diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26048.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26048.json index 8f0ce8f238f..a37dbe72db1 100644 --- a/CVE-2023/CVE-2023-260xx/CVE-2023-26048.json +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26048.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26048", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-18T21:15:08.977", - "lastModified": "2023-09-29T12:15:12.453", + "lastModified": "2023-09-30T15:15:09.710", "vulnStatus": "Modified", "descriptions": [ { @@ -144,6 +144,10 @@ "Technical Description" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html", + "source": "security-advisories@github.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20230526-0001/", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26049.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26049.json index 4ad76df182e..c134328a2f8 100644 --- a/CVE-2023/CVE-2023-260xx/CVE-2023-26049.json +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26049.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26049", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-18T21:15:09.043", - "lastModified": "2023-09-29T12:15:12.647", + "lastModified": "2023-09-30T15:15:09.857", "vulnStatus": "Modified", "descriptions": [ { @@ -146,6 +146,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html", + "source": "security-advisories@github.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20230526-0001/", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36479.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36479.json index e981a76e616..35a14cef56b 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36479.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36479.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36479", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-15T19:15:08.387", - "lastModified": "2023-09-29T12:15:12.760", + "lastModified": "2023-09-30T15:15:09.973", "vulnStatus": "Modified", "descriptions": [ { @@ -159,6 +159,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html", + "source": "security-advisories@github.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5507", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40167.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40167.json index 96001a65985..8e36ca68c7e 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40167.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40167.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40167", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-15T20:15:09.827", - "lastModified": "2023-09-29T12:15:12.880", + "lastModified": "2023-09-30T15:15:10.080", "vulnStatus": "Modified", "descriptions": [ { @@ -151,6 +151,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html", + "source": "security-advisories@github.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5507", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5303.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5303.json new file mode 100644 index 00000000000..3dbcc647aba --- /dev/null +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5303.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-5303", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-09-30T14:15:15.737", + "lastModified": "2023-09-30T14:15:15.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.240942", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.240942", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5304.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5304.json new file mode 100644 index 00000000000..a4383598eb3 --- /dev/null +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5304.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-5304", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-09-30T15:15:10.180", + "lastModified": "2023-09-30T15:15:10.180", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.240943", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.240943", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5305.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5305.json new file mode 100644 index 00000000000..e23995855d1 --- /dev/null +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5305.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-5305", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-09-30T15:15:10.260", + "lastModified": "2023-09-30T15:15:10.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.240944", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.240944", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5313.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5313.json new file mode 100644 index 00000000000..888378bd9b2 --- /dev/null +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5313.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5313", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-09-30T15:15:10.337", + "lastModified": "2023-09-30T15:15:10.337", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240949 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-837" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/tht1997/WhiteBox/blob/main/PHPKOBO/ajax_pool_script.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.240949", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.240949", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5321.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5321.json new file mode 100644 index 00000000000..950c7e9d8d3 --- /dev/null +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5321.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5321", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-09-30T14:15:15.843", + "lastModified": "2023-09-30T14:15:15.843", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization in GitHub repository hamza417/inure prior to build94." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b9249dd3be2..772b334224f 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-30T14:00:24.717592+00:00 +2023-09-30T16:00:24.362462+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-30T12:15:09.963000+00:00 +2023-09-30T15:15:10.337000+00:00 ``` ### Last Data Feed Release @@ -29,21 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226660 +226665 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `5` -* [CVE-2023-5302](CVE-2023/CVE-2023-53xx/CVE-2023-5302.json) (`2023-09-30T12:15:09.963`) +* [CVE-2023-5303](CVE-2023/CVE-2023-53xx/CVE-2023-5303.json) (`2023-09-30T14:15:15.737`) +* [CVE-2023-5321](CVE-2023/CVE-2023-53xx/CVE-2023-5321.json) (`2023-09-30T14:15:15.843`) +* [CVE-2023-5304](CVE-2023/CVE-2023-53xx/CVE-2023-5304.json) (`2023-09-30T15:15:10.180`) +* [CVE-2023-5305](CVE-2023/CVE-2023-53xx/CVE-2023-5305.json) (`2023-09-30T15:15:10.260`) +* [CVE-2023-5313](CVE-2023/CVE-2023-53xx/CVE-2023-5313.json) (`2023-09-30T15:15:10.337`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `4` -* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-09-30T12:15:09.883`) +* [CVE-2023-26048](CVE-2023/CVE-2023-260xx/CVE-2023-26048.json) (`2023-09-30T15:15:09.710`) +* [CVE-2023-26049](CVE-2023/CVE-2023-260xx/CVE-2023-26049.json) (`2023-09-30T15:15:09.857`) +* [CVE-2023-36479](CVE-2023/CVE-2023-364xx/CVE-2023-36479.json) (`2023-09-30T15:15:09.973`) +* [CVE-2023-40167](CVE-2023/CVE-2023-401xx/CVE-2023-40167.json) (`2023-09-30T15:15:10.080`) ## Download and Usage