admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-02T00:55:18.040039+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-02 00:55:21 +00:00
parent a429a100fd
commit bc9cc58054
11 changed files with 562 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
CVE-2023/CVE-2023-477xx/CVE-2023-47755.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47755",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T18:15:09.037",
"lastModified": "2023-11-22T19:00:49.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-02T00:25:09.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aazztech:woocommerce_product_carousel_slider:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.3.5",
"matchCriteriaId": "320EA627-6C60-4F59-8546-F21F5D02BAE2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/product-carousel-slider-for-woocommerce/wordpress-woocommerce-product-carousel-slider-plugin-3-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-481xx/CVE-2023-48106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48106",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:09.630",
"lastModified": "2023-11-22T19:00:49.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-02T00:27:03.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Vulnerabilidad de desbordamiento del b\u00fafer en zlib-ng minizip-ng v.4.0.2 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado en la funci\u00f3n mz_path_resolve en el archivo mz_os.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zlib-ng:minizip-ng:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65B2CB9-EB98-4AA7-AEC5-FE76A1022E72"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zlib-ng/minizip-ng/issues/740",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

70
CVE-2023/CVE-2023-481xx/CVE-2023-48185.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48185",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T18:15:07.080",
"lastModified": "2023-11-18T04:19:44.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-02T00:21:40.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "La vulnerabilidad de Directory Traversal en TerraMaster v.s1.0 hasta v.2.295 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud GET manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:terra-mater:terra-master:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0",
"versionEndIncluding": "2.295",
"matchCriteriaId": "A8A7D574-708F-463C-9BE1-4E80A4BDE9DD"
}
]
}
]
}
],
"references": [
{
"url": "https://forum.terra-master.com/cn/viewtopic.php?f=100&t=3842&p=17623#p",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://forum.terra-master.com/cn/viewtopic.php?f=100&t=3842&p=17623#p17623",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

24
CVE-2023/CVE-2023-488xx/CVE-2023-48801.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48801",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T23:15:07.840",
"lastModified": "2023-12-01T23:15:07.840",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://palm-jump-676.notion.site/CVE-2023-48801-40d4553fc7a649fe833201fcecf76f2b",
"source": "cve@mitre.org"
},
{
"url": "https://www.notion.so/X6000R-sub_415534-40d4553fc7a649fe833201fcecf76f2b?pvs=4",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-488xx/CVE-2023-48886.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48886",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T23:15:07.920",
"lastModified": "2023-12-01T23:15:07.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/luxiaoxun/NettyRpc",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/luxiaoxun/NettyRpc/issues/53",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-488xx/CVE-2023-48887.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-48887",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-01T23:15:07.967",
"lastModified": "2023-12-01T23:15:07.967",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/fengjiachun/Jupiter",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/fengjiachun/Jupiter/issues/115",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/welk1n/JNDI-Injection-Exploit/releases/tag/v1.0",
"source": "cve@mitre.org"
}
]
}

77
CVE-2023/CVE-2023-491xx/CVE-2023-49103.json
View File

@ -2,16 +2,44 @@
"id": "CVE-2023-49103",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-21T22:15:08.277",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-02T00:22:46.933",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-11-30",
"cisaActionDue": "2023-12-21",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "ownCloud graphapi Information Disclosure Vulnerability",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en ownCloud owncloud/graphapi 0.2.x anterior a 0.2.1 y 0.3.x anterior a 0.3.1. La aplicaci\u00f3n Graphapi se basa en una librer\u00eda GetPhpInfo.php de terceros que proporciona una URL. Cuando se accede a esta URL, se revelan los detalles de configuraci\u00f3n del entorno PHP (phpinfo). Esta informaci\u00f3n incluye todas las variables de entorno del servidor web. En implementaciones en contenedores, estas variables de entorno pueden incluir datos confidenciales, como la contrase\u00f1a del administrador de ownCloud, las credenciales del servidor de correo y la clave de licencia. Simplemente deshabilitar la aplicaci\u00f3n Graphapi no elimina la vulnerabilidad. Adem\u00e1s, phpinfo expone otros detalles de configuraci\u00f3n potencialmente confidenciales que un atacante podr\u00eda aprovechar para recopilar informaci\u00f3n sobre el sistema. Por lo tanto, incluso si ownCloud no se ejecuta en un entorno en contenedores, esta vulnerabilidad deber\u00eda ser motivo de preocupaci\u00f3n. Tenga en cuenta que los contenedores Docker anteriores a febrero de 2023 no son vulnerables a la divulgaci\u00f3n de credenciales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,14 +62,55 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:graph_api:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FB1ADA-F2C3-4632-A5ED-36BCE73CDA96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:graph_api:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2F54D9-20AF-4161-8104-CD80A3D39BB0"
}
]
}
]
}
],
"references": [
{
"url": "https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://owncloud.org/security",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

83
CVE-2023/CVE-2023-57xx/CVE-2023-5706.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5706",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:14.167",
"lastModified": "2023-11-22T17:31:52.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-02T00:23:17.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento VK Blocks para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del bloque 'vk-blocks/ancestor-page-list' del complemento en todas las versiones hasta la 1.63.0.1 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,26 +58,71 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vektor-inc:vk_blocks:*:*:*:*:-:wordpress:*:*",
"versionEndIncluding": "1.63.0.1",
"matchCriteriaId": "D5F67AE2-A2CB-4E20-B4E0-01CE655708F7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/vk-blocks/tags/1.63.0.1/inc/vk-blocks/build/blocks/ancestor-page-list/index.php#L50",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/vk-blocks/tags/1.63.0.1/inc/vk-blocks/build/blocks/ancestor-page-list/index.php#L54",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/vk-blocks/tags/1.63.0.1/inc/vk-blocks/build/blocks/ancestor-page-list/index.php#L57",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2983202/vk-blocks/trunk/inc/vk-blocks/build/blocks/ancestor-page-list/index.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05dd7c96-7880-44a8-a06f-037bc627fd8d?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-57xx/CVE-2023-5708.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5708",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:14.387",
"lastModified": "2023-11-22T17:31:52.013",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-02T00:23:27.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento WP Post Columns para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'column' del complemento en todas las versiones hasta la 2.2 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp_post_columns_project:wp_post_columns:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2",
"matchCriteriaId": "E45BBB63-E40E-415A-B94B-A6BD855D593E"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-post-columns/trunk/wp_post_columns.php?rev=112013#L59",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d96e5986-8c89-4e7e-aa63-f41aa13eeff4?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-64xx/CVE-2023-6463.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-6463",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-01T23:15:08.023",
"lastModified": "2023-12-01T23:15:08.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument first_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246613 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/qqisee/vulndis/blob/main/xss_add_user.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.246613",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.246613",
"source": "cna@vuldb.com"
}
]
}

58
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-01T23:00:18.041174+00:00
2023-12-02T00:55:18.040039+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-01T22:15:10.960000+00:00
2023-12-02T00:27:03.327000+00:00
```
### Last Data Feed Release
@ -29,57 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231974
231978
```
### CVEs added in the last Commit
Recently added CVEs: `15`
Recently added CVEs: `4`
* [CVE-2023-40699](CVE-2023/CVE-2023-406xx/CVE-2023-40699.json) (`2023-12-01T21:15:07.633`)
* [CVE-2023-42009](CVE-2023/CVE-2023-420xx/CVE-2023-42009.json) (`2023-12-01T21:15:07.857`)
* [CVE-2023-42019](CVE-2023/CVE-2023-420xx/CVE-2023-42019.json) (`2023-12-01T21:15:08.053`)
* [CVE-2023-42022](CVE-2023/CVE-2023-420xx/CVE-2023-42022.json) (`2023-12-01T21:15:08.260`)
* [CVE-2023-43021](CVE-2023/CVE-2023-430xx/CVE-2023-43021.json) (`2023-12-01T21:15:08.460`)
* [CVE-2023-46174](CVE-2023/CVE-2023-461xx/CVE-2023-46174.json) (`2023-12-01T21:15:08.663`)
* [CVE-2023-49277](CVE-2023/CVE-2023-492xx/CVE-2023-49277.json) (`2023-12-01T21:15:08.857`)
* [CVE-2023-44381](CVE-2023/CVE-2023-443xx/CVE-2023-44381.json) (`2023-12-01T22:15:09.573`)
* [CVE-2023-44382](CVE-2023/CVE-2023-443xx/CVE-2023-44382.json) (`2023-12-01T22:15:09.780`)
* [CVE-2023-44402](CVE-2023/CVE-2023-444xx/CVE-2023-44402.json) (`2023-12-01T22:15:09.970`)
* [CVE-2023-46746](CVE-2023/CVE-2023-467xx/CVE-2023-46746.json) (`2023-12-01T22:15:10.167`)
* [CVE-2023-48314](CVE-2023/CVE-2023-483xx/CVE-2023-48314.json) (`2023-12-01T22:15:10.360`)
* [CVE-2023-49276](CVE-2023/CVE-2023-492xx/CVE-2023-49276.json) (`2023-12-01T22:15:10.563`)
* [CVE-2023-49281](CVE-2023/CVE-2023-492xx/CVE-2023-49281.json) (`2023-12-01T22:15:10.760`)
* [CVE-2023-6462](CVE-2023/CVE-2023-64xx/CVE-2023-6462.json) (`2023-12-01T22:15:10.960`)
* [CVE-2023-48801](CVE-2023/CVE-2023-488xx/CVE-2023-48801.json) (`2023-12-01T23:15:07.840`)
* [CVE-2023-48886](CVE-2023/CVE-2023-488xx/CVE-2023-48886.json) (`2023-12-01T23:15:07.920`)
* [CVE-2023-48887](CVE-2023/CVE-2023-488xx/CVE-2023-48887.json) (`2023-12-01T23:15:07.967`)
* [CVE-2023-6463](CVE-2023/CVE-2023-64xx/CVE-2023-6463.json) (`2023-12-01T23:15:08.023`)
### CVEs modified in the last Commit
Recently modified CVEs: `23`
Recently modified CVEs: `6`
* [CVE-2014-125084](CVE-2014/CVE-2014-1250xx/CVE-2014-125084.json) (`2023-12-01T22:03:27.830`)
* [CVE-2014-125081](CVE-2014/CVE-2014-1250xx/CVE-2014-125081.json) (`2023-12-01T22:04:49.620`)
* [CVE-2014-125093](CVE-2014/CVE-2014-1250xx/CVE-2014-125093.json) (`2023-12-01T22:05:39.367`)
* [CVE-2014-125095](CVE-2014/CVE-2014-1250xx/CVE-2014-125095.json) (`2023-12-01T22:08:11.780`)
* [CVE-2014-125096](CVE-2014/CVE-2014-1250xx/CVE-2014-125096.json) (`2023-12-01T22:10:36.937`)
* [CVE-2017-20155](CVE-2017/CVE-2017-201xx/CVE-2017-20155.json) (`2023-12-01T22:07:13.797`)
* [CVE-2017-20156](CVE-2017/CVE-2017-201xx/CVE-2017-20156.json) (`2023-12-01T22:09:35.407`)
* [CVE-2022-40433](CVE-2022/CVE-2022-404xx/CVE-2022-40433.json) (`2023-12-01T21:15:07.527`)
* [CVE-2023-49145](CVE-2023/CVE-2023-491xx/CVE-2023-49145.json) (`2023-12-01T21:01:41.407`)
* [CVE-2023-46480](CVE-2023/CVE-2023-464xx/CVE-2023-46480.json) (`2023-12-01T21:04:35.097`)
* [CVE-2023-46355](CVE-2023/CVE-2023-463xx/CVE-2023-46355.json) (`2023-12-01T21:17:19.887`)
* [CVE-2023-25632](CVE-2023/CVE-2023-256xx/CVE-2023-25632.json) (`2023-12-01T21:17:40.063`)
* [CVE-2023-43754](CVE-2023/CVE-2023-437xx/CVE-2023-43754.json) (`2023-12-01T21:18:42.600`)
* [CVE-2023-45223](CVE-2023/CVE-2023-452xx/CVE-2023-45223.json) (`2023-12-01T21:22:56.440`)
* [CVE-2023-47168](CVE-2023/CVE-2023-471xx/CVE-2023-47168.json) (`2023-12-01T21:24:07.470`)
* [CVE-2023-48268](CVE-2023/CVE-2023-482xx/CVE-2023-48268.json) (`2023-12-01T21:30:14.497`)
* [CVE-2023-48369](CVE-2023/CVE-2023-483xx/CVE-2023-48369.json) (`2023-12-01T21:37:48.153`)
* [CVE-2023-6202](CVE-2023/CVE-2023-62xx/CVE-2023-6202.json) (`2023-12-01T21:40:49.863`)
* [CVE-2023-5960](CVE-2023/CVE-2023-59xx/CVE-2023-5960.json) (`2023-12-01T21:43:59.323`)
* [CVE-2023-32063](CVE-2023/CVE-2023-320xx/CVE-2023-32063.json) (`2023-12-01T21:46:28.420`)
* [CVE-2023-48713](CVE-2023/CVE-2023-487xx/CVE-2023-48713.json) (`2023-12-01T21:53:20.687`)
* [CVE-2023-32065](CVE-2023/CVE-2023-320xx/CVE-2023-32065.json) (`2023-12-01T22:00:52.193`)
* [CVE-2023-32064](CVE-2023/CVE-2023-320xx/CVE-2023-32064.json) (`2023-12-01T22:01:44.107`)
* [CVE-2023-48185](CVE-2023/CVE-2023-481xx/CVE-2023-48185.json) (`2023-12-02T00:21:40.093`)
* [CVE-2023-49103](CVE-2023/CVE-2023-491xx/CVE-2023-49103.json) (`2023-12-02T00:22:46.933`)
* [CVE-2023-5706](CVE-2023/CVE-2023-57xx/CVE-2023-5706.json) (`2023-12-02T00:23:17.657`)
* [CVE-2023-5708](CVE-2023/CVE-2023-57xx/CVE-2023-5708.json) (`2023-12-02T00:23:27.807`)
* [CVE-2023-47755](CVE-2023/CVE-2023-477xx/CVE-2023-47755.json) (`2023-12-02T00:25:09.250`)
* [CVE-2023-48106](CVE-2023/CVE-2023-481xx/CVE-2023-48106.json) (`2023-12-02T00:27:03.327`)
## Download and Usage