admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-25T10:00:27.376629+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-05-25 10:00:30 +00:00
parent d4e81e6ecd
commit 0068aa5b75
19 changed files with 981 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2022/CVE-2022-416xx/CVE-2022-41635.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-41635",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-25T09:15:10.907",
"lastModified": "2023-05-25T09:15:10.907",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Shipment Tracking for WooCommerce plugin <=\u00a03.5.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-advanced-shipment-tracking/wordpress-advanced-shipment-tracking-for-woocommerce-plugin-3-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-468xx/CVE-2022-46800.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-46800",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-25T09:15:11.290",
"lastModified": "2023-05-25T09:15:11.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <=\u00a05.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-468xx/CVE-2022-46812.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-46812",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-25T09:15:11.380",
"lastModified": "2023-05-25T09:15:11.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales plugin <=\u00a01.0.13 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-thank-you-page-customizer/wordpress-thank-you-page-customizer-for-woocommerce-increase-your-sales-plugin-1-0-13-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-468xx/CVE-2022-46865.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-46865",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-25T09:15:11.457",
"lastModified": "2023-05-25T09:15:11.457",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk Resize Media plugin <=\u00a01.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bulk-resize-media/wordpress-bulk-resize-media-plugin-1-1-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-468xx/CVE-2022-46866.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-46866",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-25T09:15:11.523",
"lastModified": "2023-05-25T09:15:11.523",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Import External Images plugin <=\u00a01.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/import-external-images/wordpress-import-external-images-plugin-1-4-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-471xx/CVE-2022-47135.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47135",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-25T09:15:11.590",
"lastModified": "2023-05-25T09:15:11.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Chronoforms plugin <=\u00a07.0.9 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/chronoforms/wordpress-chronoforms-plugin-7-0-9-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-471xx/CVE-2022-47138.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47138",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-25T09:15:11.660",
"lastModified": "2023-05-25T09:15:11.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin <=\u00a02.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/login-attempts-limit-wp/wordpress-login-and-registration-attempts-limit-plugin-2-1-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-471xx/CVE-2022-47139.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47139",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-25T09:15:11.733",
"lastModified": "2023-05-25T09:15:11.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Basic Elements plugin <=\u00a05.2.15 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-basic-elements/wordpress-wp-basic-elements-plugin-5-2-15-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-471xx/CVE-2022-47159.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47159",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-25T09:15:11.797",
"lastModified": "2023-05-25T09:15:11.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster Logo Generator plugin <=\u00a01.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/logaster-logo-generator/wordpress-logaster-logo-generator-plugin-1-3-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-471xx/CVE-2022-47164.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47164",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-25T09:15:11.870",
"lastModified": "2023-05-25T09:15:11.870",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <=\u00a03.7.7 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-event-manager-and-tickets-selling-plugin-for-woocommerce-plugin-3-7-7-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

15
CVE-2023/CVE-2023-15xx/CVE-2023-1588.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-1588",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-05-25T08:15:09.963",
"lastModified": "2023-05-25T08:15:09.963",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {},
"references": []
}

59
CVE-2023/CVE-2023-28xx/CVE-2023-2881.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2881",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-05-25T09:15:11.943",
"lastModified": "2023-05-25T09:15:11.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-257"
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/customer-data-framework/commit/d1d58c10313f080737dc1e71fab3beb12488a1e6",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/db6c32f4-742e-4262-8fd5-cefd0f133416",
"source": "security@huntr.dev"
}
]
}

55
CVE-2023/CVE-2023-28xx/CVE-2023-2882.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2882",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-05-25T09:15:12.010",
"lastModified": "2023-05-25T09:15:12.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1270"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0293",
"source": "cve@usom.gov.tr"
}
]
}

55
CVE-2023/CVE-2023-28xx/CVE-2023-2883.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2883",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-05-25T09:15:12.093",
"lastModified": "2023-05-25T09:15:12.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0293",
"source": "cve@usom.gov.tr"
}
]
}

59
CVE-2023/CVE-2023-28xx/CVE-2023-2884.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2884",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-05-25T09:15:12.163",
"lastModified": "2023-05-25T09:15:12.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
},
{
"lang": "en",
"value": "CWE-338"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0293",
"source": "cve@usom.gov.tr"
}
]
}

55
CVE-2023/CVE-2023-28xx/CVE-2023-2885.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2885",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-05-25T09:15:12.237",
"lastModified": "2023-05-25T09:15:12.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-300"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0293",
"source": "cve@usom.gov.tr"
}
]
}

55
CVE-2023/CVE-2023-28xx/CVE-2023-2886.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2886",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-05-25T09:15:12.303",
"lastModified": "2023-05-25T09:15:12.303",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1385"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0293",
"source": "cve@usom.gov.tr"
}
]
}

55
CVE-2023/CVE-2023-28xx/CVE-2023-2887.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2887",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-05-25T09:15:12.377",
"lastModified": "2023-05-25T09:15:12.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0293",
"source": "cve@usom.gov.tr"
}
]
}

35
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-25T08:00:28.547246+00:00
2023-05-25T10:00:27.376629+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-25T07:15:08.620000+00:00
2023-05-25T09:15:12.377000+00:00
```
### Last Data Feed Release
@ -29,26 +29,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
215980
215998
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `18`
* [CVE-2022-46907](CVE-2022/CVE-2022-469xx/CVE-2022-46907.json) (`2023-05-25T07:15:08.620`)
* [CVE-2022-41635](CVE-2022/CVE-2022-416xx/CVE-2022-41635.json) (`2023-05-25T09:15:10.907`)
* [CVE-2022-46800](CVE-2022/CVE-2022-468xx/CVE-2022-46800.json) (`2023-05-25T09:15:11.290`)
* [CVE-2022-46812](CVE-2022/CVE-2022-468xx/CVE-2022-46812.json) (`2023-05-25T09:15:11.380`)
* [CVE-2022-46865](CVE-2022/CVE-2022-468xx/CVE-2022-46865.json) (`2023-05-25T09:15:11.457`)
* [CVE-2022-46866](CVE-2022/CVE-2022-468xx/CVE-2022-46866.json) (`2023-05-25T09:15:11.523`)
* [CVE-2022-47135](CVE-2022/CVE-2022-471xx/CVE-2022-47135.json) (`2023-05-25T09:15:11.590`)
* [CVE-2022-47138](CVE-2022/CVE-2022-471xx/CVE-2022-47138.json) (`2023-05-25T09:15:11.660`)
* [CVE-2022-47139](CVE-2022/CVE-2022-471xx/CVE-2022-47139.json) (`2023-05-25T09:15:11.733`)
* [CVE-2022-47159](CVE-2022/CVE-2022-471xx/CVE-2022-47159.json) (`2023-05-25T09:15:11.797`)
* [CVE-2022-47164](CVE-2022/CVE-2022-471xx/CVE-2022-47164.json) (`2023-05-25T09:15:11.870`)
* [CVE-2023-1588](CVE-2023/CVE-2023-15xx/CVE-2023-1588.json) (`2023-05-25T08:15:09.963`)
* [CVE-2023-2881](CVE-2023/CVE-2023-28xx/CVE-2023-2881.json) (`2023-05-25T09:15:11.943`)
* [CVE-2023-2882](CVE-2023/CVE-2023-28xx/CVE-2023-2882.json) (`2023-05-25T09:15:12.010`)
* [CVE-2023-2883](CVE-2023/CVE-2023-28xx/CVE-2023-2883.json) (`2023-05-25T09:15:12.093`)
* [CVE-2023-2884](CVE-2023/CVE-2023-28xx/CVE-2023-2884.json) (`2023-05-25T09:15:12.163`)
* [CVE-2023-2885](CVE-2023/CVE-2023-28xx/CVE-2023-2885.json) (`2023-05-25T09:15:12.237`)
* [CVE-2023-2886](CVE-2023/CVE-2023-28xx/CVE-2023-2886.json) (`2023-05-25T09:15:12.303`)
* [CVE-2023-2887](CVE-2023/CVE-2023-28xx/CVE-2023-2887.json) (`2023-05-25T09:15:12.377`)
### CVEs modified in the last Commit
Recently modified CVEs: `6`
Recently modified CVEs: `0`
* [CVE-2023-2870](CVE-2023/CVE-2023-28xx/CVE-2023-2870.json) (`2023-05-25T06:15:09.130`)
* [CVE-2023-2871](CVE-2023/CVE-2023-28xx/CVE-2023-2871.json) (`2023-05-25T06:15:10.130`)
* [CVE-2023-2872](CVE-2023/CVE-2023-28xx/CVE-2023-2872.json) (`2023-05-25T06:15:10.420`)
* [CVE-2023-2873](CVE-2023/CVE-2023-28xx/CVE-2023-2873.json) (`2023-05-25T06:15:10.723`)
* [CVE-2023-2874](CVE-2023/CVE-2023-28xx/CVE-2023-2874.json) (`2023-05-25T06:15:11.033`)
* [CVE-2023-2875](CVE-2023/CVE-2023-28xx/CVE-2023-2875.json) (`2023-05-25T06:15:11.317`)
## Download and Usage