Auto-Update: 2023-11-06T09:00:18.813530+00:00

2025-06-21 17:41:05 +00:00 · 2023-11-06 09:00:22 +00:00 · 2023-11-06 09:00:22 +00:00 · d1f2c3c033
commit d1f2c3c033
parent a285cc7176
11 changed files with 445 additions and 11 deletions
--- a/CVE-2021/CVE-2021-44xx/CVE-2021-4430.json
+++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4430.json
@ -0,0 +1,92 @@
+{
+  "id": "CVE-2021-4430",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-11-06T08:15:21.343",
+  "lastModified": "2023-11-06T08:15:21.343",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address this issue. The identifier of the patch is a3aa62daea2e44c76d08d1eac63768cd928cd69e. It is recommended to upgrade the affected component. The identifier VDB-244485 was assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.5,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
+          "accessVector": "ADJACENT_NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 2.7
+        },
+        "baseSeverity": "LOW",
+        "exploitabilityScore": 5.1,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/Ortus-Solutions/coldbox-elixir/commit/a3aa62daea2e44c76d08d1eac63768cd928cd69e",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/Ortus-Solutions/coldbox-elixir/releases/tag/v3.1.7",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.244485",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.244485",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45373.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45373.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2022-45373",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-06T08:15:21.547",
+  "lastModified": "2023-11-06T08:15:21.547",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/wp-slimstat/wordpress-slimstat-analytics-plugin-5-0-4-sql-injection-sqli-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-468xx/CVE-2022-46849.json
+++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46849.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2022-46849",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-06T08:15:21.623",
+  "lastModified": "2023-11-06T08:15:21.623",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page \u2013 Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/responsive-coming-soon-page/wordpress-coming-soon-page-plugin-1-5-8-sql-injection-sqli-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-468xx/CVE-2022-46860.json
+++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46860.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2022-46860",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-06T08:15:21.690",
+  "lastModified": "2023-11-06T08:15:21.690",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/shorten-url/wordpress-short-url-plugin-1-6-4-sql-injection?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-474xx/CVE-2022-47420.json
+++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47420.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2022-47420",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-06T08:15:21.757",
+  "lastModified": "2023-11-06T08:15:21.757",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/online-accessibility/wordpress-accessibility-suite-by-online-ada-plugin-4-11-sql-injection?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-474xx/CVE-2022-47428.json
+++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47428.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2022-47428",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-06T08:15:21.830",
+  "lastModified": "2023-11-06T08:15:21.830",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/booking-calendar/wordpress-booking-calendar-appointment-booking-system-plugin-3-2-6-sql-injection?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-474xx/CVE-2022-47430.json
+++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47430.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2022-47430",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-06T08:15:21.893",
+  "lastModified": "2023-11-06T08:15:21.893",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management \u2013 Education & Learning Management allows SQL Injection.This issue affects The School Management \u2013 Education & Learning Management: from n/a through 4.1.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/school-management-system/wordpress-the-school-management-plugin-4-1-sql-injection?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-474xx/CVE-2022-47432.json
+++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47432.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2022-47432",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-06T08:15:21.963",
+  "lastModified": "2023-11-06T08:15:21.963",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/shortcode-imdb/wordpress-shortcode-imdb-plugin-6-0-8-sql-injection?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-287xx/CVE-2023-28794.json
+++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28794.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-28794",
+  "sourceIdentifier": "cve@zscaler.com",
+  "published": "2023-11-06T08:15:22.037",
+  "lastModified": "2023-11-06T08:15:22.037",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@zscaler.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@zscaler.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-346"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19",
+      "source": "cve@zscaler.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-426xx/CVE-2023-42669.json
+++ b/CVE-2023/CVE-2023-426xx/CVE-2023-42669.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-42669",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-11-06T07:15:09.137",
+  "lastModified": "2023-11-06T07:15:09.137",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in Samba's \"rpcecho\" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the \"rpcecho\" service operates with only one worker in the main RPC task, allowing calls to the \"rpcecho\" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a \"sleep()\" call in the \"dcesrv_echo_TestSleep()\" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the \"rpcecho\" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as \"rpcecho\" runs in the main RPC task."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:6209",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-42669",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241884",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.samba.org/show_bug.cgi?id=15474",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://www.samba.org/samba/security/CVE-2023-42669.html",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-11-06T07:00:18.818344+00:00
+2023-11-06T09:00:18.813530+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-11-06T06:15:41.563000+00:00
+2023-11-06T08:15:22.037000+00:00
 ```

 ### Last Data Feed Release
@ -29,25 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-229812
+229822
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `5`
+Recently added CVEs: `10`

-* [CVE-2023-38406](CVE-2023/CVE-2023-384xx/CVE-2023-38406.json) (`2023-11-06T06:15:40.850`)
-* [CVE-2023-38407](CVE-2023/CVE-2023-384xx/CVE-2023-38407.json) (`2023-11-06T06:15:40.907`)
-* [CVE-2023-47253](CVE-2023/CVE-2023-472xx/CVE-2023-47253.json) (`2023-11-06T06:15:40.957`)
-* [CVE-2023-4625](CVE-2023/CVE-2023-46xx/CVE-2023-4625.json) (`2023-11-06T05:15:15.187`)
-* [CVE-2023-4699](CVE-2023/CVE-2023-46xx/CVE-2023-4699.json) (`2023-11-06T06:15:41.563`)
+* [CVE-2021-4430](CVE-2021/CVE-2021-44xx/CVE-2021-4430.json) (`2023-11-06T08:15:21.343`)
+* [CVE-2022-45373](CVE-2022/CVE-2022-453xx/CVE-2022-45373.json) (`2023-11-06T08:15:21.547`)
+* [CVE-2022-46849](CVE-2022/CVE-2022-468xx/CVE-2022-46849.json) (`2023-11-06T08:15:21.623`)
+* [CVE-2022-46860](CVE-2022/CVE-2022-468xx/CVE-2022-46860.json) (`2023-11-06T08:15:21.690`)
+* [CVE-2022-47420](CVE-2022/CVE-2022-474xx/CVE-2022-47420.json) (`2023-11-06T08:15:21.757`)
+* [CVE-2022-47428](CVE-2022/CVE-2022-474xx/CVE-2022-47428.json) (`2023-11-06T08:15:21.830`)
+* [CVE-2022-47430](CVE-2022/CVE-2022-474xx/CVE-2022-47430.json) (`2023-11-06T08:15:21.893`)
+* [CVE-2022-47432](CVE-2022/CVE-2022-474xx/CVE-2022-47432.json) (`2023-11-06T08:15:21.963`)
+* [CVE-2023-42669](CVE-2023/CVE-2023-426xx/CVE-2023-42669.json) (`2023-11-06T07:15:09.137`)
+* [CVE-2023-28794](CVE-2023/CVE-2023-287xx/CVE-2023-28794.json) (`2023-11-06T08:15:22.037`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

-* [CVE-2023-27576](CVE-2023/CVE-2023-275xx/CVE-2023-27576.json) (`2023-11-06T06:15:40.640`)


 ## Download and Usage