Auto-Update: 2024-01-24T09:00:25.518773+00:00

2025-07-09 16:05:11 +00:00 · 2024-01-24 09:00:29 +00:00 · 2024-01-24 09:00:29 +00:00 · d915fd6803
commit d915fd6803
parent e4500e065f
6 changed files with 110 additions and 27 deletions
--- a/CVE-2023/CVE-2023-433xx/CVE-2023-43317.json
+++ b/CVE-2023/CVE-2023-433xx/CVE-2023-43317.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-43317",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-24T07:15:46.300",
+  "lastModified": "2024-01-24T07:15:46.300",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/amjadali-110/CVE-2023-43317/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-473xx/CVE-2023-47350.json
+++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47350.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-47350",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-11-22T16:15:09.580",
-  "lastModified": "2023-11-29T02:25:35.663",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-24T08:15:37.703",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "SwiftyEdit Content Management System prior to v1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)."
+      "value": "Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality."
    },
    {
      "lang": "es",
@ -75,6 +75,10 @@
      "tags": [
        "Patch"
      ]
+    },
+    {
+      "url": "https://mechaneus.github.io/CVE-2023-47350.html",
+      "source": "cve@mitre.org"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-517xx/CVE-2023-51711.json
+++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51711.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-51711",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-24T07:15:47.360",
+  "lastModified": "2024-01-24T07:15:47.360",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://excellium-services.com/cert-xlm-advisory/cve-2023-51711/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-06xx/CVE-2024-0665.json
+++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0665.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-0665",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-24T08:15:37.920",
+  "lastModified": "2024-01-24T08:15:37.920",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3025865/customer-area/trunk/src/php/core-addons/admin-area/templates/dashboard-page.template.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024180%40customer-area&new=3024180%40customer-area&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/567d62ec-e868-45e2-b07a-8cc661d7c5e1?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-237xx/CVE-2024-23726.json
+++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23726.json
@ -2,12 +2,12 @@
  "id": "CVE-2024-23726",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-01-21T04:15:19.353",
-  "lastModified": "2024-01-22T14:01:14.430",
+  "lastModified": "2024-01-24T07:15:47.653",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit."
+      "value": "Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit."
    },
    {
      "lang": "es",
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-24T07:00:25.165948+00:00
+2024-01-24T09:00:25.518773+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-24T05:15:14.137000+00:00
+2024-01-24T08:15:37.920000+00:00
 ```

 ### Last Data Feed Release
@ -29,36 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-236701
+236704
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `3`

-* [CVE-2024-22366](CVE-2024/CVE-2024-223xx/CVE-2024-22366.json) (`2024-01-24T05:15:13.823`)
-* [CVE-2024-22372](CVE-2024/CVE-2024-223xx/CVE-2024-22372.json) (`2024-01-24T05:15:14.137`)
+* [CVE-2023-43317](CVE-2023/CVE-2023-433xx/CVE-2023-43317.json) (`2024-01-24T07:15:46.300`)
+* [CVE-2023-51711](CVE-2023/CVE-2023-517xx/CVE-2023-51711.json) (`2024-01-24T07:15:47.360`)
+* [CVE-2024-0665](CVE-2024/CVE-2024-06xx/CVE-2024-0665.json) (`2024-01-24T08:15:37.920`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `15`
+Recently modified CVEs: `2`

-* [CVE-2020-25613](CVE-2020/CVE-2020-256xx/CVE-2020-25613.json) (`2024-01-24T05:15:08.827`)
-* [CVE-2021-31810](CVE-2021/CVE-2021-318xx/CVE-2021-31810.json) (`2024-01-24T05:15:09.683`)
-* [CVE-2021-32066](CVE-2021/CVE-2021-320xx/CVE-2021-32066.json) (`2024-01-24T05:15:10.040`)
-* [CVE-2021-33479](CVE-2021/CVE-2021-334xx/CVE-2021-33479.json) (`2024-01-24T05:15:10.363`)
-* [CVE-2021-33480](CVE-2021/CVE-2021-334xx/CVE-2021-33480.json) (`2024-01-24T05:15:10.610`)
-* [CVE-2021-33481](CVE-2021/CVE-2021-334xx/CVE-2021-33481.json) (`2024-01-24T05:15:10.700`)
-* [CVE-2021-33621](CVE-2021/CVE-2021-336xx/CVE-2021-33621.json) (`2024-01-24T05:15:10.787`)
-* [CVE-2021-41816](CVE-2021/CVE-2021-418xx/CVE-2021-41816.json) (`2024-01-24T05:15:11.280`)
-* [CVE-2021-41817](CVE-2021/CVE-2021-418xx/CVE-2021-41817.json) (`2024-01-24T05:15:11.520`)
-* [CVE-2021-41819](CVE-2021/CVE-2021-418xx/CVE-2021-41819.json) (`2024-01-24T05:15:11.853`)
-* [CVE-2022-28738](CVE-2022/CVE-2022-287xx/CVE-2022-28738.json) (`2024-01-24T05:15:12.147`)
-* [CVE-2022-28739](CVE-2022/CVE-2022-287xx/CVE-2022-28739.json) (`2024-01-24T05:15:12.390`)
-* [CVE-2023-28755](CVE-2023/CVE-2023-287xx/CVE-2023-28755.json) (`2024-01-24T05:15:12.900`)
-* [CVE-2023-28756](CVE-2023/CVE-2023-287xx/CVE-2023-28756.json) (`2024-01-24T05:15:13.297`)
-* [CVE-2023-42465](CVE-2023/CVE-2023-424xx/CVE-2023-42465.json) (`2024-01-24T05:15:13.660`)
+* [CVE-2023-47350](CVE-2023/CVE-2023-473xx/CVE-2023-47350.json) (`2024-01-24T08:15:37.703`)
+* [CVE-2024-23726](CVE-2024/CVE-2024-237xx/CVE-2024-23726.json) (`2024-01-24T07:15:47.653`)


 ## Download and Usage