admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-10T02:00:25.261612+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-10 02:00:29 +00:00
parent cde7fc08f1
commit f408158978
7 changed files with 482 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
CVE-2023/CVE-2023-48xx/CVE-2023-4866.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-4866",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-10T00:15:07.330",
"lastModified": "2023-09-10T00:15:07.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file booking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239351."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://blog.csdn.net/weixin_43864034/article/details/132697070",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.239351",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.239351",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-48xx/CVE-2023-4867.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-4867",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-10T01:15:07.207",
"lastModified": "2023-09-10T01:15:07.207",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Xintian Smart Table Integrated Management System 5.6.9. It has been classified as critical. Affected is an unknown function of the file /SysManage/AddUpdateSites.aspx of the component Added Site Page. The manipulation of the argument TbxSiteName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239352."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/fortunate888/cve/blob/main/sql_inject_1.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.239352",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.239352",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-48xx/CVE-2023-4868.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-4868",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-10T01:15:07.910",
"lastModified": "2023-09-10T01:15:07.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239353 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://skypoc.wordpress.com/2023/09/05/vuln1/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.239353",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.239353",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-48xx/CVE-2023-4869.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-4869",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-10T01:15:08.143",
"lastModified": "2023-09-10T01:15:08.143",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239354 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://skypoc.wordpress.com/2023/09/05/vuln1/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.239354",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.239354",
"source": "cna@vuldb.com"
}
]
}

59
CVE-2023/CVE-2023-48xx/CVE-2023-4876.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4876",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-10T01:15:08.393",
"lastModified": "2023-09-10T01:15:08.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/hamza417/inure/commit/7db5511753089c3cf477475f1f3b62a6e6ede4a8",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/f729d2c8-a62e-4f30-ac24-e187b0a7892a",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-48xx/CVE-2023-4877.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4877",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-10T01:15:08.587",
"lastModified": "2023-09-10T01:15:08.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/hamza417/inure/commit/09762e8c059be5983ca55e6424b2b5992fa740e7",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/168e9299-f8ff-40d6-9def-d097b38bad84",
"source": "security@huntr.dev"
}
]
}

24
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-09T23:55:18.245839+00:00
2023-09-10T02:00:25.261612+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-09T23:15:40.483000+00:00
2023-09-10T01:15:08.587000+00:00
```
### Last Data Feed Release
@ -23,31 +23,31 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-09-09T00:00:13.585881+00:00
2023-09-10T00:00:13.544140+00:00
```
### Total Number of included CVEs
```plain
224555
224561
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `6`
* [CVE-2023-41915](CVE-2023/CVE-2023-419xx/CVE-2023-41915.json) (`2023-09-09T22:15:09.530`)
* [CVE-2023-4865](CVE-2023/CVE-2023-48xx/CVE-2023-4865.json) (`2023-09-09T23:15:40.483`)
* [CVE-2023-4866](CVE-2023/CVE-2023-48xx/CVE-2023-4866.json) (`2023-09-10T00:15:07.330`)
* [CVE-2023-4867](CVE-2023/CVE-2023-48xx/CVE-2023-4867.json) (`2023-09-10T01:15:07.207`)
* [CVE-2023-4868](CVE-2023/CVE-2023-48xx/CVE-2023-4868.json) (`2023-09-10T01:15:07.910`)
* [CVE-2023-4869](CVE-2023/CVE-2023-48xx/CVE-2023-4869.json) (`2023-09-10T01:15:08.143`)
* [CVE-2023-4876](CVE-2023/CVE-2023-48xx/CVE-2023-4876.json) (`2023-09-10T01:15:08.393`)
* [CVE-2023-4877](CVE-2023/CVE-2023-48xx/CVE-2023-4877.json) (`2023-09-10T01:15:08.587`)
### CVEs modified in the last Commit
Recently modified CVEs: `4`
Recently modified CVEs: `0`
* [CVE-2023-29491](CVE-2023/CVE-2023-294xx/CVE-2023-29491.json) (`2023-09-09T22:15:07.570`)
* [CVE-2023-32422](CVE-2023/CVE-2023-324xx/CVE-2023-32422.json) (`2023-09-09T22:15:08.817`)
* [CVE-2023-38605](CVE-2023/CVE-2023-386xx/CVE-2023-38605.json) (`2023-09-09T22:15:09.117`)
* [CVE-2023-40392](CVE-2023/CVE-2023-403xx/CVE-2023-40392.json) (`2023-09-09T22:15:09.297`)
## Download and Usage