Auto-Update: 2023-11-06T03:00:18.735311+00:00

2025-06-21 17:41:05 +00:00 · 2023-11-06 03:00:22 +00:00 · 2023-11-06 03:00:22 +00:00 · c84aef175a
commit c84aef175a
parent d59bfbba23
7 changed files with 317 additions and 28 deletions
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25093.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25093.json
@ -0,0 +1,92 @@
+{
+  "id": "CVE-2018-25093",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-11-06T01:15:08.690",
+  "lastModified": "2023-11-06T01:15:08.690",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The name of the patch is cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244484."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "ADJACENT_NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 5.2
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 5.1,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/Vaerys-Dawn/DiscordSailv2/commit/cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/Vaerys-Dawn/DiscordSailv2/releases/tag/2.10.3",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.244484",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.244484",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-461xx/CVE-2022-46176.json
+++ b/CVE-2022/CVE-2022-461xx/CVE-2022-46176.json
@ -2,12 +2,12 @@
  "id": "CVE-2022-46176",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-01-11T21:15:10.087",
-  "lastModified": "2023-01-19T19:07:07.450",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-11-06T01:15:08.817",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don't explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git's [`url.<base>.insteadOf`][1] setting), as that'd cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server's public key is not already trusted. We recommend everyone to upgrade as soon as possible."
+      "value": "Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don't explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git's [`url.<base>.insteadOf`][1] setting), as that'd cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server's public key is not already trusted. We recommend everyone to upgrade as soon as possible. "
    }
  ],
  "metrics": {
@ -85,6 +85,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/11/05/6",
+      "source": "security-advisories@github.com"
+    },
    {
      "url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j",
      "source": "security-advisories@github.com",
--- a/CVE-2023/CVE-2023-468xx/CVE-2023-46802.json
+++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46802.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-46802",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-11-06T02:15:07.333",
+  "lastModified": "2023-11-06T02:15:07.333",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN14762986/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.e-tax.nta.go.jp/topics/topics_20231102.htm",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-54xx/CVE-2023-5423.json
+++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5423.json
@ -2,15 +2,41 @@
  "id": "CVE-2023-5423",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-10-05T18:15:13.330",
-  "lastModified": "2023-10-05T19:13:42.317",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-11-06T01:37:06.490",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-241384."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad ha sido encontrada en SourceCodester Online Pizza Ordering System 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /admin/ajax.php?action=confirm_order. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El identificador de esta vulnerabilidad es VDB-241384."
    }
  ],
  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ],
    "cvssMetricV30": [
      {
        "source": "cna@vuldb.com",
@ -71,14 +97,39 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:oretnom23:online_pizza_ordering_system:1.0:*:*:*:*:*:*:*",
+              "matchCriteriaId": "76395B02-9FAD-4D8D-AF9C-B1C069190771"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://vuldb.com/?ctiid.241384",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
+      "tags": [
+        "Permissions Required",
+        "Third Party Advisory"
+      ]
    },
    {
      "url": "https://vuldb.com/?id.241384",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
+      "tags": [
+        "Permissions Required",
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-55xx/CVE-2023-5587.json
+++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5587.json
@ -2,15 +2,41 @@
  "id": "CVE-2023-5587",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-10-15T22:15:15.583",
-  "lastModified": "2023-10-16T11:58:00.980",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-11-06T01:37:28.507",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-242186 is the identifier assigned to this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad fue encontrada en SourceCodester Free Hospital Management System for Small Practices 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /vm/admin/doctors.php del componente Parameter Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n de la b\u00fasqueda de argumentos conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-242186 es el identificador asignado a esta vulnerabilidad."
    }
  ],
  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ],
    "cvssMetricV30": [
      {
        "source": "cna@vuldb.com",
@ -61,7 +87,7 @@
  },
  "weaknesses": [
    {
-      "source": "cna@vuldb.com",
+      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
@ -69,20 +95,58 @@
          "value": "CWE-89"
        }
      ]
+    },
+    {
+      "source": "cna@vuldb.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:free_hospital_management_system_for_small_practices_project:free_hospital_management_system_for_small_practices:1.0:*:*:*:*:*:*:*",
+              "matchCriteriaId": "6628AA15-4E5F-423E-A548-44D1300F8AD8"
+            }
+          ]
+        }
+      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/GodRone/Hospital-Management-System_SQL-injection/blob/main/Hospital%20Management%20System_SQL%20injection.md",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
    },
    {
      "url": "https://vuldb.com/?ctiid.242186",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
+      "tags": [
+        "Permissions Required",
+        "Third Party Advisory"
+      ]
    },
    {
      "url": "https://vuldb.com/?id.242186",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-55xx/CVE-2023-5589.json
+++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5589.json
@ -2,15 +2,41 @@
  "id": "CVE-2023-5589",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-10-15T23:15:44.777",
-  "lastModified": "2023-10-16T11:58:00.980",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-11-06T01:37:46.310",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242188."
+    },
+    {
+      "lang": "es",
+      "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Judging Management System 1.0. Ha sido declarado cr\u00edtico. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo login.php. La manipulaci\u00f3n del argumento contrase\u00f1a conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-242188."
    }
  ],
  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ],
    "cvssMetricV30": [
      {
        "source": "cna@vuldb.com",
@ -71,18 +97,46 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:judging_management_system_project:judging_management_system:1.0:*:*:*:*:*:*:*",
+              "matchCriteriaId": "FAE693B0-3497-406C-AD53-36AC05735004"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://github.com/GodRone/Judging-Management-System_SQL-injection/blob/main/Judging%20Management%20System_SQL%20injection.md",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
    },
    {
      "url": "https://vuldb.com/?ctiid.242188",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
+      "tags": [
+        "Permissions Required",
+        "Third Party Advisory"
+      ]
    },
    {
      "url": "https://vuldb.com/?id.242188",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-11-06T00:55:19.150875+00:00
+2023-11-06T03:00:18.735311+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-11-06T00:15:09.380000+00:00
+2023-11-06T02:15:07.333000+00:00
 ```

 ### Last Data Feed Release
@ -23,31 +23,31 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2023-11-05T01:00:13.541403+00:00
+2023-11-06T01:00:13.547710+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-229794
+229796
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `2`

-* [CVE-2023-47271](CVE-2023/CVE-2023-472xx/CVE-2023-47271.json) (`2023-11-06T00:15:09.317`)
-* [CVE-2023-47272](CVE-2023/CVE-2023-472xx/CVE-2023-47272.json) (`2023-11-06T00:15:09.380`)
+* [CVE-2018-25093](CVE-2018/CVE-2018-250xx/CVE-2018-25093.json) (`2023-11-06T01:15:08.690`)
+* [CVE-2023-46802](CVE-2023/CVE-2023-468xx/CVE-2023-46802.json) (`2023-11-06T02:15:07.333`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `4`

-* [CVE-2023-34058](CVE-2023/CVE-2023-340xx/CVE-2023-34058.json) (`2023-11-06T00:15:08.227`)
-* [CVE-2023-34059](CVE-2023/CVE-2023-340xx/CVE-2023-34059.json) (`2023-11-06T00:15:08.457`)
-* [CVE-2023-41752](CVE-2023/CVE-2023-417xx/CVE-2023-41752.json) (`2023-11-06T00:15:08.553`)
-* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-11-06T00:15:08.667`)
+* [CVE-2022-46176](CVE-2022/CVE-2022-461xx/CVE-2022-46176.json) (`2023-11-06T01:15:08.817`)
+* [CVE-2023-5423](CVE-2023/CVE-2023-54xx/CVE-2023-5423.json) (`2023-11-06T01:37:06.490`)
+* [CVE-2023-5587](CVE-2023/CVE-2023-55xx/CVE-2023-5587.json) (`2023-11-06T01:37:28.507`)
+* [CVE-2023-5589](CVE-2023/CVE-2023-55xx/CVE-2023-5589.json) (`2023-11-06T01:37:46.310`)


 ## Download and Usage