admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-28T06:00:30.347608+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-28 06:00:33 +00:00
parent 9f7574b8ed
commit e6daff03fa
4 changed files with 94 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
CVE-2023/CVE-2023-261xx/CVE-2023-26134.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-26134",
"sourceIdentifier": "report@snyk.io",
"published": "2023-06-28T05:15:10.467",
"lastModified": "2023-06-28T05:15:10.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://github.com/JPeer264/node-git-commit-info/commit/f7c491ede51f886a988af9b266797cb24591d18c",
"source": "report@snyk.io"
},
{
"url": "https://github.com/JPeer264/node-git-commit-info/issues/24",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-GITCOMMITINFO-5740174",
"source": "report@snyk.io"
}
]
}

14
CVE-2023/CVE-2023-301xx/CVE-2023-30179.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-30179",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.600",
"lastModified": "2023-06-22T21:04:10.597",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-28T05:15:10.603",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution."
"value": "** DISPUTED ** CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrators can add this Twig code, and (by design) Administrators are allowed to do that by default."
}
],
"metrics": {
@ -78,6 +78,14 @@
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/github/advisory-database/pull/2443#issuecomment-1610040714",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/github/advisory-database/pull/2443#issuecomment-1610634200",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-326xx/CVE-2023-32623.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32623",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-28T05:15:10.733",
"lastModified": "2023-06-28T05:15:10.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Snow Monkey Forms versions v5.1.0 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN97127032/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://snow-monkey.2inc.org/2023/06/22/snow-monkey-forms-v5-1-1/",
"source": "vultures@jpcert.or.jp"
}
]
}

46
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-28T04:00:33.254858+00:00
2023-06-28T06:00:30.347608+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-28T03:28:51.303000+00:00
2023-06-28T05:15:10.733000+00:00
```
### Last Data Feed Release
@ -29,52 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
218706
218708
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `2`
* [CVE-2022-48505](CVE-2022/CVE-2022-485xx/CVE-2022-48505.json) (`2023-06-28T02:15:49.447`)
* [CVE-2023-3330](CVE-2023/CVE-2023-33xx/CVE-2023-3330.json) (`2023-06-28T02:15:49.523`)
* [CVE-2023-3331](CVE-2023/CVE-2023-33xx/CVE-2023-3331.json) (`2023-06-28T02:15:49.590`)
* [CVE-2023-3332](CVE-2023/CVE-2023-33xx/CVE-2023-3332.json) (`2023-06-28T02:15:49.650`)
* [CVE-2023-3333](CVE-2023/CVE-2023-33xx/CVE-2023-3333.json) (`2023-06-28T02:15:49.713`)
* [CVE-2023-3427](CVE-2023/CVE-2023-34xx/CVE-2023-3427.json) (`2023-06-28T02:15:49.783`)
* [CVE-2023-1844](CVE-2023/CVE-2023-18xx/CVE-2023-1844.json) (`2023-06-28T03:15:09.140`)
* [CVE-2023-3407](CVE-2023/CVE-2023-34xx/CVE-2023-3407.json) (`2023-06-28T03:15:09.243`)
* [CVE-2023-26134](CVE-2023/CVE-2023-261xx/CVE-2023-26134.json) (`2023-06-28T05:15:10.467`)
* [CVE-2023-32623](CVE-2023/CVE-2023-326xx/CVE-2023-32623.json) (`2023-06-28T05:15:10.733`)
### CVEs modified in the last Commit
Recently modified CVEs: `28`
Recently modified CVEs: `1`
* [CVE-2023-28059](CVE-2023/CVE-2023-280xx/CVE-2023-28059.json) (`2023-06-28T03:21:11.567`)
* [CVE-2023-28056](CVE-2023/CVE-2023-280xx/CVE-2023-28056.json) (`2023-06-28T03:21:17.360`)
* [CVE-2023-28054](CVE-2023/CVE-2023-280xx/CVE-2023-28054.json) (`2023-06-28T03:21:23.877`)
* [CVE-2023-28052](CVE-2023/CVE-2023-280xx/CVE-2023-28052.json) (`2023-06-28T03:21:42.743`)
* [CVE-2023-28042](CVE-2023/CVE-2023-280xx/CVE-2023-28042.json) (`2023-06-28T03:22:03.813`)
* [CVE-2023-28041](CVE-2023/CVE-2023-280xx/CVE-2023-28041.json) (`2023-06-28T03:22:10.107`)
* [CVE-2023-28040](CVE-2023/CVE-2023-280xx/CVE-2023-28040.json) (`2023-06-28T03:22:19.563`)
* [CVE-2023-28039](CVE-2023/CVE-2023-280xx/CVE-2023-28039.json) (`2023-06-28T03:22:26.747`)
* [CVE-2023-28035](CVE-2023/CVE-2023-280xx/CVE-2023-28035.json) (`2023-06-28T03:22:45.893`)
* [CVE-2023-28033](CVE-2023/CVE-2023-280xx/CVE-2023-28033.json) (`2023-06-28T03:22:56.603`)
* [CVE-2023-28032](CVE-2023/CVE-2023-280xx/CVE-2023-28032.json) (`2023-06-28T03:23:00.017`)
* [CVE-2023-28030](CVE-2023/CVE-2023-280xx/CVE-2023-28030.json) (`2023-06-28T03:23:07.600`)
* [CVE-2023-28029](CVE-2023/CVE-2023-280xx/CVE-2023-28029.json) (`2023-06-28T03:23:31.030`)
* [CVE-2023-28028](CVE-2023/CVE-2023-280xx/CVE-2023-28028.json) (`2023-06-28T03:23:45.550`)
* [CVE-2023-25937](CVE-2023/CVE-2023-259xx/CVE-2023-25937.json) (`2023-06-28T03:23:52.503`)
* [CVE-2023-25936](CVE-2023/CVE-2023-259xx/CVE-2023-25936.json) (`2023-06-28T03:24:02.897`)
* [CVE-2023-28061](CVE-2023/CVE-2023-280xx/CVE-2023-28061.json) (`2023-06-28T03:24:37.977`)
* [CVE-2023-28423](CVE-2023/CVE-2023-284xx/CVE-2023-28423.json) (`2023-06-28T03:26:01.980`)
* [CVE-2023-28171](CVE-2023/CVE-2023-281xx/CVE-2023-28171.json) (`2023-06-28T03:26:44.303`)
* [CVE-2023-28166](CVE-2023/CVE-2023-281xx/CVE-2023-28166.json) (`2023-06-28T03:27:11.383`)
* [CVE-2023-27618](CVE-2023/CVE-2023-276xx/CVE-2023-27618.json) (`2023-06-28T03:27:28.453`)
* [CVE-2023-27631](CVE-2023/CVE-2023-276xx/CVE-2023-27631.json) (`2023-06-28T03:27:49.077`)
* [CVE-2023-27629](CVE-2023/CVE-2023-276xx/CVE-2023-27629.json) (`2023-06-28T03:28:24.817`)
* [CVE-2023-27612](CVE-2023/CVE-2023-276xx/CVE-2023-27612.json) (`2023-06-28T03:28:38.937`)
* [CVE-2023-27413](CVE-2023/CVE-2023-274xx/CVE-2023-27413.json) (`2023-06-28T03:28:51.303`)
* [CVE-2023-30179](CVE-2023/CVE-2023-301xx/CVE-2023-30179.json) (`2023-06-28T05:15:10.603`)
## Download and Usage