admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-09T23:00:25.204357+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-09 23:00:28 +00:00
parent cbf08bc94b
commit e29fcb9853
18 changed files with 1131 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2023/CVE-2023-388xx/CVE-2023-38827.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38827",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T22:15:43.263",
"lastModified": "2024-01-09T22:15:43.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code via presentonesearchresultsform.do."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Oracle-Security/CVEs/tree/main/Follett%20Learning%20Solutions/Destiny/CVE-2023-38827",
"source": "cve@mitre.org"
}
]
}

75
CVE-2023/CVE-2023-500xx/CVE-2023-50090.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-50090",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T20:15:21.660",
"lastModified": "2024-01-04T01:30:19.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-09T21:18:46.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request."
},
{
"lang": "es",
"value": "Vulnerabilidad de escritura de archivos arbitrarios en el m\u00e9todo saveReportFile de ureport2 2.2.9 y anteriores permite a los atacantes escribir archivos arbitrarios y ejecutar comandos arbitrarios a trav\u00e9s de una solicitud POST manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ureport2_project:ureport2:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.2.9",
"matchCriteriaId": "0D15BD7F-0F0F-4B0C-9697-C50471EEE841"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/advisories/GHSA-445x-c8qq-qfr9",
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lemono.fun/thoughts/UReport2-RCE.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

20
CVE-2023/CVE-2023-501xx/CVE-2023-50136.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-50136",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T22:15:43.350",
"lastModified": "2024-01-09T22:15:43.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yukino-hiki/CVE/blob/main/2/There%20is%20a%20stored%20xss%20at%20the%20custom%20table.md",
"source": "cve@mitre.org"
}
]
}

73
CVE-2023/CVE-2023-522xx/CVE-2023-52262.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-52262",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-30T19:15:08.197",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-09T21:20:26.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input."
},
{
"lang": "es",
"value": "outdoorbits little-backup-box (taka Little Backup Box) anterior a f39f91c permite a atacantes remotos ejecutar c\u00f3digo arbitrario porque la funci\u00f3n de extracci\u00f3n de PHP se utiliza para entradas que no son de confianza."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:outdoorbits:little_backup_box:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-10-03",
"matchCriteriaId": "61306599-9B02-48D7-B115-65C4B34E4D03"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/outdoorbits/little-backup-box/commit/f39f91cd05544b3eb18b59897c765d6ba9313faa",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://www.php.net/manual/en/function.extract",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

86
CVE-2023/CVE-2023-522xx/CVE-2023-52263.json
View File

@ -2,31 +2,103 @@
"id": "CVE-2023-52263",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-30T19:15:08.253",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-09T21:37:09.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc."
},
{
"lang": "es",
"value": "Brave Browser anterior a 1.59.40 no restringe adecuadamente el esquema para la f\u00e1brica WebUI y la redirecci\u00f3n. Esto est\u00e1 relacionado con browser/brave_content_browser_client.cc y browser/ui/webui/brave_web_ui_controller_factory.cc."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:brave:browser:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.59.40",
"matchCriteriaId": "DA80DCA2-44C6-45ED-BED6-A34F25D2A86D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/brave/brave-browser/issues/32449",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/brave/brave-browser/issues/32473",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/brave/brave-core/pull/19820",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

72
CVE-2023/CVE-2023-522xx/CVE-2023-52266.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-52266",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-31T00:15:44.440",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-09T21:08:23.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this."
},
{
"lang": "es",
"value": "ehttp 1.0.6 anterior a 17405b9 tiene use after free de epoll_socket.cpp read_func. Un atacante puede realizar muchas conexiones en poco tiempo para provocar esto."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hongliuliao:ehttp:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE98FAE-2E96-4FDF-8B5F-3544877A28B5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/hongliuliao/ehttp/commit/17405b975948abc216f6a085d2d027ec1cfd5766",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/hongliuliao/ehttp/issues/38",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

72
CVE-2023/CVE-2023-522xx/CVE-2023-52267.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-52267",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-31T00:15:44.490",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-09T21:19:32.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings."
},
{
"lang": "es",
"value": "ehttp 1.0.6 anterior a 17405b9 tiene una lectura fuera de los l\u00edmites simple_log.cpp _log durante el registro de errores para cadenas largas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hongliuliao:ehttp:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE98FAE-2E96-4FDF-8B5F-3544877A28B5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/hongliuliao/ehttp/commit/17405b975948abc216f6a085d2d027ec1cfd5766",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/hongliuliao/ehttp/issues/38",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

55
CVE-2023/CVE-2023-57xx/CVE-2023-5770.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5770",
"sourceIdentifier": "security@proofpoint.com",
"published": "2024-01-09T22:15:43.400",
"lastModified": "2024-01-09T22:15:43.400",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@proofpoint.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@proofpoint.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-838"
}
]
}
],
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0009",
"source": "security@proofpoint.com"
}
]
}

59
CVE-2023/CVE-2023-64xx/CVE-2023-6476.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6476",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-09T22:15:43.610",
"lastModified": "2024-01-09T22:15:43.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6476",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253994",
"source": "secalert@redhat.com"
}
]
}

70
CVE-2023/CVE-2023-65xx/CVE-2023-6524.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6524",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T06:15:47.120",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-09T21:07:07.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mappresspro:mappress:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.88.14",
"matchCriteriaId": "7BE420A3-6D46-44C0-9AD0-F630AF0D88FA"
}
]
}
]
}
],
"references": [
{
"url": "https://advisory.abay.sh/cve-2023-6524",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3001436%40mappress-google-maps-for-wordpress%2Ftags%2F2.88.13&new=3015598%40mappress-google-maps-for-wordpress%2Ftags%2F2.88.14#file31",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28a8f025-c2ab-4a5f-a99e-a2d19b14a190?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-66xx/CVE-2023-6600.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6600",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T06:15:47.337",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-09T21:01:53.373",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,22 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpexperts:omgf:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.7.10",
"matchCriteriaId": "2E1BE201-64B1-470C-8DCA-C600D16262FF"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3008876%40host-webfonts-local&new=3008876%40host-webfonts-local&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3009010%40host-webfonts-local&new=3009010%40host-webfonts-local&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3009453%40host-webfonts-local&new=3009453%40host-webfonts-local&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e835b97-c066-4e8f-b99f-1a930105af0c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-69xx/CVE-2023-6927.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6927",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-18T23:15:10.027",
"lastModified": "2023-12-22T20:19:00.637",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-09T21:15:07.990",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -113,6 +113,34 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:0094",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0095",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0096",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0097",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0098",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0100",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0101",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6927",
"source": "secalert@redhat.com",

88
CVE-2024/CVE-2024-03xx/CVE-2024-0344.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0344",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T21:15:08.123",
"lastModified": "2024-01-09T21:15:08.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Affected by this issue is some unknown functionality of the file check.php. The manipulation of the argument c leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250112."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/VSutvlpgCJkD",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250112",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250112",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0345.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0345",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T21:15:08.347",
"lastModified": "2024-01-09T21:15:08.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0. This affects an unknown part of the file usr/usr-register.php of the component User Registration. The manipulation of the argument Full_Name/Last_Name/Address with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250113 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1ihxLw4kzbAbDhHtca3UnTaB-iMWHi5DJ/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250113",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250113",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0346.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0346",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T22:15:43.800",
"lastModified": "2024-01-09T22:15:43.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. This vulnerability affects unknown code of the file usr/user-give-feedback.php of the component Feedback Page. The manipulation of the argument My Testemonial leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250114 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1bao4YK4GwvAvCdCrsW5UpJZdvREdc_Yj/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250114",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250114",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0347.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0347",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T22:15:44.027",
"lastModified": "2024-01-09T22:15:44.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250115."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6
},
"baseSeverity": "LOW",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-521"
}
]
}
],
"references": [
{
"url": "https://mega.nz/file/2d8GiY4Z#QSKItMUgIsW1-A-QPs9dgUSd2SCZfDg4aHORttFpUF0",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250115",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250115",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0348.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0348",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T22:15:44.257",
"lastModified": "2024-01-09T22:15:44.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://mega.nz/file/HNkn2QbI#EjefwKgFoAjtWcxrQFMgBfhVQ1LAf2hq7Jg-nDsE-P4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250116",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250116",
"source": "cna@vuldb.com"
}
]
}

59
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-09T21:00:25.209956+00:00
2024-01-09T23:00:25.204357+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-09T20:53:45.773000+00:00
2024-01-09T22:15:44.257000+00:00
```
### Last Data Feed Release
@ -29,51 +29,36 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
235332
235341
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `9`
* [CVE-2023-7032](CVE-2023/CVE-2023-70xx/CVE-2023-7032.json) (`2024-01-09T20:15:42.967`)
* [CVE-2024-0341](CVE-2024/CVE-2024-03xx/CVE-2024-0341.json) (`2024-01-09T19:15:11.023`)
* [CVE-2024-21319](CVE-2024/CVE-2024-213xx/CVE-2024-21319.json) (`2024-01-09T19:15:12.070`)
* [CVE-2024-21668](CVE-2024/CVE-2024-216xx/CVE-2024-21668.json) (`2024-01-09T19:15:12.330`)
* [CVE-2024-0342](CVE-2024/CVE-2024-03xx/CVE-2024-0342.json) (`2024-01-09T20:15:43.190`)
* [CVE-2024-0343](CVE-2024/CVE-2024-03xx/CVE-2024-0343.json) (`2024-01-09T20:15:43.503`)
* [CVE-2024-21664](CVE-2024/CVE-2024-216xx/CVE-2024-21664.json) (`2024-01-09T20:15:43.740`)
* [CVE-2023-38827](CVE-2023/CVE-2023-388xx/CVE-2023-38827.json) (`2024-01-09T22:15:43.263`)
* [CVE-2023-50136](CVE-2023/CVE-2023-501xx/CVE-2023-50136.json) (`2024-01-09T22:15:43.350`)
* [CVE-2023-5770](CVE-2023/CVE-2023-57xx/CVE-2023-5770.json) (`2024-01-09T22:15:43.400`)
* [CVE-2023-6476](CVE-2023/CVE-2023-64xx/CVE-2023-6476.json) (`2024-01-09T22:15:43.610`)
* [CVE-2024-0344](CVE-2024/CVE-2024-03xx/CVE-2024-0344.json) (`2024-01-09T21:15:08.123`)
* [CVE-2024-0345](CVE-2024/CVE-2024-03xx/CVE-2024-0345.json) (`2024-01-09T21:15:08.347`)
* [CVE-2024-0346](CVE-2024/CVE-2024-03xx/CVE-2024-0346.json) (`2024-01-09T22:15:43.800`)
* [CVE-2024-0347](CVE-2024/CVE-2024-03xx/CVE-2024-0347.json) (`2024-01-09T22:15:44.027`)
* [CVE-2024-0348](CVE-2024/CVE-2024-03xx/CVE-2024-0348.json) (`2024-01-09T22:15:44.257`)
### CVEs modified in the last Commit
Recently modified CVEs: `106`
Recently modified CVEs: `8`
* [CVE-2024-20686](CVE-2024/CVE-2024-206xx/CVE-2024-20686.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-20687](CVE-2024/CVE-2024-206xx/CVE-2024-20687.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-20690](CVE-2024/CVE-2024-206xx/CVE-2024-20690.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-20691](CVE-2024/CVE-2024-206xx/CVE-2024-20691.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-20692](CVE-2024/CVE-2024-206xx/CVE-2024-20692.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-20694](CVE-2024/CVE-2024-206xx/CVE-2024-20694.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-20696](CVE-2024/CVE-2024-206xx/CVE-2024-20696.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-20697](CVE-2024/CVE-2024-206xx/CVE-2024-20697.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-20698](CVE-2024/CVE-2024-206xx/CVE-2024-20698.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-20699](CVE-2024/CVE-2024-206xx/CVE-2024-20699.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-20700](CVE-2024/CVE-2024-207xx/CVE-2024-20700.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-21305](CVE-2024/CVE-2024-213xx/CVE-2024-21305.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-21306](CVE-2024/CVE-2024-213xx/CVE-2024-21306.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-21307](CVE-2024/CVE-2024-213xx/CVE-2024-21307.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-21309](CVE-2024/CVE-2024-213xx/CVE-2024-21309.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-21310](CVE-2024/CVE-2024-213xx/CVE-2024-21310.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-21311](CVE-2024/CVE-2024-213xx/CVE-2024-21311.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-21312](CVE-2024/CVE-2024-213xx/CVE-2024-21312.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-21313](CVE-2024/CVE-2024-213xx/CVE-2024-21313.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-21314](CVE-2024/CVE-2024-213xx/CVE-2024-21314.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-21316](CVE-2024/CVE-2024-213xx/CVE-2024-21316.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-21318](CVE-2024/CVE-2024-213xx/CVE-2024-21318.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-21320](CVE-2024/CVE-2024-213xx/CVE-2024-21320.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-21325](CVE-2024/CVE-2024-213xx/CVE-2024-21325.json) (`2024-01-09T19:56:14.023`)
* [CVE-2024-0201](CVE-2024/CVE-2024-02xx/CVE-2024-0201.json) (`2024-01-09T20:17:56.357`)
* [CVE-2023-6600](CVE-2023/CVE-2023-66xx/CVE-2023-6600.json) (`2024-01-09T21:01:53.373`)
* [CVE-2023-6524](CVE-2023/CVE-2023-65xx/CVE-2023-6524.json) (`2024-01-09T21:07:07.617`)
* [CVE-2023-52266](CVE-2023/CVE-2023-522xx/CVE-2023-52266.json) (`2024-01-09T21:08:23.073`)
* [CVE-2023-6927](CVE-2023/CVE-2023-69xx/CVE-2023-6927.json) (`2024-01-09T21:15:07.990`)
* [CVE-2023-50090](CVE-2023/CVE-2023-500xx/CVE-2023-50090.json) (`2024-01-09T21:18:46.207`)
* [CVE-2023-52267](CVE-2023/CVE-2023-522xx/CVE-2023-52267.json) (`2024-01-09T21:19:32.343`)
* [CVE-2023-52262](CVE-2023/CVE-2023-522xx/CVE-2023-52262.json) (`2024-01-09T21:20:26.513`)
* [CVE-2023-52263](CVE-2023/CVE-2023-522xx/CVE-2023-52263.json) (`2024-01-09T21:37:09.483`)
## Download and Usage