodeOn1/XSS-Stored-Expense-Tracker-App/tree/main",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
},
{
"url": "https://github.com/xcodeOn1/xcode0x-CVEs/blob/main/CVE/CVE-2023-44048.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-44xx/CVE-2023-4423.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-4423",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-27T15:19:40.383",
"lastModified": "2023-09-27T15:41:01.547",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T17:59:31.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "El complemento WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets con WooCommerce para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en versiones hasta la 3.1.37.1 inclusive debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
@ -46,22 +70,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-eventmanager:wp_event_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.38",
"matchCriteriaId": "88C9842A-68AD-429A-A1C6-CC44A4126DA1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Jacky-Y/vuls/blob/main/vul5.md",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/wpeventmanager/wp-event-manager/issues/1483",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2969034%40wp-event-manager%2Ftrunk&old=2953169%40wp-event-manager%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd9d22b0-a84a-4bf2-b8b4-89bae2970f29?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-47xx/CVE-2023-4752.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4752",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-04T14:15:08.450",
"lastModified": "2023-09-18T02:15:51.120",
"lastModified": "2023-09-29T17:15:47.233",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.1858."
},
{
"lang": "es",
"value": "Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1858."
}
],
"metrics": {
@ -118,6 +122,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html",
"source": "security@huntr.dev"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/",
"source": "security@huntr.dev"

8
CVE-2023/CVE-2023-47xx/CVE-2023-4781.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4781",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-05T19:15:49.207",
"lastModified": "2023-09-08T14:15:32.177",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-29T17:15:47.317",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -102,6 +102,10 @@
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html",
"source": "security@huntr.dev"
}
]
}

63
CVE-2023/CVE-2023-51xx/CVE-2023-5162.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-5162",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-27T15:19:41.977",
"lastModified": "2023-09-27T15:41:07.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T16:13:27.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Opciones para Twenty Seventeen para WordPress es vulnerable a Stored Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto de 'social-links' en versiones hasta la 2.5.0 inclusive debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -46,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webd:options_for_twenty_seventeen:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.0",
"matchCriteriaId": "D558912E-42FA-40DB-8FD0-D1B84C72790A"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/options-for-twenty-seventeen/tags/2.5.0/options-for-twenty-seventeen.php#L3110",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2971104/options-for-twenty-seventeen",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/df35d8c6-55ec-4cf5-8055-93ec5193c0a4?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-52xx/CVE-2023-5244.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5244",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-28T01:15:09.060",
"lastModified": "2023-09-28T12:44:04.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-29T17:53:12.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS): reflejado en el repositorio de GitHub microweber/microweber anterior a 2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"matchCriteriaId": "A3C150C1-4763-474B-91B5-B571C53BEC4D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/microweber/microweber/commit/1cb846f8f54ff6f5c668f3ae64dd81740a7e8968",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/a3bd58ba-ca59-4cba-85d1-799f73a76470",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
]
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5268.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5268",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T16:15:10.617",
"lastModified": "2023-09-29T17:27:25.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtml_taglist_action.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240881 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/yhy217/dedebiz--vul/issues/2",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240881",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240881",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5269.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5269",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T16:15:10.697",
"lastModified": "2023-09-29T17:27:25.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-240882 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%201.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240882",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240882",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5270.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5270",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T16:15:10.777",
"lastModified": "2023-09-29T17:27:25.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_parcel.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240883."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%202.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240883",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240883",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5271.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5271",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T16:15:10.853",
"lastModified": "2023-09-29T17:27:25.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_parcel.php. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240884."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%203.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240884",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240884",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5272.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5272",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T17:15:48.323",
"lastModified": "2023-09-29T17:27:25.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-240885 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%204.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240885",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240885",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-52xx/CVE-2023-5273.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-5273",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T17:15:48.567",
"lastModified": "2023-09-29T17:27:25.983",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240886 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%206.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.240886",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.240886",
"source": "cna@vuldb.com"
}
]
}

84
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-29T16:00:25.697551+00:00
2023-09-29T18:00:25.269975+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-29T15:59:09.023000+00:00
2023-09-29T17:59:31.007000+00:00
```
### Last Data Feed Release
@ -29,61 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226609
226617
```
### CVEs added in the last Commit
Recently added CVEs: `17`
Recently added CVEs: `8`
* [CVE-2023-39308](CVE-2023/CVE-2023-393xx/CVE-2023-39308.json) (`2023-09-29T14:15:10.183`)
* [CVE-2023-41655](CVE-2023/CVE-2023-416xx/CVE-2023-41655.json) (`2023-09-29T14:15:10.273`)
* [CVE-2023-41657](CVE-2023/CVE-2023-416xx/CVE-2023-41657.json) (`2023-09-29T14:15:10.350`)
* [CVE-2023-41658](CVE-2023/CVE-2023-416xx/CVE-2023-41658.json) (`2023-09-29T14:15:10.423`)
* [CVE-2023-41661](CVE-2023/CVE-2023-416xx/CVE-2023-41661.json) (`2023-09-29T14:15:10.500`)
* [CVE-2023-41662](CVE-2023/CVE-2023-416xx/CVE-2023-41662.json) (`2023-09-29T14:15:10.573`)
* [CVE-2023-41663](CVE-2023/CVE-2023-416xx/CVE-2023-41663.json) (`2023-09-29T14:15:10.650`)
* [CVE-2023-41666](CVE-2023/CVE-2023-416xx/CVE-2023-41666.json) (`2023-09-29T14:15:10.723`)
* [CVE-2023-41687](CVE-2023/CVE-2023-416xx/CVE-2023-41687.json) (`2023-09-29T14:15:10.797`)
* [CVE-2023-41691](CVE-2023/CVE-2023-416xx/CVE-2023-41691.json) (`2023-09-29T14:15:10.870`)
* [CVE-2023-5262](CVE-2023/CVE-2023-52xx/CVE-2023-5262.json) (`2023-09-29T14:15:11.163`)
* [CVE-2023-5263](CVE-2023/CVE-2023-52xx/CVE-2023-5263.json) (`2023-09-29T14:15:11.250`)
* [CVE-2023-5289](CVE-2023/CVE-2023-52xx/CVE-2023-5289.json) (`2023-09-29T14:15:11.323`)
* [CVE-2023-5264](CVE-2023/CVE-2023-52xx/CVE-2023-5264.json) (`2023-09-29T15:15:10.593`)
* [CVE-2023-5265](CVE-2023/CVE-2023-52xx/CVE-2023-5265.json) (`2023-09-29T15:15:10.670`)
* [CVE-2023-5266](CVE-2023/CVE-2023-52xx/CVE-2023-5266.json) (`2023-09-29T15:15:10.750`)
* [CVE-2023-5267](CVE-2023/CVE-2023-52xx/CVE-2023-5267.json) (`2023-09-29T15:15:10.823`)
* [CVE-2023-5268](CVE-2023/CVE-2023-52xx/CVE-2023-5268.json) (`2023-09-29T16:15:10.617`)
* [CVE-2023-5269](CVE-2023/CVE-2023-52xx/CVE-2023-5269.json) (`2023-09-29T16:15:10.697`)
* [CVE-2023-5270](CVE-2023/CVE-2023-52xx/CVE-2023-5270.json) (`2023-09-29T16:15:10.777`)
* [CVE-2023-5271](CVE-2023/CVE-2023-52xx/CVE-2023-5271.json) (`2023-09-29T16:15:10.853`)
* [CVE-2023-39410](CVE-2023/CVE-2023-394xx/CVE-2023-39410.json) (`2023-09-29T17:15:46.923`)
* [CVE-2023-3024](CVE-2023/CVE-2023-30xx/CVE-2023-3024.json) (`2023-09-29T17:15:47.043`)
* [CVE-2023-5272](CVE-2023/CVE-2023-52xx/CVE-2023-5272.json) (`2023-09-29T17:15:48.323`)
* [CVE-2023-5273](CVE-2023/CVE-2023-52xx/CVE-2023-5273.json) (`2023-09-29T17:15:48.567`)
### CVEs modified in the last Commit
Recently modified CVEs: `44`
Recently modified CVEs: `24`
* [CVE-2023-42462](CVE-2023/CVE-2023-424xx/CVE-2023-42462.json) (`2023-09-29T14:05:08.350`)
* [CVE-2023-43869](CVE-2023/CVE-2023-438xx/CVE-2023-43869.json) (`2023-09-29T14:06:04.873`)
* [CVE-2023-27320](CVE-2023/CVE-2023-273xx/CVE-2023-27320.json) (`2023-09-29T14:15:09.913`)
* [CVE-2023-28486](CVE-2023/CVE-2023-284xx/CVE-2023-28486.json) (`2023-09-29T14:15:10.033`)
* [CVE-2023-28487](CVE-2023/CVE-2023-284xx/CVE-2023-28487.json) (`2023-09-29T14:15:10.113`)
* [CVE-2023-4702](CVE-2023/CVE-2023-47xx/CVE-2023-4702.json) (`2023-09-29T14:15:10.953`)
* [CVE-2023-4972](CVE-2023/CVE-2023-49xx/CVE-2023-4972.json) (`2023-09-29T14:15:11.070`)
* [CVE-2023-5174](CVE-2023/CVE-2023-51xx/CVE-2023-5174.json) (`2023-09-29T14:19:44.087`)
* [CVE-2023-42657](CVE-2023/CVE-2023-426xx/CVE-2023-42657.json) (`2023-09-29T14:34:24.630`)
* [CVE-2023-42461](CVE-2023/CVE-2023-424xx/CVE-2023-42461.json) (`2023-09-29T14:36:16.040`)
* [CVE-2023-42819](CVE-2023/CVE-2023-428xx/CVE-2023-42819.json) (`2023-09-29T14:42:30.233`)
* [CVE-2023-42820](CVE-2023/CVE-2023-428xx/CVE-2023-42820.json) (`2023-09-29T15:04:32.443`)
* [CVE-2023-25483](CVE-2023/CVE-2023-254xx/CVE-2023-25483.json) (`2023-09-29T15:11:01.933`)
* [CVE-2023-43740](CVE-2023/CVE-2023-437xx/CVE-2023-43740.json) (`2023-09-29T15:15:10.227`)
* [CVE-2023-5169](CVE-2023/CVE-2023-51xx/CVE-2023-5169.json) (`2023-09-29T15:15:10.350`)
* [CVE-2023-5171](CVE-2023/CVE-2023-51xx/CVE-2023-5171.json) (`2023-09-29T15:15:10.407`)
* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-09-29T15:15:10.537`)
* [CVE-2023-5176](CVE-2023/CVE-2023-51xx/CVE-2023-5176.json) (`2023-09-29T15:17:46.987`)
* [CVE-2023-43381](CVE-2023/CVE-2023-433xx/CVE-2023-43381.json) (`2023-09-29T15:29:07.093`)
* [CVE-2023-4523](CVE-2023/CVE-2023-45xx/CVE-2023-4523.json) (`2023-09-29T15:39:05.767`)
* [CVE-2023-5161](CVE-2023/CVE-2023-51xx/CVE-2023-5161.json) (`2023-09-29T15:44:13.007`)
* [CVE-2023-43909](CVE-2023/CVE-2023-439xx/CVE-2023-43909.json) (`2023-09-29T15:52:15.247`)
* [CVE-2023-43944](CVE-2023/CVE-2023-439xx/CVE-2023-43944.json) (`2023-09-29T15:52:15.247`)
* [CVE-2023-39347](CVE-2023/CVE-2023-393xx/CVE-2023-39347.json) (`2023-09-29T15:54:47.300`)
* [CVE-2023-4003](CVE-2023/CVE-2023-40xx/CVE-2023-4003.json) (`2023-09-29T15:59:09.023`)
* [CVE-2022-36227](CVE-2022/CVE-2022-362xx/CVE-2022-36227.json) (`2023-09-29T17:15:46.613`)
* [CVE-2023-43857](CVE-2023/CVE-2023-438xx/CVE-2023-43857.json) (`2023-09-29T16:11:48.360`)
* [CVE-2023-5162](CVE-2023/CVE-2023-51xx/CVE-2023-5162.json) (`2023-09-29T16:13:27.713`)
* [CVE-2023-39308](CVE-2023/CVE-2023-393xx/CVE-2023-39308.json) (`2023-09-29T16:15:10.527`)
* [CVE-2023-44047](CVE-2023/CVE-2023-440xx/CVE-2023-44047.json) (`2023-09-29T16:24:15.493`)
* [CVE-2023-43884](CVE-2023/CVE-2023-438xx/CVE-2023-43884.json) (`2023-09-29T16:27:23.523`)
* [CVE-2023-43331](CVE-2023/CVE-2023-433xx/CVE-2023-43331.json) (`2023-09-29T16:29:51.383`)
* [CVE-2023-43879](CVE-2023/CVE-2023-438xx/CVE-2023-43879.json) (`2023-09-29T16:35:38.223`)
* [CVE-2023-30415](CVE-2023/CVE-2023-304xx/CVE-2023-30415.json) (`2023-09-29T16:57:27.170`)
* [CVE-2023-37941](CVE-2023/CVE-2023-379xx/CVE-2023-37941.json) (`2023-09-29T17:15:46.723`)
* [CVE-2023-38139](CVE-2023/CVE-2023-381xx/CVE-2023-38139.json) (`2023-09-29T17:15:46.800`)
* [CVE-2023-42793](CVE-2023/CVE-2023-427xx/CVE-2023-42793.json) (`2023-09-29T17:15:47.117`)
* [CVE-2023-4752](CVE-2023/CVE-2023-47xx/CVE-2023-4752.json) (`2023-09-29T17:15:47.233`)
* [CVE-2023-4781](CVE-2023/CVE-2023-47xx/CVE-2023-4781.json) (`2023-09-29T17:15:47.317`)
* [CVE-2023-30471](CVE-2023/CVE-2023-304xx/CVE-2023-30471.json) (`2023-09-29T17:16:36.613`)
* [CVE-2023-43291](CVE-2023/CVE-2023-432xx/CVE-2023-43291.json) (`2023-09-29T17:25:25.957`)
* [CVE-2023-42222](CVE-2023/CVE-2023-422xx/CVE-2023-42222.json) (`2023-09-29T17:31:44.100`)
* [CVE-2023-2358](CVE-2023/CVE-2023-23xx/CVE-2023-2358.json) (`2023-09-29T17:32:30.117`)
* [CVE-2023-28055](CVE-2023/CVE-2023-280xx/CVE-2023-28055.json) (`2023-09-29T17:36:40.987`)
* [CVE-2023-40391](CVE-2023/CVE-2023-403xx/CVE-2023-40391.json) (`2023-09-29T17:43:11.557`)
* [CVE-2023-20254](CVE-2023/CVE-2023-202xx/CVE-2023-20254.json) (`2023-09-29T17:49:36.903`)
* [CVE-2023-44048](CVE-2023/CVE-2023-440xx/CVE-2023-44048.json) (`2023-09-29T17:52:10.340`)
* [CVE-2023-5244](CVE-2023/CVE-2023-52xx/CVE-2023-5244.json) (`2023-09-29T17:53:12.883`)
* [CVE-2023-4423](CVE-2023/CVE-2023-44xx/CVE-2023-4423.json) (`2023-09-29T17:59:31.007`)
## Download and Usage