admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-02T23:00:24.766906+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-02 23:00:28 +00:00
parent 6f35bba637
commit fdeb1c6dd8
38 changed files with 1080 additions and 1507 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2020/CVE-2020-266xx/CVE-2020-26623.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2020-26623",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T22:15:07.777",
"lastModified": "2024-01-02T22:15:07.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal."
}
],
"metrics": {},
"references": [
{
"url": "http://gilacms.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/GilaCMS/gila",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/GilaCMS/gila/security/policy",
"source": "cve@mitre.org"
},
{
"url": "https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html",
"source": "cve@mitre.org"
}
]
}

32
CVE-2020/CVE-2020-266xx/CVE-2020-26624.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2020-26624",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T22:15:07.837",
"lastModified": "2024-01-02T22:15:07.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal."
}
],
"metrics": {},
"references": [
{
"url": "http://gilacms.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/GilaCMS/gila",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/GilaCMS/gila/security/policy",
"source": "cve@mitre.org"
},
{
"url": "https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html",
"source": "cve@mitre.org"
}
]
}

32
CVE-2020/CVE-2020-266xx/CVE-2020-26625.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2020-26625",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T22:15:07.880",
"lastModified": "2024-01-02T22:15:07.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal."
}
],
"metrics": {},
"references": [
{
"url": "http://gilacms.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/GilaCMS/gila",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/GilaCMS/gila/security/policy",
"source": "cve@mitre.org"
},
{
"url": "https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-39xx/CVE-2023-3961.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3961",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-03T13:15:08.723",
"lastModified": "2023-11-22T23:15:08.170",
"lastModified": "2024-01-02T21:15:08.913",
"vulnStatus": "Modified",
"descriptions": [
{
@ -41,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
@ -212,6 +212,10 @@
"Mailing List"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0002/",
"source": "secalert@redhat.com"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-3961.html",
"source": "secalert@redhat.com",

55
CVE-2023/CVE-2023-41xx/CVE-2023-4164.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4164",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-01-02T22:15:08.937",
"lastModified": "2024-01-02T22:15:08.937",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is a possible information\u00a0disclosure due to a missing permission check. This could lead to local\u00a0information disclosure of health data with no additional execution\u00a0privileges needed.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "dsap-vuln-management@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "dsap-vuln-management@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01",
"source": "dsap-vuln-management@google.com"
}
]
}

112
CVE-2023/CVE-2023-441xx/CVE-2023-44165.json
View File

@ -2,116 +2,14 @@
"id": "CVE-2023-44165",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-28T22:15:10.543",
"lastModified": "2023-09-30T02:16:17.143",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T22:15:07.967",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "The 'Password' parameter of the process_login.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n"
},
{
"lang": "es",
"value": "El par\u00e1metro 'Password' del recurso process_login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_movie_ticket_booking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DE67C1-6787-49CD-8DFA-3747E0DCF7AF"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/starr",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

112
CVE-2023/CVE-2023-441xx/CVE-2023-44167.json
View File

@ -2,116 +2,14 @@
"id": "CVE-2023-44167",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-28T22:15:10.667",
"lastModified": "2023-09-30T02:16:20.297",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T22:15:08.060",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "The 'name' parameter of the process_registration.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n"
},
{
"lang": "es",
"value": "El par\u00e1metro 'name' del recurso process_registration.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_movie_ticket_booking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DE67C1-6787-49CD-8DFA-3747E0DCF7AF"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/starr",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

112
CVE-2023/CVE-2023-441xx/CVE-2023-44168.json
View File

@ -2,116 +2,14 @@
"id": "CVE-2023-44168",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-28T22:15:10.730",
"lastModified": "2023-09-30T02:16:22.197",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T22:15:08.137",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "The 'phone' parameter of the process_registration.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n"
},
{
"lang": "es",
"value": "El par\u00e1metro 'phone' del recurso process_registration.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_movie_ticket_booking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DE67C1-6787-49CD-8DFA-3747E0DCF7AF"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/starr",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

82
CVE-2023/CVE-2023-453xx/CVE-2023-45326.json
View File

@ -2,86 +2,14 @@
"id": "CVE-2023-45326",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-02T14:15:11.783",
"lastModified": "2023-11-09T15:41:42.737",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T21:15:09.207",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'email' del recurso routers/add-users.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/hann",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

82
CVE-2023/CVE-2023-453xx/CVE-2023-45327.json
View File

@ -2,86 +2,14 @@
"id": "CVE-2023-45327",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-02T14:15:11.870",
"lastModified": "2023-11-09T15:41:53.263",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T21:15:09.293",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'name' del recurso routers/add-users.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/hann",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

82
CVE-2023/CVE-2023-453xx/CVE-2023-45328.json
View File

@ -2,86 +2,14 @@
"id": "CVE-2023-45328",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-02T14:15:11.947",
"lastModified": "2023-11-30T19:26:14.930",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T21:15:09.380",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'password' del recurso routers/add-users.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/hann",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

102
CVE-2023/CVE-2023-453xx/CVE-2023-45330.json
View File

@ -2,106 +2,14 @@
"id": "CVE-2023-45330",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-02T14:15:12.093",
"lastModified": "2023-11-09T15:42:20.077",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T21:15:09.453",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'username' del recurso routers/add-users.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/hann",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in/",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

28
CVE-2023/CVE-2023-455xx/CVE-2023-45561.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-45561",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T21:15:09.530",
"lastModified": "2024-01-02T21:15:09.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token."
}
],
"metrics": {},
"references": [
{
"url": "http://a-world.com",
"source": "cve@mitre.org"
},
{
"url": "http://oirase.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45561.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-458xx/CVE-2023-45892.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45892",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T21:15:09.583",
"lastModified": "2024-01-02T21:15:09.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45892.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-458xx/CVE-2023-45893.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45893",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T21:15:09.630",
"lastModified": "2024-01-02T21:15:09.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45893.md",
"source": "cve@mitre.org"
}
]
}

82
CVE-2023/CVE-2023-467xx/CVE-2023-46786.json
View File

@ -2,86 +2,14 @@
"id": "CVE-2023-46786",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-07T21:15:13.170",
"lastModified": "2023-11-13T18:00:15.540",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T22:15:08.210",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'password' del recurso auth/auth.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ros",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

92
CVE-2023/CVE-2023-467xx/CVE-2023-46790.json
View File

@ -2,96 +2,14 @@
"id": "CVE-2023-46790",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-07T21:15:13.987",
"lastModified": "2023-11-13T17:59:28.717",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T22:15:08.290",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic2' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El atributo 'filename' del par\u00e1metro multiparte 'pic2' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ros",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

82
CVE-2023/CVE-2023-467xx/CVE-2023-46791.json
View File

@ -2,86 +2,14 @@
"id": "CVE-2023-46791",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-12-21T20:15:07.547",
"lastModified": "2023-12-29T06:03:28.723",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T22:15:08.367",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic3' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Matrimonial Project v1.0 es vulnerable a m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El atributo 'filename' del par\u00e1metro multiparte 'pic3' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ros",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

82
CVE-2023/CVE-2023-467xx/CVE-2023-46792.json
View File

@ -2,86 +2,14 @@
"id": "CVE-2023-46792",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-07T22:15:11.640",
"lastModified": "2023-11-13T17:59:18.123",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T22:15:08.440",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic4' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El atributo 'filename' del par\u00e1metro multiparte 'pic4' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ros",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

82
CVE-2023/CVE-2023-467xx/CVE-2023-46794.json
View File

@ -2,86 +2,14 @@
"id": "CVE-2023-46794",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-07T22:15:12.833",
"lastModified": "2023-11-13T17:58:56.497",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T22:15:08.510",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'email' en la funci\u00f3n 'register()' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ros",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

82
CVE-2023/CVE-2023-467xx/CVE-2023-46795.json
View File

@ -2,86 +2,14 @@
"id": "CVE-2023-46795",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-07T22:15:13.063",
"lastModified": "2023-11-13T17:58:45.853",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T22:15:08.580",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'gender' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'gender' en la funci\u00f3n 'register()' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ros",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

82
CVE-2023/CVE-2023-467xx/CVE-2023-46796.json
View File

@ -2,86 +2,14 @@
"id": "CVE-2023-46796",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-07T22:15:13.257",
"lastModified": "2023-11-13T17:58:34.727",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T22:15:08.650",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'month' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'month' en la funci\u00f3n 'register()' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ros",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

82
CVE-2023/CVE-2023-467xx/CVE-2023-46797.json
View File

@ -2,86 +2,14 @@
"id": "CVE-2023-46797",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-07T22:15:13.447",
"lastModified": "2023-11-13T17:58:24.257",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T22:15:08.717",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'name' en la funci\u00f3n 'register()' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ros",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

112
CVE-2023/CVE-2023-467xx/CVE-2023-46798.json
View File

@ -2,116 +2,14 @@
"id": "CVE-2023-46798",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-07T22:15:13.640",
"lastModified": "2023-11-13T17:58:15.500",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T22:15:08.790",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'pass' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'pass' en la funci\u00f3n 'register()' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ros",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

82
CVE-2023/CVE-2023-467xx/CVE-2023-46799.json
View File

@ -2,86 +2,14 @@
"id": "CVE-2023-46799",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-07T22:15:13.837",
"lastModified": "2023-11-13T17:57:43.850",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-02T22:15:08.863",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'year' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n"
},
{
"lang": "es",
"value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'year' en la funci\u00f3n 'register()' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/ros",
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://projectworlds.in",
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
"metrics": {},
"references": []
}

28
CVE-2023/CVE-2023-474xx/CVE-2023-47458.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-47458",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T21:15:09.673",
"lastModified": "2024-01-02T21:15:09.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework."
}
],
"metrics": {},
"references": [
{
"url": "http://springblade.com",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/Mr-F0reigner/b05487f5ca52d17e214fffd6e1e0312a",
"source": "cve@mitre.org"
},
{
"url": "https://gitee.com/smallc/SpringBlade",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-500xx/CVE-2023-50019.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50019",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T22:15:09.147",
"lastModified": "2024-01-02T22:15:09.147",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/open5gs/open5gs/commit/7278714133422cee46c32c7523f81ec2cecad9e2",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/open5gs/open5gs/issues/2733",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-500xx/CVE-2023-50020.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50020",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T22:15:09.190",
"lastModified": "2024-01-02T22:15:09.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/open5gs/open5gs/commit/1aba814938e3a1b2eec7014bf6ce132d34622e08",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/open5gs/open5gs/issues/2734",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-63xx/CVE-2023-6339.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6339",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-01-02T22:15:09.237",
"lastModified": "2024-01-02T22:15:09.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Google Nest WiFi Pro root code-execution & user-data compromise"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "dsap-vuln-management@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "dsap-vuln-management@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
}
],
"references": [
{
"url": "https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA",
"source": "dsap-vuln-management@google.com"
}
]
}

88
CVE-2024/CVE-2024-01xx/CVE-2024-0194.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0194",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T21:15:09.760",
"lastModified": "2024-01-02T21:15:09.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249509 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249509",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249509",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-01xx/CVE-2024-0195.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0195",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T21:15:10.003",
"lastModified": "2024-01-02T21:15:10.003",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249510",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249510",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-01xx/CVE-2024-0196.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0196",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T22:15:09.453",
"lastModified": "2024-01-02T22:15:09.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/laoquanshi/puppy/blob/main/Magic-Api%20Code%20Execution%20Vulnerability.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249511",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249511",
"source": "cna@vuldb.com"
}
]
}

71
CVE-2024/CVE-2024-216xx/CVE-2024-21623.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2024-21623",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T21:15:10.250",
"lastModified": "2024-01-02T21:15:10.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient \"`Analysis - SonarCloud`\" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589",
"source": "security-advisories@github.com"
},
{
"url": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/",
"source": "security-advisories@github.com"
},
{
"url": "https://securitylab.github.com/research/github-actions-untrusted-input/",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2024/CVE-2024-216xx/CVE-2024-21627.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-21627",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T21:15:10.467",
"lastModified": "2024-01-02T21:15:10.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-216xx/CVE-2024-21628.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21628",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T22:15:09.687",
"lastModified": "2024-01-02T22:15:09.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape mechanism. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2024/CVE-2024-216xx/CVE-2024-21629.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-21629",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T22:15:09.897",
"lastModified": "2024-01-02T22:15:09.897",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). This issue only impacts library users with custom `record_external_operation` that returns errors. The issue is patched in release 0.41.1. No known workarounds are available."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-703"
}
]
}
],
"references": [
{
"url": "https://github.com/rust-ethereum/evm/blob/release-v041/src/executor/stack/executor.rs#L1012C25-L1012C69",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rust-ethereum/evm/commit/d8991ec727ad0fb64fe9957a3cd307387a6701e4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rust-ethereum/evm/pull/264",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rust-ethereum/evm/security/advisories/GHSA-27wg-99g8-2v4v",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-216xx/CVE-2024-21632.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-21632",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T22:15:10.103",
"lastModified": "2024-01-02T22:15:10.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/synth/omniauth-microsoft_graph/commit/f132078389612b797c872b45bd0e0b47382414c1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/synth/omniauth-microsoft_graph/security/advisories/GHSA-5g66-628f-7cvj",
"source": "security-advisories@github.com"
},
{
"url": "https://www.descope.com/blog/post/noauth",
"source": "security-advisories@github.com"
}
]
}

82
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-02T21:00:25.062653+00:00
2024-01-02T23:00:24.766906+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-02T20:54:13.893000+00:00
2024-01-02T22:15:10.103000+00:00
```
### Last Data Feed Release
@ -29,54 +29,56 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234703
234722
```
### CVEs added in the last Commit
Recently added CVEs: `10`
Recently added CVEs: `19`
* [CVE-2022-3010](CVE-2022/CVE-2022-30xx/CVE-2022-3010.json) (`2024-01-02T19:15:09.783`)
* [CVE-2023-48419](CVE-2023/CVE-2023-484xx/CVE-2023-48419.json) (`2024-01-02T19:15:11.280`)
* [CVE-2023-7192](CVE-2023/CVE-2023-71xx/CVE-2023-7192.json) (`2024-01-02T19:15:11.510`)
* [CVE-2023-49794](CVE-2023/CVE-2023-497xx/CVE-2023-49794.json) (`2024-01-02T20:15:10.020`)
* [CVE-2023-50711](CVE-2023/CVE-2023-507xx/CVE-2023-50711.json) (`2024-01-02T20:15:10.250`)
* [CVE-2023-51652](CVE-2023/CVE-2023-516xx/CVE-2023-51652.json) (`2024-01-02T20:15:10.453`)
* [CVE-2023-6752](CVE-2023/CVE-2023-67xx/CVE-2023-6752.json) (`2024-01-02T20:15:10.653`)
* [CVE-2024-0190](CVE-2024/CVE-2024-01xx/CVE-2024-0190.json) (`2024-01-02T19:15:11.717`)
* [CVE-2024-0191](CVE-2024/CVE-2024-01xx/CVE-2024-0191.json) (`2024-01-02T20:15:10.700`)
* [CVE-2024-0192](CVE-2024/CVE-2024-01xx/CVE-2024-0192.json) (`2024-01-02T20:15:10.933`)
* [CVE-2020-26623](CVE-2020/CVE-2020-266xx/CVE-2020-26623.json) (`2024-01-02T22:15:07.777`)
* [CVE-2020-26624](CVE-2020/CVE-2020-266xx/CVE-2020-26624.json) (`2024-01-02T22:15:07.837`)
* [CVE-2020-26625](CVE-2020/CVE-2020-266xx/CVE-2020-26625.json) (`2024-01-02T22:15:07.880`)
* [CVE-2023-45561](CVE-2023/CVE-2023-455xx/CVE-2023-45561.json) (`2024-01-02T21:15:09.530`)
* [CVE-2023-45892](CVE-2023/CVE-2023-458xx/CVE-2023-45892.json) (`2024-01-02T21:15:09.583`)
* [CVE-2023-45893](CVE-2023/CVE-2023-458xx/CVE-2023-45893.json) (`2024-01-02T21:15:09.630`)
* [CVE-2023-47458](CVE-2023/CVE-2023-474xx/CVE-2023-47458.json) (`2024-01-02T21:15:09.673`)
* [CVE-2023-4164](CVE-2023/CVE-2023-41xx/CVE-2023-4164.json) (`2024-01-02T22:15:08.937`)
* [CVE-2023-50019](CVE-2023/CVE-2023-500xx/CVE-2023-50019.json) (`2024-01-02T22:15:09.147`)
* [CVE-2023-50020](CVE-2023/CVE-2023-500xx/CVE-2023-50020.json) (`2024-01-02T22:15:09.190`)
* [CVE-2023-6339](CVE-2023/CVE-2023-63xx/CVE-2023-6339.json) (`2024-01-02T22:15:09.237`)
* [CVE-2024-0194](CVE-2024/CVE-2024-01xx/CVE-2024-0194.json) (`2024-01-02T21:15:09.760`)
* [CVE-2024-0195](CVE-2024/CVE-2024-01xx/CVE-2024-0195.json) (`2024-01-02T21:15:10.003`)
* [CVE-2024-21623](CVE-2024/CVE-2024-216xx/CVE-2024-21623.json) (`2024-01-02T21:15:10.250`)
* [CVE-2024-21627](CVE-2024/CVE-2024-216xx/CVE-2024-21627.json) (`2024-01-02T21:15:10.467`)
* [CVE-2024-0196](CVE-2024/CVE-2024-01xx/CVE-2024-0196.json) (`2024-01-02T22:15:09.453`)
* [CVE-2024-21628](CVE-2024/CVE-2024-216xx/CVE-2024-21628.json) (`2024-01-02T22:15:09.687`)
* [CVE-2024-21629](CVE-2024/CVE-2024-216xx/CVE-2024-21629.json) (`2024-01-02T22:15:09.897`)
* [CVE-2024-21632](CVE-2024/CVE-2024-216xx/CVE-2024-21632.json) (`2024-01-02T22:15:10.103`)
### CVEs modified in the last Commit
Recently modified CVEs: `63`
Recently modified CVEs: `18`
* [CVE-2023-48670](CVE-2023/CVE-2023-486xx/CVE-2023-48670.json) (`2024-01-02T20:02:50.297`)
* [CVE-2023-45112](CVE-2023/CVE-2023-451xx/CVE-2023-45112.json) (`2024-01-02T20:15:09.040`)
* [CVE-2023-45113](CVE-2023/CVE-2023-451xx/CVE-2023-45113.json) (`2024-01-02T20:15:09.137`)
* [CVE-2023-45114](CVE-2023/CVE-2023-451xx/CVE-2023-45114.json) (`2024-01-02T20:15:09.217`)
* [CVE-2023-49678](CVE-2023/CVE-2023-496xx/CVE-2023-49678.json) (`2024-01-02T20:15:09.290`)
* [CVE-2023-49679](CVE-2023/CVE-2023-496xx/CVE-2023-49679.json) (`2024-01-02T20:15:09.360`)
* [CVE-2023-49680](CVE-2023/CVE-2023-496xx/CVE-2023-49680.json) (`2024-01-02T20:15:09.433`)
* [CVE-2023-49682](CVE-2023/CVE-2023-496xx/CVE-2023-49682.json) (`2024-01-02T20:15:09.503`)
* [CVE-2023-49683](CVE-2023/CVE-2023-496xx/CVE-2023-49683.json) (`2024-01-02T20:15:09.577`)
* [CVE-2023-49684](CVE-2023/CVE-2023-496xx/CVE-2023-49684.json) (`2024-01-02T20:15:09.650`)
* [CVE-2023-49685](CVE-2023/CVE-2023-496xx/CVE-2023-49685.json) (`2024-01-02T20:15:09.720`)
* [CVE-2023-49686](CVE-2023/CVE-2023-496xx/CVE-2023-49686.json) (`2024-01-02T20:15:09.793`)
* [CVE-2023-49687](CVE-2023/CVE-2023-496xx/CVE-2023-49687.json) (`2024-01-02T20:15:09.863`)
* [CVE-2023-49690](CVE-2023/CVE-2023-496xx/CVE-2023-49690.json) (`2024-01-02T20:15:09.933`)
* [CVE-2023-6155](CVE-2023/CVE-2023-61xx/CVE-2023-6155.json) (`2024-01-02T20:16:59.773`)
* [CVE-2023-6250](CVE-2023/CVE-2023-62xx/CVE-2023-6250.json) (`2024-01-02T20:19:11.973`)
* [CVE-2023-6166](CVE-2023/CVE-2023-61xx/CVE-2023-6166.json) (`2024-01-02T20:19:26.667`)
* [CVE-2023-7076](CVE-2023/CVE-2023-70xx/CVE-2023-7076.json) (`2024-01-02T20:37:14.207`)
* [CVE-2023-5203](CVE-2023/CVE-2023-52xx/CVE-2023-5203.json) (`2024-01-02T20:43:49.667`)
* [CVE-2023-5980](CVE-2023/CVE-2023-59xx/CVE-2023-5980.json) (`2024-01-02T20:45:48.277`)
* [CVE-2023-5991](CVE-2023/CVE-2023-59xx/CVE-2023-5991.json) (`2024-01-02T20:49:50.667`)
* [CVE-2023-50822](CVE-2023/CVE-2023-508xx/CVE-2023-50822.json) (`2024-01-02T20:54:13.893`)
* [CVE-2024-0188](CVE-2024/CVE-2024-01xx/CVE-2024-0188.json) (`2024-01-02T19:36:26.333`)
* [CVE-2024-0189](CVE-2024/CVE-2024-01xx/CVE-2024-0189.json) (`2024-01-02T19:36:26.333`)
* [CVE-2024-0193](CVE-2024/CVE-2024-01xx/CVE-2024-0193.json) (`2024-01-02T19:36:26.333`)
* [CVE-2023-3961](CVE-2023/CVE-2023-39xx/CVE-2023-3961.json) (`2024-01-02T21:15:08.913`)
* [CVE-2023-45326](CVE-2023/CVE-2023-453xx/CVE-2023-45326.json) (`2024-01-02T21:15:09.207`)
* [CVE-2023-45327](CVE-2023/CVE-2023-453xx/CVE-2023-45327.json) (`2024-01-02T21:15:09.293`)
* [CVE-2023-45328](CVE-2023/CVE-2023-453xx/CVE-2023-45328.json) (`2024-01-02T21:15:09.380`)
* [CVE-2023-45330](CVE-2023/CVE-2023-453xx/CVE-2023-45330.json) (`2024-01-02T21:15:09.453`)
* [CVE-2023-44165](CVE-2023/CVE-2023-441xx/CVE-2023-44165.json) (`2024-01-02T22:15:07.967`)
* [CVE-2023-44167](CVE-2023/CVE-2023-441xx/CVE-2023-44167.json) (`2024-01-02T22:15:08.060`)
* [CVE-2023-44168](CVE-2023/CVE-2023-441xx/CVE-2023-44168.json) (`2024-01-02T22:15:08.137`)
* [CVE-2023-46786](CVE-2023/CVE-2023-467xx/CVE-2023-46786.json) (`2024-01-02T22:15:08.210`)
* [CVE-2023-46790](CVE-2023/CVE-2023-467xx/CVE-2023-46790.json) (`2024-01-02T22:15:08.290`)
* [CVE-2023-46791](CVE-2023/CVE-2023-467xx/CVE-2023-46791.json) (`2024-01-02T22:15:08.367`)
* [CVE-2023-46792](CVE-2023/CVE-2023-467xx/CVE-2023-46792.json) (`2024-01-02T22:15:08.440`)
* [CVE-2023-46794](CVE-2023/CVE-2023-467xx/CVE-2023-46794.json) (`2024-01-02T22:15:08.510`)
* [CVE-2023-46795](CVE-2023/CVE-2023-467xx/CVE-2023-46795.json) (`2024-01-02T22:15:08.580`)
* [CVE-2023-46796](CVE-2023/CVE-2023-467xx/CVE-2023-46796.json) (`2024-01-02T22:15:08.650`)
* [CVE-2023-46797](CVE-2023/CVE-2023-467xx/CVE-2023-46797.json) (`2024-01-02T22:15:08.717`)
* [CVE-2023-46798](CVE-2023/CVE-2023-467xx/CVE-2023-46798.json) (`2024-01-02T22:15:08.790`)
* [CVE-2023-46799](CVE-2023/CVE-2023-467xx/CVE-2023-46799.json) (`2024-01-02T22:15:08.863`)
## Download and Usage