Auto-Update: 2023-12-19T11:00:24.796731+00:00

2025-05-30 10:10:41 +00:00 · 2023-12-19 11:00:28 +00:00 · 2023-12-19 11:00:28 +00:00 · ea34d17821
commit ea34d17821
parent 24194afa9a
13 changed files with 299 additions and 17 deletions
--- a/CVE-2023/CVE-2023-461xx/CVE-2023-46104.json
+++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46104.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-46104",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2023-12-19T10:15:07.517",
+  "lastModified": "2023-12-19T10:15:07.517",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.\u00a0\u00a0\nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@apache.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-400"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-490xx/CVE-2023-49006.json
+++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49006.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-49006",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-19T10:15:07.883",
+  "lastModified": "2023-12-19T10:15:07.883",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/Hebing123/cve/issues/5",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/phpsysinfo/phpsysinfo/commit/4f2cee505e4f2e9b369a321063ff2c5e0c34ba45",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://huntr.com/bounties/ca6d669f-fd82-4188-aae2-69e08740d982/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-494xx/CVE-2023-49489.json
+++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49489.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-49489",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-19T10:15:07.943",
+  "lastModified": "2023-12-19T10:15:07.943",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Reflective Cross Site Scripting (XSS) vulnerability in KodeExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/kalcaddle/KodExplorer/issues/526",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-497xx/CVE-2023-49734.json
+++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49734.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-49734",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2023-12-19T10:15:08.007",
+  "lastModified": "2023-12-19T10:15:08.007",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@apache.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.7,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-497xx/CVE-2023-49736.json
+++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49736.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-49736",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2023-12-19T10:15:08.323",
+  "lastModified": "2023-12-19T10:15:08.323",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement\u00a0would allow for SQL injection\u00a0in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2, which fixes the issue.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@apache.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-503xx/CVE-2023-50376.json
+++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50376.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-50376",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-12-19T09:15:36.343",
+  "lastModified": "2023-12-19T09:15:36.343",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a through 4.3.8.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-58xx/CVE-2023-5869.json
+++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5869.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-5869",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2023-12-10T18:15:07.410",
-  "lastModified": "2023-12-19T06:15:45.600",
+  "lastModified": "2023-12-19T10:15:08.640",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -494,6 +494,10 @@
      "url": "https://access.redhat.com/errata/RHSA-2023:7790",
      "source": "secalert@redhat.com"
    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:7878",
+      "source": "secalert@redhat.com"
+    },
    {
      "url": "https://access.redhat.com/security/cve/CVE-2023-5869",
      "source": "secalert@redhat.com",
--- a/CVE-2023/CVE-2023-66xx/CVE-2023-6655.json
+++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6655.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-6655",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-12-10T16:15:07.067",
-  "lastModified": "2023-12-14T17:08:27.083",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-12-19T09:15:37.367",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-68xx/CVE-2023-6893.json
+++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6893.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-6893",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-12-17T07:15:07.137",
-  "lastModified": "2023-12-18T15:15:10.420",
+  "lastModified": "2023-12-19T09:15:37.577",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
--- a/CVE-2023/CVE-2023-68xx/CVE-2023-6894.json
+++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6894.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-6894",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-12-17T08:15:06.833",
-  "lastModified": "2023-12-18T15:15:10.507",
+  "lastModified": "2023-12-19T09:15:37.673",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
--- a/CVE-2023/CVE-2023-68xx/CVE-2023-6895.json
+++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6895.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-6895",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-12-17T08:15:07.173",
-  "lastModified": "2023-12-18T15:15:10.583",
+  "lastModified": "2023-12-19T09:15:37.757",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
--- a/CVE-2023/CVE-2023-69xx/CVE-2023-6903.json
+++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6903.json
@ -2,12 +2,16 @@
  "id": "CVE-2023-6903",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-12-17T23:15:44.167",
-  "lastModified": "2023-12-18T14:05:22.187",
+  "lastModified": "2023-12-19T09:15:37.827",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file /admin/singlelogin.php?submit=1. The manipulation of the argument loginId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248265 was assigned to this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad ha sido encontrada en Netentsec NS-ASG Application Security Gateway 6.3.1 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /admin/singlelogin.php?submit=1. La manipulaci\u00f3n del argumento loginId conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248265."
    }
  ],
  "metrics": {
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-12-19T07:00:24.094992+00:00
+2023-12-19T11:00:24.796731+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-12-19T06:15:45.600000+00:00
+2023-12-19T10:15:08.640000+00:00
 ```

 ### Last Data Feed Release
@ -29,25 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-233687
+233693
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `6`

+* [CVE-2023-50376](CVE-2023/CVE-2023-503xx/CVE-2023-50376.json) (`2023-12-19T09:15:36.343`)
+* [CVE-2023-46104](CVE-2023/CVE-2023-461xx/CVE-2023-46104.json) (`2023-12-19T10:15:07.517`)
+* [CVE-2023-49006](CVE-2023/CVE-2023-490xx/CVE-2023-49006.json) (`2023-12-19T10:15:07.883`)
+* [CVE-2023-49489](CVE-2023/CVE-2023-494xx/CVE-2023-49489.json) (`2023-12-19T10:15:07.943`)
+* [CVE-2023-49734](CVE-2023/CVE-2023-497xx/CVE-2023-49734.json) (`2023-12-19T10:15:08.007`)
+* [CVE-2023-49736](CVE-2023/CVE-2023-497xx/CVE-2023-49736.json) (`2023-12-19T10:15:08.323`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `6`

-* [CVE-2020-27792](CVE-2020/CVE-2020-277xx/CVE-2020-27792.json) (`2023-12-19T06:15:44.583`)
-* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-19T05:15:08.540`)
-* [CVE-2023-51384](CVE-2023/CVE-2023-513xx/CVE-2023-51384.json) (`2023-12-19T05:15:09.790`)
-* [CVE-2023-51385](CVE-2023/CVE-2023-513xx/CVE-2023-51385.json) (`2023-12-19T05:15:09.840`)
-* [CVE-2023-4154](CVE-2023/CVE-2023-41xx/CVE-2023-4154.json) (`2023-12-19T06:15:45.453`)
-* [CVE-2023-5869](CVE-2023/CVE-2023-58xx/CVE-2023-5869.json) (`2023-12-19T06:15:45.600`)
+* [CVE-2023-6655](CVE-2023/CVE-2023-66xx/CVE-2023-6655.json) (`2023-12-19T09:15:37.367`)
+* [CVE-2023-6893](CVE-2023/CVE-2023-68xx/CVE-2023-6893.json) (`2023-12-19T09:15:37.577`)
+* [CVE-2023-6894](CVE-2023/CVE-2023-68xx/CVE-2023-6894.json) (`2023-12-19T09:15:37.673`)
+* [CVE-2023-6895](CVE-2023/CVE-2023-68xx/CVE-2023-6895.json) (`2023-12-19T09:15:37.757`)
+* [CVE-2023-6903](CVE-2023/CVE-2023-69xx/CVE-2023-6903.json) (`2023-12-19T09:15:37.827`)
+* [CVE-2023-5869](CVE-2023/CVE-2023-58xx/CVE-2023-5869.json) (`2023-12-19T10:15:08.640`)


 ## Download and Usage