diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24023.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24023.json new file mode 100644 index 00000000000..675a4ca6d94 --- /dev/null +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24023.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-24023", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-28T07:15:41.340", + "lastModified": "2023-11-28T07:15:41.340", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://dl.acm.org/doi/10.1145/3576915.3623066", + "source": "cve@mitre.org" + }, + { + "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3368.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3368.json new file mode 100644 index 00000000000..81183620e57 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3368.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-3368", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-11-28T07:15:41.683", + "lastModified": "2023-11-28T07:15:41.683", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/37be9ce7243a30259047dd4517c48ff8b21d657a", + "source": "info@starlabs.sg" + }, + { + "url": "https://https://github.com/chamilo/chamilo-lms/commit/4c69b294f927db62092e01b70ac9bd6e32d5b48b", + "source": "info@starlabs.sg" + }, + { + "url": "https://starlabs.sg/advisories/23/23-3368/", + "source": "info@starlabs.sg" + }, + { + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-121-2023-07-05-Critical-impact-High-risk-Unauthenticated-Command-Injection-CVE-2023-3368", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3533.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3533.json new file mode 100644 index 00000000000..a93116aa120 --- /dev/null +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3533.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-3533", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-11-28T07:15:42.377", + "lastModified": "2023-11-28T07:15:42.377", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/37be9ce7243a30259047dd4517c48ff8b21d657a", + "source": "info@starlabs.sg" + }, + { + "url": "https://starlabs.sg/advisories/23/23-3533/", + "source": "info@starlabs.sg" + }, + { + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-124-2023-07-13-Critical-impact-High-risk-Unauthenticated-Arbitrary-File-Write-RCE-CVE-2023-3533", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3545.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3545.json new file mode 100644 index 00000000000..b3e069ca98c --- /dev/null +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3545.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-3545", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-11-28T07:15:42.913", + "lastModified": "2023-11-28T07:15:42.913", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-178" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/dc7bfce429fbd843a95a57c184b6992c4d709549", + "source": "info@starlabs.sg" + }, + { + "url": "https://starlabs.sg/advisories/23/23-3545/", + "source": "info@starlabs.sg" + }, + { + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-125-2023-07-13-Critical-impact-Moderate-risk-Htaccess-File-Upload-Security-Bypass-on-Windows-CVE-2023-3545", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4220.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4220.json new file mode 100644 index 00000000000..e96747db448 --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4220.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-4220", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-11-28T08:15:07.137", + "lastModified": "2023-11-28T08:15:07.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/3b487a55076fb06f96809b790a35dcdd42f8ec49", + "source": "info@starlabs.sg" + }, + { + "url": "https://starlabs.sg/advisories/23/23-4220", + "source": "info@starlabs.sg" + }, + { + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-130-2023-09-04-Critical-impact-High-risk-Unauthenticated-users-may-gain-XSS-and-unauthenticated-RCE-CVE-2023-4220", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4221.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4221.json new file mode 100644 index 00000000000..eb1b76b3987 --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4221.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-4221", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-11-28T08:15:07.910", + "lastModified": "2023-11-28T08:15:07.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/841a07396fed0ef27c5db13a1b700eac02754fc7", + "source": "info@starlabs.sg" + }, + { + "url": "https://github.com/chamilo/chamilo-lms/commit/ed72914608d2a07ee2eb587c1a654480d08201db", + "source": "info@starlabs.sg" + }, + { + "url": "https://starlabs.sg/advisories/23/23-4221", + "source": "info@starlabs.sg" + }, + { + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-128-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4221CVE-2023-4222", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4222.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4222.json new file mode 100644 index 00000000000..d8d8fad677e --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4222.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-4222", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-11-28T08:15:08.307", + "lastModified": "2023-11-28T08:15:08.307", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/841a07396fed0ef27c5db13a1b700eac02754fc7", + "source": "info@starlabs.sg" + }, + { + "url": "https://github.com/chamilo/chamilo-lms/commit/ed72914608d2a07ee2eb587c1a654480d08201db", + "source": "info@starlabs.sg" + }, + { + "url": "https://starlabs.sg/advisories/23/23-4222", + "source": "info@starlabs.sg" + }, + { + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-128-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4221CVE-2023-4222", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4223.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4223.json new file mode 100644 index 00000000000..62a26dad68c --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4223.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2023-4223", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-11-28T08:15:08.803", + "lastModified": "2023-11-28T08:15:08.803", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/3d74fb7d99bd2e287730552f7a66562417a55047", + "source": "info@starlabs.sg" + }, + { + "url": "https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4", + "source": "info@starlabs.sg" + }, + { + "url": "https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f", + "source": "info@starlabs.sg" + }, + { + "url": "https://starlabs.sg/advisories/23/23-4223", + "source": "info@starlabs.sg" + }, + { + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4224.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4224.json new file mode 100644 index 00000000000..b687777e14a --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4224.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2023-4224", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-11-28T08:15:09.213", + "lastModified": "2023-11-28T08:15:09.213", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4", + "source": "info@starlabs.sg" + }, + { + "url": "https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f", + "source": "info@starlabs.sg" + }, + { + "url": "https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a", + "source": "info@starlabs.sg" + }, + { + "url": "https://starlabs.sg/advisories/23/23-4224", + "source": "info@starlabs.sg" + }, + { + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4225.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4225.json new file mode 100644 index 00000000000..fab50724c60 --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4225.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2023-4225", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-11-28T08:15:09.607", + "lastModified": "2023-11-28T08:15:09.607", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4", + "source": "info@starlabs.sg" + }, + { + "url": "https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f", + "source": "info@starlabs.sg" + }, + { + "url": "https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a", + "source": "info@starlabs.sg" + }, + { + "url": "https://starlabs.sg/advisories/23/23-4225", + "source": "info@starlabs.sg" + }, + { + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4226.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4226.json new file mode 100644 index 00000000000..05544c41c50 --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4226.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2023-4226", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-11-28T08:15:10.430", + "lastModified": "2023-11-28T08:15:10.430", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4", + "source": "info@starlabs.sg" + }, + { + "url": "https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f", + "source": "info@starlabs.sg" + }, + { + "url": "https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a", + "source": "info@starlabs.sg" + }, + { + "url": "https://starlabs.sg/advisories/23/23-4226", + "source": "info@starlabs.sg" + }, + { + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45311.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45311.json index 63805160cfa..4ed187cc5cb 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45311.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45311.json @@ -2,12 +2,12 @@ "id": "CVE-2023-45311", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-06T21:15:10.940", - "lastModified": "2023-10-16T18:13:18.297", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-28T07:15:43.260", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary." + "value": "fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. NOTE: some sources feel that this means that no version is affected any longer, because the URL is not controlled by an adversary." }, { "lang": "es", @@ -124,6 +124,10 @@ "Patch", "Vendor Advisory" ] + }, + { + "url": "https://security.snyk.io/vuln/SNYK-JS-FSEVENTS-5487987", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48022.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48022.json new file mode 100644 index 00000000000..bb87b9ae84e --- /dev/null +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48022.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-48022", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-28T08:15:06.910", + "lastModified": "2023-11-28T08:15:06.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0", + "source": "cve@mitre.org" + }, + { + "url": "https://docs.ray.io/en/latest/ray-security/index.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48023.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48023.json new file mode 100644 index 00000000000..50cae9d1527 --- /dev/null +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48023.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-48023", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-28T08:15:07.060", + "lastModified": "2023-11-28T08:15:07.060", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0", + "source": "cve@mitre.org" + }, + { + "url": "https://docs.ray.io/en/latest/ray-security/index.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 7eb2c29a3d6..1f49250d5c1 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-28T07:00:17.784232+00:00 +2023-11-28T09:00:18.731882+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-28T05:15:08.920000+00:00 +2023-11-28T08:15:10.430000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231608 +231621 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `13` -* [CVE-2023-49075](CVE-2023/CVE-2023-490xx/CVE-2023-49075.json) (`2023-11-28T05:15:08.160`) -* [CVE-2023-6225](CVE-2023/CVE-2023-62xx/CVE-2023-6225.json) (`2023-11-28T05:15:08.613`) -* [CVE-2023-6226](CVE-2023/CVE-2023-62xx/CVE-2023-6226.json) (`2023-11-28T05:15:08.920`) +* [CVE-2023-24023](CVE-2023/CVE-2023-240xx/CVE-2023-24023.json) (`2023-11-28T07:15:41.340`) +* [CVE-2023-3368](CVE-2023/CVE-2023-33xx/CVE-2023-3368.json) (`2023-11-28T07:15:41.683`) +* [CVE-2023-3533](CVE-2023/CVE-2023-35xx/CVE-2023-3533.json) (`2023-11-28T07:15:42.377`) +* [CVE-2023-3545](CVE-2023/CVE-2023-35xx/CVE-2023-3545.json) (`2023-11-28T07:15:42.913`) +* [CVE-2023-48022](CVE-2023/CVE-2023-480xx/CVE-2023-48022.json) (`2023-11-28T08:15:06.910`) +* [CVE-2023-48023](CVE-2023/CVE-2023-480xx/CVE-2023-48023.json) (`2023-11-28T08:15:07.060`) +* [CVE-2023-4220](CVE-2023/CVE-2023-42xx/CVE-2023-4220.json) (`2023-11-28T08:15:07.137`) +* [CVE-2023-4221](CVE-2023/CVE-2023-42xx/CVE-2023-4221.json) (`2023-11-28T08:15:07.910`) +* [CVE-2023-4222](CVE-2023/CVE-2023-42xx/CVE-2023-4222.json) (`2023-11-28T08:15:08.307`) +* [CVE-2023-4223](CVE-2023/CVE-2023-42xx/CVE-2023-4223.json) (`2023-11-28T08:15:08.803`) +* [CVE-2023-4224](CVE-2023/CVE-2023-42xx/CVE-2023-4224.json) (`2023-11-28T08:15:09.213`) +* [CVE-2023-4225](CVE-2023/CVE-2023-42xx/CVE-2023-4225.json) (`2023-11-28T08:15:09.607`) +* [CVE-2023-4226](CVE-2023/CVE-2023-42xx/CVE-2023-4226.json) (`2023-11-28T08:15:10.430`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2023-45311](CVE-2023/CVE-2023-453xx/CVE-2023-45311.json) (`2023-11-28T07:15:43.260`) ## Download and Usage