admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-28T09:00:18.731882+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-28 09:00:22 +00:00
parent da3bc86ca1
commit c2a98f57a5
15 changed files with 772 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2023/CVE-2023-240xx/CVE-2023-24023.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-24023",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T07:15:41.340",
"lastModified": "2023-11-28T07:15:41.340",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS."
}
],
"metrics": {},
"references": [
{
"url": "https://dl.acm.org/doi/10.1145/3576915.3623066",
"source": "cve@mitre.org"
},
{
"url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/",
"source": "cve@mitre.org"
}
]
}

67
CVE-2023/CVE-2023-33xx/CVE-2023-3368.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-3368",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T07:15:41.683",
"lastModified": "2023-11-28T07:15:41.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/37be9ce7243a30259047dd4517c48ff8b21d657a",
"source": "info@starlabs.sg"
},
{
"url": "https://https://github.com/chamilo/chamilo-lms/commit/4c69b294f927db62092e01b70ac9bd6e32d5b48b",
"source": "info@starlabs.sg"
},
{
"url": "https://starlabs.sg/advisories/23/23-3368/",
"source": "info@starlabs.sg"
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-121-2023-07-05-Critical-impact-High-risk-Unauthenticated-Command-Injection-CVE-2023-3368",
"source": "info@starlabs.sg"
}
]
}

63
CVE-2023/CVE-2023-35xx/CVE-2023-3533.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-3533",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T07:15:42.377",
"lastModified": "2023-11-28T07:15:42.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/37be9ce7243a30259047dd4517c48ff8b21d657a",
"source": "info@starlabs.sg"
},
{
"url": "https://starlabs.sg/advisories/23/23-3533/",
"source": "info@starlabs.sg"
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-124-2023-07-13-Critical-impact-High-risk-Unauthenticated-Arbitrary-File-Write-RCE-CVE-2023-3533",
"source": "info@starlabs.sg"
}
]
}

63
CVE-2023/CVE-2023-35xx/CVE-2023-3545.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-3545",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T07:15:42.913",
"lastModified": "2023-11-28T07:15:42.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-178"
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/dc7bfce429fbd843a95a57c184b6992c4d709549",
"source": "info@starlabs.sg"
},
{
"url": "https://starlabs.sg/advisories/23/23-3545/",
"source": "info@starlabs.sg"
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-125-2023-07-13-Critical-impact-Moderate-risk-Htaccess-File-Upload-Security-Bypass-on-Windows-CVE-2023-3545",
"source": "info@starlabs.sg"
}
]
}

63
CVE-2023/CVE-2023-42xx/CVE-2023-4220.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-4220",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:07.137",
"lastModified": "2023-11-28T08:15:07.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/3b487a55076fb06f96809b790a35dcdd42f8ec49",
"source": "info@starlabs.sg"
},
{
"url": "https://starlabs.sg/advisories/23/23-4220",
"source": "info@starlabs.sg"
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-130-2023-09-04-Critical-impact-High-risk-Unauthenticated-users-may-gain-XSS-and-unauthenticated-RCE-CVE-2023-4220",
"source": "info@starlabs.sg"
}
]
}

67
CVE-2023/CVE-2023-42xx/CVE-2023-4221.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-4221",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:07.910",
"lastModified": "2023-11-28T08:15:07.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/841a07396fed0ef27c5db13a1b700eac02754fc7",
"source": "info@starlabs.sg"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/ed72914608d2a07ee2eb587c1a654480d08201db",
"source": "info@starlabs.sg"
},
{
"url": "https://starlabs.sg/advisories/23/23-4221",
"source": "info@starlabs.sg"
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-128-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4221CVE-2023-4222",
"source": "info@starlabs.sg"
}
]
}

67
CVE-2023/CVE-2023-42xx/CVE-2023-4222.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-4222",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:08.307",
"lastModified": "2023-11-28T08:15:08.307",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/841a07396fed0ef27c5db13a1b700eac02754fc7",
"source": "info@starlabs.sg"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/ed72914608d2a07ee2eb587c1a654480d08201db",
"source": "info@starlabs.sg"
},
{
"url": "https://starlabs.sg/advisories/23/23-4222",
"source": "info@starlabs.sg"
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-128-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4221CVE-2023-4222",
"source": "info@starlabs.sg"
}
]
}

71
CVE-2023/CVE-2023-42xx/CVE-2023-4223.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-4223",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:08.803",
"lastModified": "2023-11-28T08:15:08.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/3d74fb7d99bd2e287730552f7a66562417a55047",
"source": "info@starlabs.sg"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4",
"source": "info@starlabs.sg"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f",
"source": "info@starlabs.sg"
},
{
"url": "https://starlabs.sg/advisories/23/23-4223",
"source": "info@starlabs.sg"
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226",
"source": "info@starlabs.sg"
}
]
}

71
CVE-2023/CVE-2023-42xx/CVE-2023-4224.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-4224",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:09.213",
"lastModified": "2023-11-28T08:15:09.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4",
"source": "info@starlabs.sg"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f",
"source": "info@starlabs.sg"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a",
"source": "info@starlabs.sg"
},
{
"url": "https://starlabs.sg/advisories/23/23-4224",
"source": "info@starlabs.sg"
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226",
"source": "info@starlabs.sg"
}
]
}

71
CVE-2023/CVE-2023-42xx/CVE-2023-4225.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-4225",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:09.607",
"lastModified": "2023-11-28T08:15:09.607",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4",
"source": "info@starlabs.sg"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f",
"source": "info@starlabs.sg"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a",
"source": "info@starlabs.sg"
},
{
"url": "https://starlabs.sg/advisories/23/23-4225",
"source": "info@starlabs.sg"
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226",
"source": "info@starlabs.sg"
}
]
}

71
CVE-2023/CVE-2023-42xx/CVE-2023-4226.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-4226",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T08:15:10.430",
"lastModified": "2023-11-28T08:15:10.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4",
"source": "info@starlabs.sg"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f",
"source": "info@starlabs.sg"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a",
"source": "info@starlabs.sg"
},
{
"url": "https://starlabs.sg/advisories/23/23-4226",
"source": "info@starlabs.sg"
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226",
"source": "info@starlabs.sg"
}
]
}

10
CVE-2023/CVE-2023-453xx/CVE-2023-45311.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-45311",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T21:15:10.940",
"lastModified": "2023-10-16T18:13:18.297",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-28T07:15:43.260",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary."
"value": "fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. NOTE: some sources feel that this means that no version is affected any longer, because the URL is not controlled by an adversary."
},
{
"lang": "es",
@ -124,6 +124,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-FSEVENTS-5487987",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-480xx/CVE-2023-48022.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48022",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T08:15:06.910",
"lastModified": "2023-11-28T08:15:06.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment"
}
],
"metrics": {},
"references": [
{
"url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0",
"source": "cve@mitre.org"
},
{
"url": "https://docs.ray.io/en/latest/ray-security/index.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-480xx/CVE-2023-48023.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-48023",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T08:15:07.060",
"lastModified": "2023-11-28T08:15:07.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment"
}
],
"metrics": {},
"references": [
{
"url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0",
"source": "cve@mitre.org"
},
{
"url": "https://docs.ray.io/en/latest/ray-security/index.html",
"source": "cve@mitre.org"
}
]
}

27
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-28T07:00:17.784232+00:00
2023-11-28T09:00:18.731882+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-28T05:15:08.920000+00:00
2023-11-28T08:15:10.430000+00:00
```
### Last Data Feed Release
@ -29,22 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231608
231621
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `13`
* [CVE-2023-49075](CVE-2023/CVE-2023-490xx/CVE-2023-49075.json) (`2023-11-28T05:15:08.160`)
* [CVE-2023-6225](CVE-2023/CVE-2023-62xx/CVE-2023-6225.json) (`2023-11-28T05:15:08.613`)
* [CVE-2023-6226](CVE-2023/CVE-2023-62xx/CVE-2023-6226.json) (`2023-11-28T05:15:08.920`)
* [CVE-2023-24023](CVE-2023/CVE-2023-240xx/CVE-2023-24023.json) (`2023-11-28T07:15:41.340`)
* [CVE-2023-3368](CVE-2023/CVE-2023-33xx/CVE-2023-3368.json) (`2023-11-28T07:15:41.683`)
* [CVE-2023-3533](CVE-2023/CVE-2023-35xx/CVE-2023-3533.json) (`2023-11-28T07:15:42.377`)
* [CVE-2023-3545](CVE-2023/CVE-2023-35xx/CVE-2023-3545.json) (`2023-11-28T07:15:42.913`)
* [CVE-2023-48022](CVE-2023/CVE-2023-480xx/CVE-2023-48022.json) (`2023-11-28T08:15:06.910`)
* [CVE-2023-48023](CVE-2023/CVE-2023-480xx/CVE-2023-48023.json) (`2023-11-28T08:15:07.060`)
* [CVE-2023-4220](CVE-2023/CVE-2023-42xx/CVE-2023-4220.json) (`2023-11-28T08:15:07.137`)
* [CVE-2023-4221](CVE-2023/CVE-2023-42xx/CVE-2023-4221.json) (`2023-11-28T08:15:07.910`)
* [CVE-2023-4222](CVE-2023/CVE-2023-42xx/CVE-2023-4222.json) (`2023-11-28T08:15:08.307`)
* [CVE-2023-4223](CVE-2023/CVE-2023-42xx/CVE-2023-4223.json) (`2023-11-28T08:15:08.803`)
* [CVE-2023-4224](CVE-2023/CVE-2023-42xx/CVE-2023-4224.json) (`2023-11-28T08:15:09.213`)
* [CVE-2023-4225](CVE-2023/CVE-2023-42xx/CVE-2023-4225.json) (`2023-11-28T08:15:09.607`)
* [CVE-2023-4226](CVE-2023/CVE-2023-42xx/CVE-2023-4226.json) (`2023-11-28T08:15:10.430`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
* [CVE-2023-45311](CVE-2023/CVE-2023-453xx/CVE-2023-45311.json) (`2023-11-28T07:15:43.260`)
## Download and Usage