admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-12-18 21:27:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-03T21:00:18.449910+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-03 21:00:22 +00:00
parent 4db864e49a
commit eb97c8071c
7 changed files with 197 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2021/CVE-2021-395xx/CVE-2021-39537.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-39537",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-09-20T16:15:12.477",
"lastModified": "2023-04-27T15:15:09.233",
"lastModified": "2023-12-03T20:15:06.860",
"vulnStatus": "Modified",
"descriptions": [
{
@ -159,6 +159,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html",
"source": "cve@mitre.org",

92
CVE-2022/CVE-2022-49xx/CVE-2022-4957.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2022-4957",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-03T19:15:07.950",
"lastModified": "2023-12-03T19:15:07.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in librespeed speedtest up to 5.2.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file results/stats.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. Upgrading to version 5.2.5 is able to address this issue. The patch is named a85f2c086f3449dffa8fe2edb5e2ef3ee72dc0e9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-246643."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librespeed/speedtest/commit/a85f2c086f3449dffa8fe2edb5e2ef3ee72dc0e9",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/librespeed/speedtest/releases/tag/5.2.5",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.246643",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.246643",
"source": "cna@vuldb.com"
}
]
}

6
CVE-2023/CVE-2023-294xx/CVE-2023-29491.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29491",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-14T01:15:08.570",
"lastModified": "2023-11-07T04:11:19.007",
"lastModified": "2023-12-03T20:15:07.023",
"vulnStatus": "Modified",
"descriptions": [
{
@ -87,6 +87,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html",
"source": "cve@mitre.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230517-0009/",
"source": "cve@mitre.org"

32
CVE-2023/CVE-2023-499xx/CVE-2023-49946.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-49946",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-03T19:15:08.227",
"lastModified": "2023-12-03T19:15:08.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions."
}
],
"metrics": {},
"references": [
{
"url": "https://about.gitea.com/security",
"source": "cve@mitre.org"
},
{
"url": "https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md",
"source": "cve@mitre.org"
},
{
"url": "https://forgejo.org/2023-11-release-v1-20-5-1/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/gogs/gogs/security",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-499xx/CVE-2023-49947.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49947",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-03T19:15:08.280",
"lastModified": "2023-12-03T19:15:08.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication."
}
],
"metrics": {},
"references": [
{
"url": "https://codeberg.org/forgejo/forgejo/commit/44df78edd40076b349d50dc5fb02af417a44cfab",
"source": "cve@mitre.org"
},
{
"url": "https://forgejo.org/2023-11-release-v1-20-5-1/",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-499xx/CVE-2023-49948.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-49948",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-03T19:15:08.330",
"lastModified": "2023-12-03T19:15:08.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL."
}
],
"metrics": {},
"references": [
{
"url": "https://codeberg.org/forgejo/forgejo/commit/d7408d8b0b04afd2a3c8e23cc908e7bd3849f34d",
"source": "cve@mitre.org"
},
{
"url": "https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md",
"source": "cve@mitre.org"
},
{
"url": "https://forgejo.org/2023-11-release-v1-20-5-1/",
"source": "cve@mitre.org"
}
]
}

17
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-03T19:00:18.213644+00:00
2023-12-03T21:00:18.449910+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-03T18:15:42.273000+00:00
2023-12-03T20:15:07.023000+00:00
```
### Last Data Feed Release
@ -29,20 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231993
231997
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `4`
* [CVE-2023-45178](CVE-2023/CVE-2023-451xx/CVE-2023-45178.json) (`2023-12-03T18:15:42.273`)
* [CVE-2022-4957](CVE-2022/CVE-2022-49xx/CVE-2022-4957.json) (`2023-12-03T19:15:07.950`)
* [CVE-2023-49946](CVE-2023/CVE-2023-499xx/CVE-2023-49946.json) (`2023-12-03T19:15:08.227`)
* [CVE-2023-49947](CVE-2023/CVE-2023-499xx/CVE-2023-49947.json) (`2023-12-03T19:15:08.280`)
* [CVE-2023-49948](CVE-2023/CVE-2023-499xx/CVE-2023-49948.json) (`2023-12-03T19:15:08.330`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `2`
* [CVE-2021-39537](CVE-2021/CVE-2021-395xx/CVE-2021-39537.json) (`2023-12-03T20:15:06.860`)
* [CVE-2023-29491](CVE-2023/CVE-2023-294xx/CVE-2023-29491.json) (`2023-12-03T20:15:07.023`)
## Download and Usage