admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 10:10:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-27T23:55:24.740814+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-27 23:55:28 +00:00
parent b797beb6f6
commit e586611045
16 changed files with 385 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2023/CVE-2023-414xx/CVE-2023-41445.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41445",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T23:15:10.150",
"lastModified": "2023-09-27T23:15:10.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component."
}
],
"metrics": {},
"references": [
{
"url": "http://ajaxnewsticker.com",
"source": "cve@mitre.org"
},
{
"url": "http://phpkobo.com",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/RNPG/84cac1b949bab0e4c587a668385b052d",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-414xx/CVE-2023-41448.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41448",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T23:15:11.667",
"lastModified": "2023-09-27T23:15:11.667",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component."
}
],
"metrics": {},
"references": [
{
"url": "http://ajaxnewsticker.com",
"source": "cve@mitre.org"
},
{
"url": "http://phpkobo.com",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/RNPG/458e17f24ebf7d8af3c5c4d7073347a0",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-414xx/CVE-2023-41449.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41449",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T23:15:11.730",
"lastModified": "2023-09-27T23:15:11.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter."
}
],
"metrics": {},
"references": [
{
"url": "http://ajaxnewsticker.com",
"source": "cve@mitre.org"
},
{
"url": "http://phpkobo.com",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/RNPG/c1ae240f2acec138132aa64ce3faa2e0",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-414xx/CVE-2023-41451.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41451",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T23:15:11.787",
"lastModified": "2023-09-27T23:15:11.787",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component."
}
],
"metrics": {},
"references": [
{
"url": "http://ajaxnewsticker.com",
"source": "cve@mitre.org"
},
{
"url": "http://phpkobo.com",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/RNPG/062cfca2e293a0e7d24f5d55f8db3fde",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-414xx/CVE-2023-41452.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41452",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T23:15:11.843",
"lastModified": "2023-09-27T23:15:11.843",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component."
}
],
"metrics": {},
"references": [
{
"url": "http://ajaxnewsticker.com",
"source": "cve@mitre.org"
},
{
"url": "http://phpkobo.com",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/RNPG/32be1c4bae6f9378d4f382ba0c92b367",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-414xx/CVE-2023-41453.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41453",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T23:15:11.900",
"lastModified": "2023-09-27T23:15:11.900",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component."
}
],
"metrics": {},
"references": [
{
"url": "http://ajaxnewsticker.com",
"source": "cve@mitre.org"
},
{
"url": "http://phpkobo.com",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/RNPG/be2ca92cb1f943d4c340c75fbfc9b783",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-431xx/CVE-2023-43191.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43191",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T23:15:11.960",
"lastModified": "2023-09-27T23:15:11.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/etn0tw/cmscve_test/blob/main/README.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-431xx/CVE-2023-43192.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43192",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T22:15:09.700",
"lastModified": "2023-09-27T22:15:09.700",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SQL injection can exist in a newly created part of the JFinalcms background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/etn0tw/cve_sql/blob/main/jfinalcms_sql.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-432xx/CVE-2023-43233.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43233",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T23:15:12.007",
"lastModified": "2023-09-27T23:15:12.007",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yux1azhengye/mycve/blob/main/YZNCMS%201.3.0%20XSS.pdf",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-433xx/CVE-2023-43314.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43314",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T23:15:12.057",
"lastModified": "2023-09-27T23:15:12.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Rumble00/Rumble/issues/1",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-433xx/CVE-2023-43320.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-43320",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T23:15:12.113",
"lastModified": "2023-09-27T23:15:12.113",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4579",
"source": "cve@mitre.org"
},
{
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4584",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/proxmox/proxmox-rs/commit/50b793db8d3421bbfe2bce060a486263f18a90cb",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-436xx/CVE-2023-43660.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-43660",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T22:15:10.730",
"lastModified": "2023-09-27T22:15:10.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user's public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2023/CVE-2023-440xx/CVE-2023-44047.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44047",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T20:15:09.850",
"lastModified": "2023-09-27T20:15:09.850",
"lastModified": "2023-09-27T22:15:11.283",
"vulnStatus": "Received",
"descriptions": [
{
@ -15,6 +15,10 @@
{
"url": "https://github.com/xcodeOn1/SQLI-TollTax/blob/main/README.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/xcodeOn1/xcode0x-CVEs/blob/main/CVE/CVE-2023-44047.md",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-440xx/CVE-2023-44048.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44048",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T20:15:13.493",
"lastModified": "2023-09-27T20:15:13.493",
"lastModified": "2023-09-27T22:15:11.513",
"vulnStatus": "Received",
"descriptions": [
{
@ -15,6 +15,10 @@
{
"url": "https://github.com/xcodeOn1/XSS-Stored-Expense-Tracker-App/tree/main",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/xcodeOn1/xcode0x-CVEs/blob/main/CVE/CVE-2023-44048.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-440xx/CVE-2023-44080.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-44080",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T22:15:11.783",
"lastModified": "2023-09-27T22:15:11.783",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/one-pyy/330548f740415dff49f59d56e14b4219",
"source": "cve@mitre.org"
}
]
}

46
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-27T22:00:25.086394+00:00
2023-09-27T23:55:24.740814+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-27T21:15:11.940000+00:00
2023-09-27T23:15:12.113000+00:00
```
### Last Data Feed Release
@ -29,40 +29,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226469
226482
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `13`
* [CVE-2023-44047](CVE-2023/CVE-2023-440xx/CVE-2023-44047.json) (`2023-09-27T20:15:09.850`)
* [CVE-2023-44048](CVE-2023/CVE-2023-440xx/CVE-2023-44048.json) (`2023-09-27T20:15:13.493`)
* [CVE-2023-40026](CVE-2023/CVE-2023-400xx/CVE-2023-40026.json) (`2023-09-27T21:15:09.713`)
* [CVE-2023-42818](CVE-2023/CVE-2023-428xx/CVE-2023-42818.json) (`2023-09-27T21:15:10.173`)
* [CVE-2023-43651](CVE-2023/CVE-2023-436xx/CVE-2023-43651.json) (`2023-09-27T21:15:10.347`)
* [CVE-2023-43656](CVE-2023/CVE-2023-436xx/CVE-2023-43656.json) (`2023-09-27T21:15:10.443`)
* [CVE-2023-4066](CVE-2023/CVE-2023-40xx/CVE-2023-4066.json) (`2023-09-27T21:15:10.550`)
* [CVE-2023-43192](CVE-2023/CVE-2023-431xx/CVE-2023-43192.json) (`2023-09-27T22:15:09.700`)
* [CVE-2023-43660](CVE-2023/CVE-2023-436xx/CVE-2023-43660.json) (`2023-09-27T22:15:10.730`)
* [CVE-2023-44080](CVE-2023/CVE-2023-440xx/CVE-2023-44080.json) (`2023-09-27T22:15:11.783`)
* [CVE-2023-41445](CVE-2023/CVE-2023-414xx/CVE-2023-41445.json) (`2023-09-27T23:15:10.150`)
* [CVE-2023-41448](CVE-2023/CVE-2023-414xx/CVE-2023-41448.json) (`2023-09-27T23:15:11.667`)
* [CVE-2023-41449](CVE-2023/CVE-2023-414xx/CVE-2023-41449.json) (`2023-09-27T23:15:11.730`)
* [CVE-2023-41451](CVE-2023/CVE-2023-414xx/CVE-2023-41451.json) (`2023-09-27T23:15:11.787`)
* [CVE-2023-41452](CVE-2023/CVE-2023-414xx/CVE-2023-41452.json) (`2023-09-27T23:15:11.843`)
* [CVE-2023-41453](CVE-2023/CVE-2023-414xx/CVE-2023-41453.json) (`2023-09-27T23:15:11.900`)
* [CVE-2023-43191](CVE-2023/CVE-2023-431xx/CVE-2023-43191.json) (`2023-09-27T23:15:11.960`)
* [CVE-2023-43233](CVE-2023/CVE-2023-432xx/CVE-2023-43233.json) (`2023-09-27T23:15:12.007`)
* [CVE-2023-43314](CVE-2023/CVE-2023-433xx/CVE-2023-43314.json) (`2023-09-27T23:15:12.057`)
* [CVE-2023-43320](CVE-2023/CVE-2023-433xx/CVE-2023-43320.json) (`2023-09-27T23:15:12.113`)
### CVEs modified in the last Commit
Recently modified CVEs: `14`
Recently modified CVEs: `2`
* [CVE-2018-12207](CVE-2018/CVE-2018-122xx/CVE-2018-12207.json) (`2023-09-27T20:51:38.353`)
* [CVE-2022-39028](CVE-2022/CVE-2022-390xx/CVE-2022-39028.json) (`2023-09-27T20:10:25.007`)
* [CVE-2022-26047](CVE-2022/CVE-2022-260xx/CVE-2022-26047.json) (`2023-09-27T20:53:06.763`)
* [CVE-2022-1822](CVE-2022/CVE-2022-18xx/CVE-2022-1822.json) (`2023-09-27T21:06:35.427`)
* [CVE-2023-40048](CVE-2023/CVE-2023-400xx/CVE-2023-40048.json) (`2023-09-27T20:01:36.307`)
* [CVE-2023-40049](CVE-2023/CVE-2023-400xx/CVE-2023-40049.json) (`2023-09-27T20:06:23.097`)
* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-27T20:15:14.377`)
* [CVE-2023-41233](CVE-2023/CVE-2023-412xx/CVE-2023-41233.json) (`2023-09-27T20:15:42.197`)
* [CVE-2023-40219](CVE-2023/CVE-2023-402xx/CVE-2023-40219.json) (`2023-09-27T20:19:39.753`)
* [CVE-2023-29497](CVE-2023/CVE-2023-294xx/CVE-2023-29497.json) (`2023-09-27T20:20:36.517`)
* [CVE-2023-43484](CVE-2023/CVE-2023-434xx/CVE-2023-43484.json) (`2023-09-27T20:25:34.200`)
* [CVE-2023-43493](CVE-2023/CVE-2023-434xx/CVE-2023-43493.json) (`2023-09-27T20:51:26.677`)
* [CVE-2023-43610](CVE-2023/CVE-2023-436xx/CVE-2023-43610.json) (`2023-09-27T21:07:01.437`)
* [CVE-2023-5129](CVE-2023/CVE-2023-51xx/CVE-2023-5129.json) (`2023-09-27T21:15:11.940`)
* [CVE-2023-44047](CVE-2023/CVE-2023-440xx/CVE-2023-44047.json) (`2023-09-27T22:15:11.283`)
* [CVE-2023-44048](CVE-2023/CVE-2023-440xx/CVE-2023-44048.json) (`2023-09-27T22:15:11.513`)
## Download and Usage