daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Fri Aug 4 03:05:11 UTC 2023] 🤖

patch-1
GitHub Action 2023-08-04 03:05:11 +00:00
parent 49bb85bcd0
commit 4d9ded0af8
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -1945,6 +1945,7 @@
{"ID":"CVE-2023-34843","Info":{"Name":"Traggo Server - Local File Inclusion","Severity":"high","Description":"traggo/server version 0.3.0 is vulnerable to directory traversal.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34843.yaml"}
{"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"high","Description":"","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"}
{"ID":"CVE-2023-35078","Info":{"Name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-35078.yaml"}
{"ID":"CVE-2023-35082","Info":{"Name":"MobileIron Core - Remote Unauthenticated API Access","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web applications security filter chain.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-35082.yaml"}
{"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"}
{"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"}
{"ID":"CVE-2023-35885","Info":{"Name":"Cloudpanel 2 \u003c 2.3.1 - Remote Code Execution","Severity":"critical","Description":"CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35885.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
2b4620b234498902d133ece6bdf0c7a8
b58b2350b7c7c0ab742dbd60851e3b31