admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-03T07:00:19.194206+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-03 07:00:22 +00:00
parent 2ff1297c05
commit cf3e83be8d
27 changed files with 970 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-295xx/CVE-2022-29548.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-29548",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-21T02:15:06.800",
"lastModified": "2022-12-02T22:41:29.290",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-03T05:15:29.183",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -278,6 +278,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1603/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-389xx/CVE-2023-38965.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38965",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T05:15:29.400",
"lastModified": "2023-11-03T05:15:29.400",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI."
}
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-411xx/CVE-2023-41164.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41164",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T05:15:29.447",
"lastModified": "2023-11-03T05:15:29.447",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.djangoproject.com/en/4.2/releases/security/",
"source": "cve@mitre.org"
},
{
"url": "https://groups.google.com/forum/#!forum/django-announce",
"source": "cve@mitre.org"
},
{
"url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases/",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-412xx/CVE-2023-41259.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41259",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T05:15:29.490",
"lastModified": "2023-11-03T05:15:29.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7",
"source": "cve@mitre.org"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5",
"source": "cve@mitre.org"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-412xx/CVE-2023-41260.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41260",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T05:15:29.537",
"lastModified": "2023-11-03T05:15:29.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.7",
"source": "cve@mitre.org"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5",
"source": "cve@mitre.org"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-413xx/CVE-2023-41343.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41343",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-11-03T05:15:29.583",
"lastModified": "2023-11-03T05:15:29.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7509-5b734-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-413xx/CVE-2023-41345.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41345",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-11-03T05:15:29.660",
"lastModified": "2023-11-03T05:15:29.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7496-96e2c-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-413xx/CVE-2023-41346.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41346",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-11-03T05:15:29.733",
"lastModified": "2023-11-03T05:15:29.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7497-f92ac-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-413xx/CVE-2023-41347.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41347",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-11-03T05:15:29.800",
"lastModified": "2023-11-03T05:15:29.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7498-18012-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-413xx/CVE-2023-41348.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41348",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-11-03T05:15:29.867",
"lastModified": "2023-11-03T05:15:29.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7499-63907-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-413xx/CVE-2023-41350.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41350",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-11-03T05:15:29.930",
"lastModified": "2023-11-03T05:15:29.930",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7500-0c544-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-413xx/CVE-2023-41351.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41351",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-11-03T06:15:07.107",
"lastModified": "2023-11-03T06:15:07.107",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-413xx/CVE-2023-41352.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41352",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-11-03T06:15:07.313",
"lastModified": "2023-11-03T06:15:07.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7502-287ec-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-413xx/CVE-2023-41353.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41353",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-11-03T06:15:07.417",
"lastModified": "2023-11-03T06:15:07.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-521"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7503-a27ed-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-413xx/CVE-2023-41354.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41354",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-11-03T06:15:07.527",
"lastModified": "2023-11-03T06:15:07.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7504-c6a5e-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-413xx/CVE-2023-41355.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41355",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-11-03T06:15:07.630",
"lastModified": "2023-11-03T06:15:07.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7505-a0c94-1.html",
"source": "twcert@cert.org.tw"
}
]
}

24
CVE-2023/CVE-2023-419xx/CVE-2023-41914.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-41914",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T05:15:30.000",
"lastModified": "2023-11-03T05:15:30.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files."
}
],
"metrics": {},
"references": [
{
"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000100.html",
"source": "cve@mitre.org"
},
{
"url": "https://schedmd.com/security.php",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-436xx/CVE-2023-43665.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-43665",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T05:15:30.047",
"lastModified": "2023-11-03T05:15:30.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.djangoproject.com/en/4.2/releases/security/",
"source": "cve@mitre.org"
},
{
"url": "https://groups.google.com/forum/#!forum/django-announce",
"source": "cve@mitre.org"
},
{
"url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-439xx/CVE-2023-43982.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43982",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T05:15:30.093",
"lastModified": "2023-11-03T05:15:30.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call."
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/11/02/boninstagramcarousel.html",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-442xx/CVE-2023-44271.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-44271",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T05:15:30.137",
"lastModified": "2023-11-03T05:15:30.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument."
}
],
"metrics": {},
"references": [
{
"url": "https://devhub.checkmarx.com/cve-details/CVE-2023-44271/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/python-pillow/Pillow/pull/7244",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-444xx/CVE-2023-44487.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44487",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T14:15:10.883",
"lastModified": "2023-10-31T16:15:09.080",
"lastModified": "2023-11-03T05:15:30.180",
"vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2023-10-10",
"cisaActionDue": "2023-10-31",
@ -2061,6 +2061,10 @@
"Vendor Advisory"
]
},
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715",
"source": "cve@mitre.org"
},
{
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve",
"source": "cve@mitre.org",

24
CVE-2023/CVE-2023-450xx/CVE-2023-45024.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-45024",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T05:15:30.687",
"lastModified": "2023-11-03T05:15:30.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.5",
"source": "cve@mitre.org"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-453xx/CVE-2023-45360.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45360",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T05:15:30.730",
"lastModified": "2023-11-03T05:15:30.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers."
}
],
"metrics": {},
"references": [
{
"url": "https://phabricator.wikimedia.org/T340221",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-453xx/CVE-2023-45362.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45362",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T05:15:30.773",
"lastModified": "2023-11-03T05:15:30.773",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka \"X intermediate revisions by the same user not shown\") ignores username suppression. This is an information leak."
}
],
"metrics": {},
"references": [
{
"url": "https://phabricator.wikimedia.org/T341529",
"source": "cve@mitre.org"
}
]
}

15
CVE-2023/CVE-2023-465xx/CVE-2023-46517.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-46517",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T05:15:30.817",
"lastModified": "2023-11-03T05:15:30.817",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
],
"metrics": {},
"references": []
}

36
CVE-2023/CVE-2023-468xx/CVE-2023-46817.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-46817",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-03T05:15:30.867",
"lastModified": "2023-11-03T05:15:30.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code."
}
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/30",
"source": "cve@mitre.org"
},
{
"url": "https://docs.phpfox.com/display/FOX4MAN/phpFox+4.8.14",
"source": "cve@mitre.org"
},
{
"url": "https://karmainsecurity.com/KIS-2023-12",
"source": "cve@mitre.org"
},
{
"url": "https://karmainsecurity.com/pocs/CVE-2023-46817.php",
"source": "cve@mitre.org"
},
{
"url": "https://www.phpfox.com/blog/",
"source": "cve@mitre.org"
}
]
}

48
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-03T05:00:19.731004+00:00
2023-11-03T07:00:19.194206+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-03T04:15:21.083000+00:00
2023-11-03T06:15:07.630000+00:00
```
### Last Data Feed Release
@ -29,31 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
229689
229713
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `24`
* [CVE-2020-28407](CVE-2020/CVE-2020-284xx/CVE-2020-28407.json) (`2023-11-03T04:15:15.447`)
* [CVE-2023-35896](CVE-2023/CVE-2023-358xx/CVE-2023-35896.json) (`2023-11-03T03:15:07.720`)
* [CVE-2023-46954](CVE-2023/CVE-2023-469xx/CVE-2023-46954.json) (`2023-11-03T03:15:07.920`)
* [CVE-2023-31102](CVE-2023/CVE-2023-311xx/CVE-2023-31102.json) (`2023-11-03T04:15:20.793`)
* [CVE-2023-34259](CVE-2023/CVE-2023-342xx/CVE-2023-34259.json) (`2023-11-03T04:15:20.853`)
* [CVE-2023-34260](CVE-2023/CVE-2023-342xx/CVE-2023-34260.json) (`2023-11-03T04:15:20.907`)
* [CVE-2023-34261](CVE-2023/CVE-2023-342xx/CVE-2023-34261.json) (`2023-11-03T04:15:20.963`)
* [CVE-2023-36620](CVE-2023/CVE-2023-366xx/CVE-2023-36620.json) (`2023-11-03T04:15:21.023`)
* [CVE-2023-36621](CVE-2023/CVE-2023-366xx/CVE-2023-36621.json) (`2023-11-03T04:15:21.083`)
* [CVE-2023-38965](CVE-2023/CVE-2023-389xx/CVE-2023-38965.json) (`2023-11-03T05:15:29.400`)
* [CVE-2023-41164](CVE-2023/CVE-2023-411xx/CVE-2023-41164.json) (`2023-11-03T05:15:29.447`)
* [CVE-2023-41259](CVE-2023/CVE-2023-412xx/CVE-2023-41259.json) (`2023-11-03T05:15:29.490`)
* [CVE-2023-41260](CVE-2023/CVE-2023-412xx/CVE-2023-41260.json) (`2023-11-03T05:15:29.537`)
* [CVE-2023-41343](CVE-2023/CVE-2023-413xx/CVE-2023-41343.json) (`2023-11-03T05:15:29.583`)
* [CVE-2023-41345](CVE-2023/CVE-2023-413xx/CVE-2023-41345.json) (`2023-11-03T05:15:29.660`)
* [CVE-2023-41346](CVE-2023/CVE-2023-413xx/CVE-2023-41346.json) (`2023-11-03T05:15:29.733`)
* [CVE-2023-41347](CVE-2023/CVE-2023-413xx/CVE-2023-41347.json) (`2023-11-03T05:15:29.800`)
* [CVE-2023-41348](CVE-2023/CVE-2023-413xx/CVE-2023-41348.json) (`2023-11-03T05:15:29.867`)
* [CVE-2023-41350](CVE-2023/CVE-2023-413xx/CVE-2023-41350.json) (`2023-11-03T05:15:29.930`)
* [CVE-2023-41914](CVE-2023/CVE-2023-419xx/CVE-2023-41914.json) (`2023-11-03T05:15:30.000`)
* [CVE-2023-43665](CVE-2023/CVE-2023-436xx/CVE-2023-43665.json) (`2023-11-03T05:15:30.047`)
* [CVE-2023-43982](CVE-2023/CVE-2023-439xx/CVE-2023-43982.json) (`2023-11-03T05:15:30.093`)
* [CVE-2023-44271](CVE-2023/CVE-2023-442xx/CVE-2023-44271.json) (`2023-11-03T05:15:30.137`)
* [CVE-2023-45024](CVE-2023/CVE-2023-450xx/CVE-2023-45024.json) (`2023-11-03T05:15:30.687`)
* [CVE-2023-45360](CVE-2023/CVE-2023-453xx/CVE-2023-45360.json) (`2023-11-03T05:15:30.730`)
* [CVE-2023-45362](CVE-2023/CVE-2023-453xx/CVE-2023-45362.json) (`2023-11-03T05:15:30.773`)
* [CVE-2023-46517](CVE-2023/CVE-2023-465xx/CVE-2023-46517.json) (`2023-11-03T05:15:30.817`)
* [CVE-2023-46817](CVE-2023/CVE-2023-468xx/CVE-2023-46817.json) (`2023-11-03T05:15:30.867`)
* [CVE-2023-41351](CVE-2023/CVE-2023-413xx/CVE-2023-41351.json) (`2023-11-03T06:15:07.107`)
* [CVE-2023-41352](CVE-2023/CVE-2023-413xx/CVE-2023-41352.json) (`2023-11-03T06:15:07.313`)
* [CVE-2023-41353](CVE-2023/CVE-2023-413xx/CVE-2023-41353.json) (`2023-11-03T06:15:07.417`)
* [CVE-2023-41354](CVE-2023/CVE-2023-413xx/CVE-2023-41354.json) (`2023-11-03T06:15:07.527`)
* [CVE-2023-41355](CVE-2023/CVE-2023-413xx/CVE-2023-41355.json) (`2023-11-03T06:15:07.630`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `2`
* [CVE-2022-34300](CVE-2022/CVE-2022-343xx/CVE-2022-34300.json) (`2023-11-03T03:15:07.587`)
* [CVE-2023-45803](CVE-2023/CVE-2023-458xx/CVE-2023-45803.json) (`2023-11-03T03:15:07.807`)
* [CVE-2023-5472](CVE-2023/CVE-2023-54xx/CVE-2023-5472.json) (`2023-11-03T03:15:07.963`)
* [CVE-2022-29548](CVE-2022/CVE-2022-295xx/CVE-2022-29548.json) (`2023-11-03T05:15:29.183`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-11-03T05:15:30.180`)
## Download and Usage