diff --git a/CVE-2016/CVE-2016-108xx/CVE-2016-10893.json b/CVE-2016/CVE-2016-108xx/CVE-2016-10893.json index 87e6eb30ceb..9efa9bb7bdf 100644 --- a/CVE-2016/CVE-2016-108xx/CVE-2016-10893.json +++ b/CVE-2016/CVE-2016-108xx/CVE-2016-10893.json @@ -2,8 +2,8 @@ "id": "CVE-2016-10893", "sourceIdentifier": "cve@mitre.org", "published": "2019-08-20T15:15:11.603", - "lastModified": "2019-08-22T14:40:48.280", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-31T21:15:08.257", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -94,6 +94,14 @@ } ], "references": [ + { + "url": "https://github.com/aramk/crayon-syntax-highlighter/commit/7fdb2e6b4c65178b4ed01ff08a8a38afe5a5151e", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/aramk/crayon-syntax-highlighter/issues/347", + "source": "cve@mitre.org" + }, { "url": "https://wordpress.org/plugins/crayon-syntax-highlighter/#developers", "source": "cve@mitre.org", diff --git a/CVE-2022/CVE-2022-37xx/CVE-2022-3708.json b/CVE-2022/CVE-2022-37xx/CVE-2022-3708.json index 94d2b74cec0..d6ec5cd8fde 100644 --- a/CVE-2022/CVE-2022-37xx/CVE-2022-3708.json +++ b/CVE-2022/CVE-2022-37xx/CVE-2022-3708.json @@ -2,12 +2,16 @@ "id": "CVE-2022-3708", "sourceIdentifier": "security@wordfence.com", "published": "2022-10-28T19:15:10.140", - "lastModified": "2022-11-03T14:28:02.023", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-31T22:15:08.503", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services." + "value": "The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services." + }, + { + "lang": "es", + "value": "El complemento Web Stories para WordPress es vulnerable a Server-Side Request Forgery en versiones hasta la 1.24.0 incluida debido a una validaci\u00f3n insuficiente de las URL proporcionadas a trav\u00e9s del par\u00e1metro 'url' que se encuentra en /v1/hotlink/proxy REST API Endpoint. Esto hizo posible que los usuarios autenticados realizaran solicitudes web a ubicaciones arbitrarias originadas en la aplicaci\u00f3n web y se puede utilizar para consultar y modificar informaci\u00f3n de servicios internos." } ], "metrics": { @@ -111,6 +115,10 @@ "Third Party Advisory" ] }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7817a840-325a-4709-8374-84bb32d98d0e?source=cve", + "source": "security@wordfence.com" + }, { "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3708", "source": "security@wordfence.com", diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20886.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20886.json new file mode 100644 index 00000000000..3556a2efdbc --- /dev/null +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20886.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20886", + "sourceIdentifier": "security@vmware.com", + "published": "2023-10-31T21:15:08.440", + "lastModified": "2023-10-31T21:15:08.440", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "VMware Workspace ONE UEM console contains an open redirect vulnerability.\n\n\nA malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0025.html", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3676.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3676.json new file mode 100644 index 00000000000..9398d4e9919 --- /dev/null +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3676.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3676", + "sourceIdentifier": "jordan@liggitt.net", + "published": "2023-10-31T21:15:08.550", + "lastModified": "2023-10-31T21:15:08.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/kubernetes/kubernetes/issues/119339", + "source": "jordan@liggitt.net" + }, + { + "url": "https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc", + "source": "jordan@liggitt.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-396xx/CVE-2023-39610.json b/CVE-2023/CVE-2023-396xx/CVE-2023-39610.json new file mode 100644 index 00000000000..49c26a0c57a --- /dev/null +++ b/CVE-2023/CVE-2023-396xx/CVE-2023-39610.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39610", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-31T21:15:08.507", + "lastModified": "2023-10-31T21:15:08.507", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zn9988/publications/tree/main/1.TP-Link%20Tapo%20C100%20-%20HTTP%20Denial-Of-Service", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3955.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3955.json new file mode 100644 index 00000000000..7b1df165cd1 --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3955.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3955", + "sourceIdentifier": "jordan@liggitt.net", + "published": "2023-10-31T21:15:08.613", + "lastModified": "2023-10-31T21:15:08.613", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "jordan@liggitt.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/kubernetes/kubernetes/issues/119595", + "source": "jordan@liggitt.net" + }, + { + "url": "https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E", + "source": "jordan@liggitt.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41377.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41377.json index ac9004b3320..7cbc7e9af43 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41377.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41377.json @@ -2,66 +2,14 @@ "id": "CVE-2023-41377", "sourceIdentifier": "psirt@tigera.io", "published": "2023-10-31T20:15:09.727", - "lastModified": "2023-10-31T20:15:09.727", - "vulnStatus": "Received", + "lastModified": "2023-10-31T22:15:08.677", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.\n" + "value": "** REJECT ** REJECT DO NOT USE THIS CANDIDATE \nNUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that \nwas not assigned to any issues during 2023. Notes: none." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "psirt@tigera.io", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - } - ] - }, - "weaknesses": [ - { - "source": "psirt@tigera.io", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-400" - }, - { - "lang": "en", - "value": "CWE-703" - } - ] - } - ], - "references": [ - { - "url": "https://github.com/projectcalico/calico/pull/7908", - "source": "psirt@tigera.io" - }, - { - "url": "https://github.com/projectcalico/calico/pull/7993", - "source": "psirt@tigera.io" - }, - { - "url": "https://www.tigera.io/security-bulletins-tta-2023-001/", - "source": "psirt@tigera.io" - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-432xx/CVE-2023-43295.json b/CVE-2023/CVE-2023-432xx/CVE-2023-43295.json new file mode 100644 index 00000000000..1cd8da351f5 --- /dev/null +++ b/CVE-2023/CVE-2023-432xx/CVE-2023-43295.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-43295", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-31T21:15:08.677", + "lastModified": "2023-10-31T21:15:08.677", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.clickstudios.com.au/security/advisories/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44484.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44484.json new file mode 100644 index 00000000000..19c23894036 --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44484.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-44484", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-10-31T22:15:08.720", + "lastModified": "2023-10-31T22:15:08.720", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities.\u00a0The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/carpenter/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44485.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44485.json new file mode 100644 index 00000000000..63a1d2cf279 --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44485.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-44485", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-10-31T22:15:08.793", + "lastModified": "2023-10-31T22:15:08.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities.\u00a0The 'lastName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/carpenter/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44486.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44486.json new file mode 100644 index 00000000000..d8d82ebbdb3 --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44486.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-44486", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-10-31T22:15:08.867", + "lastModified": "2023-10-31T22:15:08.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities.\u00a0The 'address' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/carpenter/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-459xx/CVE-2023-45992.json b/CVE-2023/CVE-2023-459xx/CVE-2023-45992.json index bb1637e046e..3e46d4f2548 100644 --- a/CVE-2023/CVE-2023-459xx/CVE-2023-45992.json +++ b/CVE-2023/CVE-2023-459xx/CVE-2023-45992.json @@ -2,12 +2,12 @@ "id": "CVE-2023-45992", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-19T19:15:16.223", - "lastModified": "2023-10-25T20:22:06.523", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-31T21:15:08.720", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruckus CloudPath v.5.12.54414 allows a remote attacker to escalate privileges via a crafted script to the macaddress parameter in the onboarding portal." + "value": "A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46484.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46484.json new file mode 100644 index 00000000000..82e4b73b668 --- /dev/null +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46484.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-46484", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-31T21:15:08.777", + "lastModified": "2023-10-31T21:15:08.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://815yang.github.io/2023/10/29/x6000r/setLedCfg/TOTOlink%20X6000R%20setLedCfg%20e/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46485.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46485.json new file mode 100644 index 00000000000..ab3563e164e --- /dev/null +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46485.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-46485", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-31T21:15:08.817", + "lastModified": "2023-10-31T21:15:08.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://815yang.github.io/2023/10/29/x6000r/TOTOlink%20X6000R%20V9.1.0cu.2350_B20230313-rsetTracerouteCfg/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5306.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5306.json new file mode 100644 index 00000000000..b43d300d2f3 --- /dev/null +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5306.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5306", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-10-31T22:15:08.933", + "lastModified": "2023-10-31T22:15:08.933", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities.\u00a0The 'city' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/carpenter/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://projectworlds.in/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 71d38dd4599..9331e902ab4 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-31T21:00:19.852945+00:00 +2023-10-31T23:00:18.996971+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-31T20:15:09.727000+00:00 +2023-10-31T22:15:08.933000+00:00 ``` ### Last Data Feed Release @@ -29,32 +29,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -229401 +229412 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `11` -* [CVE-2023-41377](CVE-2023/CVE-2023-413xx/CVE-2023-41377.json) (`2023-10-31T20:15:09.727`) +* [CVE-2023-20886](CVE-2023/CVE-2023-208xx/CVE-2023-20886.json) (`2023-10-31T21:15:08.440`) +* [CVE-2023-39610](CVE-2023/CVE-2023-396xx/CVE-2023-39610.json) (`2023-10-31T21:15:08.507`) +* [CVE-2023-3676](CVE-2023/CVE-2023-36xx/CVE-2023-3676.json) (`2023-10-31T21:15:08.550`) +* [CVE-2023-3955](CVE-2023/CVE-2023-39xx/CVE-2023-3955.json) (`2023-10-31T21:15:08.613`) +* [CVE-2023-43295](CVE-2023/CVE-2023-432xx/CVE-2023-43295.json) (`2023-10-31T21:15:08.677`) +* [CVE-2023-46484](CVE-2023/CVE-2023-464xx/CVE-2023-46484.json) (`2023-10-31T21:15:08.777`) +* [CVE-2023-46485](CVE-2023/CVE-2023-464xx/CVE-2023-46485.json) (`2023-10-31T21:15:08.817`) +* [CVE-2023-44484](CVE-2023/CVE-2023-444xx/CVE-2023-44484.json) (`2023-10-31T22:15:08.720`) +* [CVE-2023-44485](CVE-2023/CVE-2023-444xx/CVE-2023-44485.json) (`2023-10-31T22:15:08.793`) +* [CVE-2023-44486](CVE-2023/CVE-2023-444xx/CVE-2023-44486.json) (`2023-10-31T22:15:08.867`) +* [CVE-2023-5306](CVE-2023/CVE-2023-53xx/CVE-2023-5306.json) (`2023-10-31T22:15:08.933`) ### CVEs modified in the last Commit -Recently modified CVEs: `12` +Recently modified CVEs: `4` -* [CVE-2020-15862](CVE-2020/CVE-2020-158xx/CVE-2020-15862.json) (`2023-10-31T19:30:58.390`) -* [CVE-2023-37909](CVE-2023/CVE-2023-379xx/CVE-2023-37909.json) (`2023-10-31T19:06:12.430`) -* [CVE-2023-39533](CVE-2023/CVE-2023-395xx/CVE-2023-39533.json) (`2023-10-31T19:08:26.883`) -* [CVE-2023-37910](CVE-2023/CVE-2023-379xx/CVE-2023-37910.json) (`2023-10-31T19:17:29.223`) -* [CVE-2023-39619](CVE-2023/CVE-2023-396xx/CVE-2023-39619.json) (`2023-10-31T19:18:44.510`) -* [CVE-2023-22102](CVE-2023/CVE-2023-221xx/CVE-2023-22102.json) (`2023-10-31T19:20:48.380`) -* [CVE-2023-37911](CVE-2023/CVE-2023-379xx/CVE-2023-37911.json) (`2023-10-31T19:27:21.837`) -* [CVE-2023-42031](CVE-2023/CVE-2023-420xx/CVE-2023-42031.json) (`2023-10-31T19:34:27.363`) -* [CVE-2023-41339](CVE-2023/CVE-2023-413xx/CVE-2023-41339.json) (`2023-10-31T19:53:57.670`) -* [CVE-2023-43281](CVE-2023/CVE-2023-432xx/CVE-2023-43281.json) (`2023-10-31T20:00:45.993`) -* [CVE-2023-41721](CVE-2023/CVE-2023-417xx/CVE-2023-41721.json) (`2023-10-31T20:02:00.777`) -* [CVE-2023-44794](CVE-2023/CVE-2023-447xx/CVE-2023-44794.json) (`2023-10-31T20:08:45.883`) +* [CVE-2016-10893](CVE-2016/CVE-2016-108xx/CVE-2016-10893.json) (`2023-10-31T21:15:08.257`) +* [CVE-2022-3708](CVE-2022/CVE-2022-37xx/CVE-2022-3708.json) (`2023-10-31T22:15:08.503`) +* [CVE-2023-45992](CVE-2023/CVE-2023-459xx/CVE-2023-45992.json) (`2023-10-31T21:15:08.720`) +* [CVE-2023-41377](CVE-2023/CVE-2023-413xx/CVE-2023-41377.json) (`2023-10-31T22:15:08.677`) ## Download and Usage