diff --git a/CVE-2020/CVE-2020-266xx/CVE-2020-26623.json b/CVE-2020/CVE-2020-266xx/CVE-2020-26623.json new file mode 100644 index 00000000000..e9d458c9155 --- /dev/null +++ b/CVE-2020/CVE-2020-266xx/CVE-2020-26623.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2020-26623", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-02T22:15:07.777", + "lastModified": "2024-01-02T22:15:07.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://gilacms.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/GilaCMS/gila", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/GilaCMS/gila/security/policy", + "source": "cve@mitre.org" + }, + { + "url": "https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-266xx/CVE-2020-26624.json b/CVE-2020/CVE-2020-266xx/CVE-2020-26624.json new file mode 100644 index 00000000000..3e4878f9b7f --- /dev/null +++ b/CVE-2020/CVE-2020-266xx/CVE-2020-26624.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2020-26624", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-02T22:15:07.837", + "lastModified": "2024-01-02T22:15:07.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://gilacms.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/GilaCMS/gila", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/GilaCMS/gila/security/policy", + "source": "cve@mitre.org" + }, + { + "url": "https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-266xx/CVE-2020-26625.json b/CVE-2020/CVE-2020-266xx/CVE-2020-26625.json new file mode 100644 index 00000000000..12b6488ea2b --- /dev/null +++ b/CVE-2020/CVE-2020-266xx/CVE-2020-26625.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2020-26625", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-02T22:15:07.880", + "lastModified": "2024-01-02T22:15:07.880", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://gilacms.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/GilaCMS/gila", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/GilaCMS/gila/security/policy", + "source": "cve@mitre.org" + }, + { + "url": "https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3961.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3961.json index 61120be879f..4549e07c33e 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3961.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3961.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3961", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-03T13:15:08.723", - "lastModified": "2023-11-22T23:15:08.170", + "lastModified": "2024-01-02T21:15:08.913", "vulnStatus": "Modified", "descriptions": [ { @@ -41,20 +41,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "attackVector": "NETWORK", - "attackComplexity": "HIGH", + "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "LOW", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" }, - "exploitabilityScore": 2.2, - "impactScore": 4.2 + "exploitabilityScore": 3.9, + "impactScore": 5.2 } ] }, @@ -212,6 +212,10 @@ "Mailing List" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20231124-0002/", + "source": "secalert@redhat.com" + }, { "url": "https://www.samba.org/samba/security/CVE-2023-3961.html", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4164.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4164.json new file mode 100644 index 00000000000..4a03231a5e2 --- /dev/null +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4164.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4164", + "sourceIdentifier": "dsap-vuln-management@google.com", + "published": "2024-01-02T22:15:08.937", + "lastModified": "2024-01-02T22:15:08.937", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "There is a possible information\u00a0disclosure due to a missing permission check. This could lead to local\u00a0information disclosure of health data with no additional execution\u00a0privileges needed.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "dsap-vuln-management@google.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "dsap-vuln-management@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01", + "source": "dsap-vuln-management@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44165.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44165.json index 1c7e890fab2..3844d8282b3 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44165.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44165.json @@ -2,116 +2,14 @@ "id": "CVE-2023-44165", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-28T22:15:10.543", - "lastModified": "2023-09-30T02:16:17.143", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T22:15:07.967", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "The 'Password' parameter of the process_login.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n" - }, - { - "lang": "es", - "value": "El par\u00e1metro 'Password' del recurso process_login.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_movie_ticket_booking_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "C5DE67C1-6787-49CD-8DFA-3747E0DCF7AF" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/starr", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44167.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44167.json index b435dfb6a58..e0f869c9078 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44167.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44167.json @@ -2,116 +2,14 @@ "id": "CVE-2023-44167", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-28T22:15:10.667", - "lastModified": "2023-09-30T02:16:20.297", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T22:15:08.060", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "The 'name' parameter of the process_registration.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n" - }, - { - "lang": "es", - "value": "El par\u00e1metro 'name' del recurso process_registration.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_movie_ticket_booking_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "C5DE67C1-6787-49CD-8DFA-3747E0DCF7AF" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/starr", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44168.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44168.json index b24dd0c9d61..468b7974697 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44168.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44168.json @@ -2,116 +2,14 @@ "id": "CVE-2023-44168", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-09-28T22:15:10.730", - "lastModified": "2023-09-30T02:16:22.197", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T22:15:08.137", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "The 'phone' parameter of the process_registration.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n" - }, - { - "lang": "es", - "value": "El par\u00e1metro 'phone' del recurso process_registration.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_movie_ticket_booking_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "C5DE67C1-6787-49CD-8DFA-3747E0DCF7AF" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/starr", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45326.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45326.json index df2b2549bad..09e54931a0f 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45326.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45326.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45326", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:11.783", - "lastModified": "2023-11-09T15:41:42.737", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T21:15:09.207", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'email' del recurso routers/add-users.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/hann", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45327.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45327.json index 1a44fcaf16e..3563297aac2 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45327.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45327.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45327", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:11.870", - "lastModified": "2023-11-09T15:41:53.263", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T21:15:09.293", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'name' del recurso routers/add-users.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/hann", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45328.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45328.json index 41dac98c428..7738fda8d2f 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45328.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45328.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45328", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:11.947", - "lastModified": "2023-11-30T19:26:14.930", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T21:15:09.380", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'password' del recurso routers/add-users.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/hann", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45330.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45330.json index 82b4a36f737..75d89863d00 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45330.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45330.json @@ -2,106 +2,14 @@ "id": "CVE-2023-45330", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.093", - "lastModified": "2023-11-09T15:42:20.077", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T21:15:09.453", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'username' del recurso routers/add-users.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/hann", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45561.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45561.json new file mode 100644 index 00000000000..e22f3ef742b --- /dev/null +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45561.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-45561", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-02T21:15:09.530", + "lastModified": "2024-01-02T21:15:09.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://a-world.com", + "source": "cve@mitre.org" + }, + { + "url": "http://oirase.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45561.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45892.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45892.json new file mode 100644 index 00000000000..bdeb15a0f16 --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45892.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-45892", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-02T21:15:09.583", + "lastModified": "2024-01-02T21:15:09.583", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45892.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45893.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45893.json new file mode 100644 index 00000000000..9cd563fe1db --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45893.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-45893", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-02T21:15:09.630", + "lastModified": "2024-01-02T21:15:09.630", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45893.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46786.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46786.json index fa96430a2c5..f1b74661f73 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46786.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46786.json @@ -2,86 +2,14 @@ "id": "CVE-2023-46786", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-07T21:15:13.170", - "lastModified": "2023-11-13T18:00:15.540", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T22:15:08.210", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'password' del recurso auth/auth.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ros", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46790.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46790.json index c939095e10e..81bc51b299a 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46790.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46790.json @@ -2,96 +2,14 @@ "id": "CVE-2023-46790", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-07T21:15:13.987", - "lastModified": "2023-11-13T17:59:28.717", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T22:15:08.290", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic2' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El atributo 'filename' del par\u00e1metro multiparte 'pic2' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ros", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46791.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46791.json index f7afb4bd247..ab004d1986a 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46791.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46791.json @@ -2,86 +2,14 @@ "id": "CVE-2023-46791", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T20:15:07.547", - "lastModified": "2023-12-29T06:03:28.723", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T22:15:08.367", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic3' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Matrimonial Project v1.0 es vulnerable a m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El atributo 'filename' del par\u00e1metro multiparte 'pic3' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ros", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46792.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46792.json index a091ee8b25f..532c1d41d86 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46792.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46792.json @@ -2,86 +2,14 @@ "id": "CVE-2023-46792", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-07T22:15:11.640", - "lastModified": "2023-11-13T17:59:18.123", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T22:15:08.440", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic4' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El atributo 'filename' del par\u00e1metro multiparte 'pic4' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ros", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46794.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46794.json index d4d77e4283e..0b8c573c6ce 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46794.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46794.json @@ -2,86 +2,14 @@ "id": "CVE-2023-46794", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-07T22:15:12.833", - "lastModified": "2023-11-13T17:58:56.497", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T22:15:08.510", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'email' en la funci\u00f3n 'register()' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ros", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46795.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46795.json index 3c2936cb3bf..25c64183ae5 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46795.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46795.json @@ -2,86 +2,14 @@ "id": "CVE-2023-46795", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-07T22:15:13.063", - "lastModified": "2023-11-13T17:58:45.853", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T22:15:08.580", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'gender' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'gender' en la funci\u00f3n 'register()' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ros", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46796.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46796.json index 1df70d5279f..711bb26ebe9 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46796.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46796.json @@ -2,86 +2,14 @@ "id": "CVE-2023-46796", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-07T22:15:13.257", - "lastModified": "2023-11-13T17:58:34.727", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T22:15:08.650", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'month' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'month' en la funci\u00f3n 'register()' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ros", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46797.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46797.json index 01952ae1a9a..e9e9e15896f 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46797.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46797.json @@ -2,86 +2,14 @@ "id": "CVE-2023-46797", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-07T22:15:13.447", - "lastModified": "2023-11-13T17:58:24.257", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T22:15:08.717", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'name' en la funci\u00f3n 'register()' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ros", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46798.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46798.json index 71977a21e95..455fafe7da3 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46798.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46798.json @@ -2,116 +2,14 @@ "id": "CVE-2023-46798", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-07T22:15:13.640", - "lastModified": "2023-11-13T17:58:15.500", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T22:15:08.790", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'pass' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'pass' en la funci\u00f3n 'register()' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ros", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46799.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46799.json index 10b6517cb51..251ea88ca92 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46799.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46799.json @@ -2,86 +2,14 @@ "id": "CVE-2023-46799", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-07T22:15:13.837", - "lastModified": "2023-11-13T17:57:43.850", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T22:15:08.863", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'year' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Matrimonial Project v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'year' en la funci\u00f3n 'register()' del recurso functions.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "6927D60D-A164-4CC9-862F-AA47FC520806" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/ros", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47458.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47458.json new file mode 100644 index 00000000000..18ae8b99239 --- /dev/null +++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47458.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-47458", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-02T21:15:09.673", + "lastModified": "2024-01-02T21:15:09.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://springblade.com", + "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/Mr-F0reigner/b05487f5ca52d17e214fffd6e1e0312a", + "source": "cve@mitre.org" + }, + { + "url": "https://gitee.com/smallc/SpringBlade", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50019.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50019.json new file mode 100644 index 00000000000..03c56018152 --- /dev/null +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50019.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50019", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-02T22:15:09.147", + "lastModified": "2024-01-02T22:15:09.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/open5gs/open5gs/commit/7278714133422cee46c32c7523f81ec2cecad9e2", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/open5gs/open5gs/issues/2733", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50020.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50020.json new file mode 100644 index 00000000000..781084f4f49 --- /dev/null +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50020.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50020", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-02T22:15:09.190", + "lastModified": "2024-01-02T22:15:09.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/open5gs/open5gs/commit/1aba814938e3a1b2eec7014bf6ce132d34622e08", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/open5gs/open5gs/issues/2734", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6339.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6339.json new file mode 100644 index 00000000000..adb1d78157e --- /dev/null +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6339.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6339", + "sourceIdentifier": "dsap-vuln-management@google.com", + "published": "2024-01-02T22:15:09.237", + "lastModified": "2024-01-02T22:15:09.237", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Google Nest WiFi Pro root code-execution & user-data compromise" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "dsap-vuln-management@google.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "dsap-vuln-management@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + } + ] + } + ], + "references": [ + { + "url": "https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA", + "source": "dsap-vuln-management@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0194.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0194.json new file mode 100644 index 00000000000..42661250a43 --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0194.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0194", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-02T21:15:09.760", + "lastModified": "2024-01-02T21:15:09.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249509 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249509", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249509", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0195.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0195.json new file mode 100644 index 00000000000..311cb172cdb --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0195.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0195", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-02T21:15:10.003", + "lastModified": "2024-01-02T21:15:10.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249510", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249510", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0196.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0196.json new file mode 100644 index 00000000000..70642944f2c --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0196.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0196", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-02T22:15:09.453", + "lastModified": "2024-01-02T22:15:09.453", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/laoquanshi/puppy/blob/main/Magic-Api%20Code%20Execution%20Vulnerability.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249511", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249511", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21623.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21623.json new file mode 100644 index 00000000000..b7dfae8d380 --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21623.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2024-21623", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-02T21:15:10.250", + "lastModified": "2024-01-02T21:15:10.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient \"`Analysis - SonarCloud`\" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/", + "source": "security-advisories@github.com" + }, + { + "url": "https://securitylab.github.com/research/github-actions-untrusted-input/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21627.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21627.json new file mode 100644 index 00000000000..fde987374eb --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21627.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2024-21627", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-02T21:15:10.467", + "lastModified": "2024-01-02T21:15:10.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + }, + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21628.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21628.json new file mode 100644 index 00000000000..1e77f378c8e --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21628.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-21628", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-02T22:15:09.687", + "lastModified": "2024-01-02T22:15:09.687", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape mechanism. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21629.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21629.json new file mode 100644 index 00000000000..500af46f77d --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21629.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2024-21629", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-02T22:15:09.897", + "lastModified": "2024-01-02T22:15:09.897", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). This issue only impacts library users with custom `record_external_operation` that returns errors. The issue is patched in release 0.41.1. No known workarounds are available." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-703" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/rust-ethereum/evm/blob/release-v041/src/executor/stack/executor.rs#L1012C25-L1012C69", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/rust-ethereum/evm/commit/d8991ec727ad0fb64fe9957a3cd307387a6701e4", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/rust-ethereum/evm/pull/264", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/rust-ethereum/evm/security/advisories/GHSA-27wg-99g8-2v4v", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21632.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21632.json new file mode 100644 index 00000000000..cd8c49c4b23 --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21632.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-21632", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-02T22:15:10.103", + "lastModified": "2024-01-02T22:15:10.103", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/synth/omniauth-microsoft_graph/commit/f132078389612b797c872b45bd0e0b47382414c1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/synth/omniauth-microsoft_graph/security/advisories/GHSA-5g66-628f-7cvj", + "source": "security-advisories@github.com" + }, + { + "url": "https://www.descope.com/blog/post/noauth", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index cca14d13853..994ebcc6f94 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-02T21:00:25.062653+00:00 +2024-01-02T23:00:24.766906+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-02T20:54:13.893000+00:00 +2024-01-02T22:15:10.103000+00:00 ``` ### Last Data Feed Release @@ -29,54 +29,56 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234703 +234722 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `19` -* [CVE-2022-3010](CVE-2022/CVE-2022-30xx/CVE-2022-3010.json) (`2024-01-02T19:15:09.783`) -* [CVE-2023-48419](CVE-2023/CVE-2023-484xx/CVE-2023-48419.json) (`2024-01-02T19:15:11.280`) -* [CVE-2023-7192](CVE-2023/CVE-2023-71xx/CVE-2023-7192.json) (`2024-01-02T19:15:11.510`) -* [CVE-2023-49794](CVE-2023/CVE-2023-497xx/CVE-2023-49794.json) (`2024-01-02T20:15:10.020`) -* [CVE-2023-50711](CVE-2023/CVE-2023-507xx/CVE-2023-50711.json) (`2024-01-02T20:15:10.250`) -* [CVE-2023-51652](CVE-2023/CVE-2023-516xx/CVE-2023-51652.json) (`2024-01-02T20:15:10.453`) -* [CVE-2023-6752](CVE-2023/CVE-2023-67xx/CVE-2023-6752.json) (`2024-01-02T20:15:10.653`) -* [CVE-2024-0190](CVE-2024/CVE-2024-01xx/CVE-2024-0190.json) (`2024-01-02T19:15:11.717`) -* [CVE-2024-0191](CVE-2024/CVE-2024-01xx/CVE-2024-0191.json) (`2024-01-02T20:15:10.700`) -* [CVE-2024-0192](CVE-2024/CVE-2024-01xx/CVE-2024-0192.json) (`2024-01-02T20:15:10.933`) +* [CVE-2020-26623](CVE-2020/CVE-2020-266xx/CVE-2020-26623.json) (`2024-01-02T22:15:07.777`) +* [CVE-2020-26624](CVE-2020/CVE-2020-266xx/CVE-2020-26624.json) (`2024-01-02T22:15:07.837`) +* [CVE-2020-26625](CVE-2020/CVE-2020-266xx/CVE-2020-26625.json) (`2024-01-02T22:15:07.880`) +* [CVE-2023-45561](CVE-2023/CVE-2023-455xx/CVE-2023-45561.json) (`2024-01-02T21:15:09.530`) +* [CVE-2023-45892](CVE-2023/CVE-2023-458xx/CVE-2023-45892.json) (`2024-01-02T21:15:09.583`) +* [CVE-2023-45893](CVE-2023/CVE-2023-458xx/CVE-2023-45893.json) (`2024-01-02T21:15:09.630`) +* [CVE-2023-47458](CVE-2023/CVE-2023-474xx/CVE-2023-47458.json) (`2024-01-02T21:15:09.673`) +* [CVE-2023-4164](CVE-2023/CVE-2023-41xx/CVE-2023-4164.json) (`2024-01-02T22:15:08.937`) +* [CVE-2023-50019](CVE-2023/CVE-2023-500xx/CVE-2023-50019.json) (`2024-01-02T22:15:09.147`) +* [CVE-2023-50020](CVE-2023/CVE-2023-500xx/CVE-2023-50020.json) (`2024-01-02T22:15:09.190`) +* [CVE-2023-6339](CVE-2023/CVE-2023-63xx/CVE-2023-6339.json) (`2024-01-02T22:15:09.237`) +* [CVE-2024-0194](CVE-2024/CVE-2024-01xx/CVE-2024-0194.json) (`2024-01-02T21:15:09.760`) +* [CVE-2024-0195](CVE-2024/CVE-2024-01xx/CVE-2024-0195.json) (`2024-01-02T21:15:10.003`) +* [CVE-2024-21623](CVE-2024/CVE-2024-216xx/CVE-2024-21623.json) (`2024-01-02T21:15:10.250`) +* [CVE-2024-21627](CVE-2024/CVE-2024-216xx/CVE-2024-21627.json) (`2024-01-02T21:15:10.467`) +* [CVE-2024-0196](CVE-2024/CVE-2024-01xx/CVE-2024-0196.json) (`2024-01-02T22:15:09.453`) +* [CVE-2024-21628](CVE-2024/CVE-2024-216xx/CVE-2024-21628.json) (`2024-01-02T22:15:09.687`) +* [CVE-2024-21629](CVE-2024/CVE-2024-216xx/CVE-2024-21629.json) (`2024-01-02T22:15:09.897`) +* [CVE-2024-21632](CVE-2024/CVE-2024-216xx/CVE-2024-21632.json) (`2024-01-02T22:15:10.103`) ### CVEs modified in the last Commit -Recently modified CVEs: `63` +Recently modified CVEs: `18` -* [CVE-2023-48670](CVE-2023/CVE-2023-486xx/CVE-2023-48670.json) (`2024-01-02T20:02:50.297`) -* [CVE-2023-45112](CVE-2023/CVE-2023-451xx/CVE-2023-45112.json) (`2024-01-02T20:15:09.040`) -* [CVE-2023-45113](CVE-2023/CVE-2023-451xx/CVE-2023-45113.json) (`2024-01-02T20:15:09.137`) -* [CVE-2023-45114](CVE-2023/CVE-2023-451xx/CVE-2023-45114.json) (`2024-01-02T20:15:09.217`) -* [CVE-2023-49678](CVE-2023/CVE-2023-496xx/CVE-2023-49678.json) (`2024-01-02T20:15:09.290`) -* [CVE-2023-49679](CVE-2023/CVE-2023-496xx/CVE-2023-49679.json) (`2024-01-02T20:15:09.360`) -* [CVE-2023-49680](CVE-2023/CVE-2023-496xx/CVE-2023-49680.json) (`2024-01-02T20:15:09.433`) -* [CVE-2023-49682](CVE-2023/CVE-2023-496xx/CVE-2023-49682.json) (`2024-01-02T20:15:09.503`) -* [CVE-2023-49683](CVE-2023/CVE-2023-496xx/CVE-2023-49683.json) (`2024-01-02T20:15:09.577`) -* [CVE-2023-49684](CVE-2023/CVE-2023-496xx/CVE-2023-49684.json) (`2024-01-02T20:15:09.650`) -* [CVE-2023-49685](CVE-2023/CVE-2023-496xx/CVE-2023-49685.json) (`2024-01-02T20:15:09.720`) -* [CVE-2023-49686](CVE-2023/CVE-2023-496xx/CVE-2023-49686.json) (`2024-01-02T20:15:09.793`) -* [CVE-2023-49687](CVE-2023/CVE-2023-496xx/CVE-2023-49687.json) (`2024-01-02T20:15:09.863`) -* [CVE-2023-49690](CVE-2023/CVE-2023-496xx/CVE-2023-49690.json) (`2024-01-02T20:15:09.933`) -* [CVE-2023-6155](CVE-2023/CVE-2023-61xx/CVE-2023-6155.json) (`2024-01-02T20:16:59.773`) -* [CVE-2023-6250](CVE-2023/CVE-2023-62xx/CVE-2023-6250.json) (`2024-01-02T20:19:11.973`) -* [CVE-2023-6166](CVE-2023/CVE-2023-61xx/CVE-2023-6166.json) (`2024-01-02T20:19:26.667`) -* [CVE-2023-7076](CVE-2023/CVE-2023-70xx/CVE-2023-7076.json) (`2024-01-02T20:37:14.207`) -* [CVE-2023-5203](CVE-2023/CVE-2023-52xx/CVE-2023-5203.json) (`2024-01-02T20:43:49.667`) -* [CVE-2023-5980](CVE-2023/CVE-2023-59xx/CVE-2023-5980.json) (`2024-01-02T20:45:48.277`) -* [CVE-2023-5991](CVE-2023/CVE-2023-59xx/CVE-2023-5991.json) (`2024-01-02T20:49:50.667`) -* [CVE-2023-50822](CVE-2023/CVE-2023-508xx/CVE-2023-50822.json) (`2024-01-02T20:54:13.893`) -* [CVE-2024-0188](CVE-2024/CVE-2024-01xx/CVE-2024-0188.json) (`2024-01-02T19:36:26.333`) -* [CVE-2024-0189](CVE-2024/CVE-2024-01xx/CVE-2024-0189.json) (`2024-01-02T19:36:26.333`) -* [CVE-2024-0193](CVE-2024/CVE-2024-01xx/CVE-2024-0193.json) (`2024-01-02T19:36:26.333`) +* [CVE-2023-3961](CVE-2023/CVE-2023-39xx/CVE-2023-3961.json) (`2024-01-02T21:15:08.913`) +* [CVE-2023-45326](CVE-2023/CVE-2023-453xx/CVE-2023-45326.json) (`2024-01-02T21:15:09.207`) +* [CVE-2023-45327](CVE-2023/CVE-2023-453xx/CVE-2023-45327.json) (`2024-01-02T21:15:09.293`) +* [CVE-2023-45328](CVE-2023/CVE-2023-453xx/CVE-2023-45328.json) (`2024-01-02T21:15:09.380`) +* [CVE-2023-45330](CVE-2023/CVE-2023-453xx/CVE-2023-45330.json) (`2024-01-02T21:15:09.453`) +* [CVE-2023-44165](CVE-2023/CVE-2023-441xx/CVE-2023-44165.json) (`2024-01-02T22:15:07.967`) +* [CVE-2023-44167](CVE-2023/CVE-2023-441xx/CVE-2023-44167.json) (`2024-01-02T22:15:08.060`) +* [CVE-2023-44168](CVE-2023/CVE-2023-441xx/CVE-2023-44168.json) (`2024-01-02T22:15:08.137`) +* [CVE-2023-46786](CVE-2023/CVE-2023-467xx/CVE-2023-46786.json) (`2024-01-02T22:15:08.210`) +* [CVE-2023-46790](CVE-2023/CVE-2023-467xx/CVE-2023-46790.json) (`2024-01-02T22:15:08.290`) +* [CVE-2023-46791](CVE-2023/CVE-2023-467xx/CVE-2023-46791.json) (`2024-01-02T22:15:08.367`) +* [CVE-2023-46792](CVE-2023/CVE-2023-467xx/CVE-2023-46792.json) (`2024-01-02T22:15:08.440`) +* [CVE-2023-46794](CVE-2023/CVE-2023-467xx/CVE-2023-46794.json) (`2024-01-02T22:15:08.510`) +* [CVE-2023-46795](CVE-2023/CVE-2023-467xx/CVE-2023-46795.json) (`2024-01-02T22:15:08.580`) +* [CVE-2023-46796](CVE-2023/CVE-2023-467xx/CVE-2023-46796.json) (`2024-01-02T22:15:08.650`) +* [CVE-2023-46797](CVE-2023/CVE-2023-467xx/CVE-2023-46797.json) (`2024-01-02T22:15:08.717`) +* [CVE-2023-46798](CVE-2023/CVE-2023-467xx/CVE-2023-46798.json) (`2024-01-02T22:15:08.790`) +* [CVE-2023-46799](CVE-2023/CVE-2023-467xx/CVE-2023-46799.json) (`2024-01-02T22:15:08.863`) ## Download and Usage