admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-27T23:00:18.303992+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-27 23:00:21 +00:00
parent 60b7091159
commit 04554826c9
41 changed files with 1708 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2006/CVE-2006-10xx/CVE-2006-1078.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-1078",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-03-09T00:02:00.000",
"lastModified": "2018-10-18T16:30:36.447",
"lastModified": "2023-11-27T22:15:07.177",
"vulnStatus": "Modified",
"descriptions": [
{
@ -99,6 +99,10 @@
"url": "http://seclists.org/bugtraq/2004/Oct/0359.html",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/13",
"source": "cve@mitre.org"
},
{
"url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html",
"source": "cve@mitre.org"

10
CVE-2006/CVE-2006-10xx/CVE-2006-1079.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-1079",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-03-09T00:02:00.000",
"lastModified": "2018-10-18T16:30:37.447",
"lastModified": "2023-11-27T22:15:07.283",
"vulnStatus": "Modified",
"descriptions": [
{
@ -79,6 +79,14 @@
"url": "http://marc.info/?l=thttpd&m=114154083000296&w=2",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/13",
"source": "cve@mitre.org"
},
{
"url": "http://www.osvdb.org/23828",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded",
"source": "cve@mitre.org"

18
CVE-2007/CVE-2007-06xx/CVE-2007-0664.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2007-0664",
"sourceIdentifier": "cve@mitre.org",
"published": "2007-02-02T21:28:00.000",
"lastModified": "2008-11-15T06:41:25.063",
"lastModified": "2023-11-27T22:15:07.350",
"vulnStatus": "Modified",
"descriptions": [
{
@ -80,6 +80,22 @@
"Vendor Advisory"
]
},
{
"url": "http://osvdb.org/31965",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/13",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/24018",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml",
"source": "cve@mitre.org",

6
CVE-2009/CVE-2009-44xx/CVE-2009-4491.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-4491",
"sourceIdentifier": "cve@mitre.org",
"published": "2010-01-13T20:30:00.500",
"lastModified": "2018-10-10T19:49:14.760",
"lastModified": "2023-11-27T22:15:07.440",
"vulnStatus": "Modified",
"descriptions": [
{
@ -71,6 +71,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/13",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded",
"source": "cve@mitre.org"

55
CVE-2022/CVE-2022-419xx/CVE-2022-41951.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-41951",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-27T21:15:07.553",
"lastModified": "2023-11-27T21:15:07.553",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\\Bundle\\GaufretteBundle\\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937",
"source": "security-advisories@github.com"
}
]
}

47
CVE-2023/CVE-2023-259xx/CVE-2023-25986.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25986",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T18:15:08.087",
"lastModified": "2023-11-22T19:00:49.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T21:30:56.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paygreen:paygreen_-_ancienne:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.10.2",
"matchCriteriaId": "5AA1DD10-22BA-4088-8537-BBD210816F54"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/paygreen-woocommerce/wordpress-paygreen-plugin-4-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-259xx/CVE-2023-25987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25987",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T18:15:08.283",
"lastModified": "2023-11-22T19:00:49.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T21:36:53.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:urosevic:my_youtube_channel:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.23.4",
"matchCriteriaId": "F315ABE8-CB6F-4E62-A128-10071C56FDD7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/youtube-channel/wordpress-my-youtube-channel-plugin-3-23-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-265xx/CVE-2023-26532.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-26532",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:08.037",
"lastModified": "2023-11-22T15:12:25.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:08:32.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <=\u00a02.1.4 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento AccessPress Themes Social Auto Poster en versiones &lt;=2.1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:accesspressthemes:social_auto_poster:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.4",
"matchCriteriaId": "058CFA4D-92CC-4701-BD60-F1B0AAEF3DC1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/accesspress-facebook-auto-post/wordpress-social-auto-poster-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-274xx/CVE-2023-27442.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27442",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:08.417",
"lastModified": "2023-11-22T15:12:25.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:08:45.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <=\u00a03.29.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Teplitsa of social technologies Leyka en versiones &lt;=3.29.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:techsoupeurope:leyka:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.29.2",
"matchCriteriaId": "8DEC6071-C5F4-4FA2-B0D3-54CD99FDFD73"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-274xx/CVE-2023-27444.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27444",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:08.600",
"lastModified": "2023-11-22T15:12:25.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:08:57.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <=\u00a03.7.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Pierre Lannoy/PerfOps One DecaLog en versiones &lt;=3.7.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:perfops:decalog:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.7.0",
"matchCriteriaId": "ED0DC507-3D38-4BB2-B317-8BCDD6BB0E5F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/decalog/wordpress-decalog-plugin-3-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-274xx/CVE-2023-27446.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27446",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:08.790",
"lastModified": "2023-11-22T15:12:25.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:09:08.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <=\u00a02.1.4 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Fluenx DeepL API translation en versiones &lt;=2.1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fluenx:deepl_pro_api_translation:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.4",
"matchCriteriaId": "305B2FAE-9F31-4EC5-AC9A-732BBBB0F63A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpdeepl/wordpress-deepl-api-translation-plugin-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-274xx/CVE-2023-27451.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27451",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T14:15:08.970",
"lastModified": "2023-11-22T15:12:25.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:09:24.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <=\u00a05.1.0.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en el complemento Darren Cooney Instant Images en versiones &lt;=5.1.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:connekthq:instant_images:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1.0.2",
"matchCriteriaId": "061CDE72-D4D4-4EE3-B3F1-50D887D93E8A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-5-1-0-1-auth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-287xx/CVE-2023-28749.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28749",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T13:15:07.850",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:08:00.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <=\u00a01.3.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento CreativeMindsSolutions CM On Demand Search And Replace en versiones &lt;=1.3.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cminds:cm_on_demand_search_and_replace:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.0",
"matchCriteriaId": "D89F85E6-D5E1-4AE0-8E5A-7DEDF83C8B42"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cm-on-demand-search-and-replace/wordpress-cm-on-demand-search-and-replace-plugin-1-3-0-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-320xx/CVE-2023-32062.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-32062",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-27T22:15:07.660",
"lastModified": "2023-11-27T22:15:07.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g",
"source": "security-advisories@github.com"
}
]
}

61
CVE-2023/CVE-2023-399xx/CVE-2023-39925.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39925",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T19:15:08.357",
"lastModified": "2023-11-22T19:46:41.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T21:37:20.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <=\u00a06.1.6.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento PeepSo Download Community by PeepSo en versiones &lt;= 6.1.6.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:peepso:peepso:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.2.0.0",
"matchCriteriaId": "CE7B1C15-23A4-4D00-81B6-3A72159FAA15"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/peepso-core/wordpress-peepso-plugin-6-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-411xx/CVE-2023-41109.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41109",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T20:15:08.273",
"lastModified": "2023-09-01T18:37:07.207",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-27T22:15:07.867",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -77,6 +77,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/12",
"source": "cve@mitre.org"
},
{
"url": "https://www.syss.de/",
"source": "cve@mitre.org",

20
CVE-2023/CVE-2023-423xx/CVE-2023-42363.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-42363",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T22:15:07.940",
"lastModified": "2023-11-27T22:15:07.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1."
}
],
"metrics": {},
"references": [
{
"url": "https://bugs.busybox.net/show_bug.cgi?id=15865",
"source": "cve@mitre.org"
}
]
}

62
CVE-2023/CVE-2023-430xx/CVE-2023-43081.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43081",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-22T13:15:08.047",
"lastModified": "2023-11-22T13:56:48.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:08:21.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nPowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files.\n\n"
},
{
"lang": "es",
"value": "PowerProtect Agent for File System Version 19.14 y anteriores contiene una vulnerabilidad de permisos predeterminados incorrectos en el componente ddfscon. Un atacante local con pocos privilegios podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la sobrescritura de los archivos de registro."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:powerprotect_agent_for_file_system:*:*:*:*:*:*:*:*",
"versionEndIncluding": "19.14",
"matchCriteriaId": "C28A610C-EF32-4205-8681-5F3A02B6B970"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000219782/dsa-2023-427-security-update-for-dell-powerprotect-agent-for-file-system-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-46xx/CVE-2023-4686.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4686",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:09.823",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:09:43.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and trashed posts and pages in addition to other post types such as galleries."
},
{
"lang": "es",
"value": "El complemento WP Customer Reviews para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en versiones hasta la 3.6.6 incluida a trav\u00e9s de la funci\u00f3n ajax_enabled_posts. Esto puede permitir a atacantes autenticados extraer datos confidenciales, como t\u00edtulos de publicaciones y slugs, incluidos aquellos de publicaciones y p\u00e1ginas protegidas y eliminadas, adem\u00e1s de otros tipos de publicaciones, como galer\u00edas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gowebsolutions:wp_customer_reviews:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.6.6",
"matchCriteriaId": "B038FF72-049E-4DEB-999C-7033549EF126"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-customer-reviews/trunk/include/admin/wp-customer-reviews-3-admin.php?rev=2617376#L866",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2965656/wp-customer-reviews/trunk?contextall=1&old=2882143&old_path=%2Fwp-customer-reviews%2Ftrunk",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24b9984c-ec33-4492-815b-67a21ac4da0e?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-472xx/CVE-2023-47250.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47250",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.883",
"lastModified": "2023-11-22T19:00:49.717",
"lastModified": "2023-11-27T22:15:07.997",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/13",
"source": "cve@mitre.org"
},
{
"url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html",
"source": "cve@mitre.org"

6
CVE-2023/CVE-2023-472xx/CVE-2023-47251.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47251",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T18:15:08.930",
"lastModified": "2023-11-22T19:00:49.717",
"lastModified": "2023-11-27T22:15:08.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/13",
"source": "cve@mitre.org"
},
{
"url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html",
"source": "cve@mitre.org"

47
CVE-2023/CVE-2023-477xx/CVE-2023-47758.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47758",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T18:15:09.253",
"lastModified": "2023-11-22T19:00:49.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T21:37:09.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mondula:multi_step_form:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.7.11",
"matchCriteriaId": "7E1B9F6C-50E0-4FCB-88E5-4413983C67B1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-477xx/CVE-2023-47765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47765",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T18:15:09.440",
"lastModified": "2023-11-22T19:00:49.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T21:32:35.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codebard:codebard\\'s_patron_button_and_widgets_for_patreon:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.0",
"matchCriteriaId": "7E794B05-A2DA-4833-858E-D6F559445AC5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/patron-button-and-widgets-by-codebard/wordpress-codebard-s-patron-button-and-widgets-for-patreon-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-477xx/CVE-2023-47775.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47775",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T19:15:08.577",
"lastModified": "2023-11-22T19:46:41.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T21:37:28.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments \u2014 wpDiscuz plugin <=\u00a07.6.11 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento gVectors Team Comments \u2014 wpDiscuz en versiones &lt;= 7.6.11."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.6.12",
"matchCriteriaId": "C9485750-B015-4073-B088-398261389AC5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-6-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-477xx/CVE-2023-47785.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47785",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T19:15:08.977",
"lastModified": "2023-11-22T19:46:41.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T21:37:43.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin <=\u00a07.7.9 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento LayerSlider en versiones &lt;= 7.7.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kreaturamedia:layerslider:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.7.10",
"matchCriteriaId": "CA0A7270-75DB-472E-99B1-FABDCD89DFF0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/layerslider/wordpress-layerslider-plugin-7-7-9-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-477xx/CVE-2023-47791.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47791",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T19:15:09.180",
"lastModified": "2023-11-22T19:46:41.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T21:38:49.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <=\u00a01.1.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Leadster en versiones &lt;= 1.1.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:leadster:leadster:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.2",
"matchCriteriaId": "EBD66F17-A91B-4E82-9662-17EE2BFD7559"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/leadster-marketing-conversaciona/wordpress-leadster-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-47xx/CVE-2023-4726.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4726",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:09.983",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:09:55.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.7. due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "El complemento Ultimate Dashboard para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en versiones hasta la 3.7.7 incluida. debido a una insuficiente sanitizaci\u00f3n de los insumos y al escape de los productos. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:davidvongries:ultimate_dashboard:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.7.7",
"matchCriteriaId": "04AF4A01-2BC4-4A3E-BC0E-640C79F5DA4C"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2991103%40ultimate-dashboard%2Ftrunk&old=2958955%40ultimate-dashboard%2Ftrunk&sfp_email=&sfph_mail=#file5",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79cce1fc-a27f-4842-b1a2-2c53857add4c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-480xx/CVE-2023-48034.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48034",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T21:15:07.777",
"lastModified": "2023-11-27T21:15:07.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/aprkr/CVE-2023-48034",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-490xx/CVE-2023-49030.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-49030",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T21:15:07.820",
"lastModified": "2023-11-27T21:15:07.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Chiaki2333/f09b47a39e175932d8a2360e439194d5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/32ns/KLive",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Chiaki2333/vulnerability/blob/main/32ns-KLive-SQL-user.php.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-490xx/CVE-2023-49044.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49044",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T21:15:07.870",
"lastModified": "2023-11-27T21:15:07.870",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1803/form_fast_setting_wifi_set.md",
"source": "cve@mitre.org"
}
]
}

68
CVE-2023/CVE-2023-50xx/CVE-2023-5048.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5048",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:10.137",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:10:05.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Contact_Form_Builder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento WDContactFormBuilder para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'Contact_Form_Builder' en versiones hasta la 1.0.72 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a que la salida se escapa en el atributo 'id' proporcionado por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:web-dorado:contact_form_builder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.72",
"matchCriteriaId": "12883FC1-3E80-4059-8412-263E9E5E81F7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/contact-form-builder/tags/1.0.72/frontend/views/CFMViewForm_maker.php#L102",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7152253a-7bb8-4b5c-bffd-86e46df54b7e?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-50xx/CVE-2023-5096.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5096",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:10.293",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:10:14.173",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "Los complementos HTML filter and csv-file search para WordPress son vulnerables a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'csvsearch' del complemento en versiones hasta la 2.7 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con permisos de nivel de colaborador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jonashjalmarsson:html_filter_and_csv-file_search:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.8",
"matchCriteriaId": "2B3BAD5C-9D5E-47B7-A8CE-338D0A611F64"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2985200/hk-filter-and-search",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/157eddd4-67f0-4a07-b3ab-11dbfb9f12aa?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-51xx/CVE-2023-5128.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5128",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:10.453",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:10:28.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'map' shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento TCD Google Maps para WordPress es incluida es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado de 'mapa' en versiones hasta la 1.8 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tcd-theme:tcd_google_maps:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8",
"matchCriteriaId": "AD91D6C9-E1D6-45E3-A899-A9D877A2C947"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/tcd-google-maps/trunk/design-plus-google-maps.php?rev=2700917#L154",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/tcd-google-maps/trunk/design-plus-google-maps.php?rev=2700917#L169",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50f6d0aa-059d-48d9-873b-6404f288f002?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-51xx/CVE-2023-5163.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5163",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:10.613",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:10:37.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Weather Atlas Widget para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'shortcode-weather-atlas' en versiones hasta la 1.2.1 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,30 +58,78 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:weather-atlas:weather_atlas:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.1",
"matchCriteriaId": "633D9808-BF21-43EA-874A-C7E8AD7A8363"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L838",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L844",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L845",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L858",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L860",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2324caa-f804-4f76-9d08-8951fbee4669?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-53xx/CVE-2023-5314.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5314",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:10.930",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:11:02.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site's mail server."
},
{
"lang": "es",
"value": "El complemento WP EXtra para WordPress es vulnerable al acceso no autorizado a funciones restringidas debido a una falta de verificaci\u00f3n de capacidad en la secci\u00f3n 'test-email' de la funci\u00f3n de registro() en versiones hasta la 6.2 incluida. Esto hace posible que atacantes autenticados, con permisos m\u00ednimos, como un suscriptor, env\u00eden correos electr\u00f3nicos con contenido arbitrario a ubicaciones arbitrarias desde el servidor de correo del sitio afectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpvnteam:wp_extra:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.2",
"matchCriteriaId": "AB9484E2-1743-407C-B64A-0DE91E25681B"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2977703/wp-extra",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93c10a58-c5f2-440b-a88e-5314143fdd90?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-53xx/CVE-2023-5338.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5338",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:11.083",
"lastModified": "2023-11-22T17:31:59.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T22:11:12.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Theme Blvd Shortcodes para WordPress es incluida es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de c\u00f3digos cortos en versiones hasta la 1.6.8 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeblvd:theme_blvd_shortcodes:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.8",
"matchCriteriaId": "9091EE24-FFAF-42DD-ADE1-E8CC6E6BFAAD"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/theme-blvd-shortcodes/tags/1.6.8/includes/class-tb-column-shortcode.php#L97",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88809668-ea6b-41df-b2a7-ffe03a931c86?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-57xx/CVE-2023-5742.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5742",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:14.720",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-27T21:40:48.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento EasyRotator for WordPress para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'easyrotator' del complemento en todas las versiones hasta la 1.0.14 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dwuser:easyrotator_for_wordpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.14",
"matchCriteriaId": "0B37F77D-3975-46EF-88D2-E3477C85AB68"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/easyrotator-for-wordpress/tags/1.0.14/easyrotator.php#L1913",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3041e28e-d965-4672-ab10-8b1f3d874f19?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

15
CVE-2023/CVE-2023-57xx/CVE-2023-5773.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-5773",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-27T22:15:08.080",
"lastModified": "2023-11-27T22:15:08.080",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-6136. Reason: This record is a reservation duplicate of CVE-20nn-nnnn. Notes: All CVE users should reference CVE-2023-6136 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
],
"metrics": {},
"references": []
}

63
CVE-2023/CVE-2023-58xx/CVE-2023-5885.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-5885",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-27T22:15:08.250",
"lastModified": "2023-11-27T22:15:08.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-35"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/ICSA-23-331-02",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.franklinfueling.com/en/contact-us/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.franklinfueling.com/en/landing-pages/firmware/colibri-firmware/",
"source": "ics-cert@hq.dhs.gov"
}
]
}

10
CVE-2023/CVE-2023-62xx/CVE-2023-6253.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6253",
"sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"published": "2023-11-22T12:15:22.963",
"lastModified": "2023-11-22T13:56:48.513",
"lastModified": "2023-11-27T22:15:08.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.\n"
},
{
"lang": "es",
"value": "Una clave de cifrado guardada en el desinstalador Digital Guardian Agent anterior a la versi\u00f3n 7.9.4 permite a un atacante local recuperar la clave de desinstalaci\u00f3n y eliminar el software extrayendo la clave de desinstalaci\u00f3n de la memoria del archivo de desinstalaci\u00f3n."
}
],
"metrics": {},
@ -24,6 +28,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/14",
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
},
{
"url": "https://r.sec-consult.com/fortra",
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"

68
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-27T21:00:18.236550+00:00
2023-11-27T23:00:18.303992+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-27T20:34:42.057000+00:00
2023-11-27T22:15:08.440000+00:00
```
### Last Data Feed Release
@ -29,44 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231569
231577
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `8`
* [CVE-2022-41951](CVE-2022/CVE-2022-419xx/CVE-2022-41951.json) (`2023-11-27T21:15:07.553`)
* [CVE-2023-48034](CVE-2023/CVE-2023-480xx/CVE-2023-48034.json) (`2023-11-27T21:15:07.777`)
* [CVE-2023-49030](CVE-2023/CVE-2023-490xx/CVE-2023-49030.json) (`2023-11-27T21:15:07.820`)
* [CVE-2023-49044](CVE-2023/CVE-2023-490xx/CVE-2023-49044.json) (`2023-11-27T21:15:07.870`)
* [CVE-2023-32062](CVE-2023/CVE-2023-320xx/CVE-2023-32062.json) (`2023-11-27T22:15:07.660`)
* [CVE-2023-42363](CVE-2023/CVE-2023-423xx/CVE-2023-42363.json) (`2023-11-27T22:15:07.940`)
* [CVE-2023-5773](CVE-2023/CVE-2023-57xx/CVE-2023-5773.json) (`2023-11-27T22:15:08.080`)
* [CVE-2023-5885](CVE-2023/CVE-2023-58xx/CVE-2023-5885.json) (`2023-11-27T22:15:08.250`)
### CVEs modified in the last Commit
Recently modified CVEs: `57`
Recently modified CVEs: `32`
* [CVE-2023-4252](CVE-2023/CVE-2023-42xx/CVE-2023-4252.json) (`2023-11-27T19:03:39.603`)
* [CVE-2023-4297](CVE-2023/CVE-2023-42xx/CVE-2023-4297.json) (`2023-11-27T19:03:39.603`)
* [CVE-2023-4514](CVE-2023/CVE-2023-45xx/CVE-2023-4514.json) (`2023-11-27T19:03:39.603`)
* [CVE-2023-4642](CVE-2023/CVE-2023-46xx/CVE-2023-4642.json) (`2023-11-27T19:03:39.603`)
* [CVE-2023-4922](CVE-2023/CVE-2023-49xx/CVE-2023-4922.json) (`2023-11-27T19:03:39.603`)
* [CVE-2023-22327](CVE-2023/CVE-2023-223xx/CVE-2023-22327.json) (`2023-11-27T19:04:49.127`)
* [CVE-2023-22313](CVE-2023/CVE-2023-223xx/CVE-2023-22313.json) (`2023-11-27T19:05:22.267`)
* [CVE-2023-20533](CVE-2023/CVE-2023-205xx/CVE-2023-20533.json) (`2023-11-27T19:31:24.230`)
* [CVE-2023-5382](CVE-2023/CVE-2023-53xx/CVE-2023-5382.json) (`2023-11-27T20:11:42.213`)
* [CVE-2023-5383](CVE-2023/CVE-2023-53xx/CVE-2023-5383.json) (`2023-11-27T20:12:46.017`)
* [CVE-2023-5385](CVE-2023/CVE-2023-53xx/CVE-2023-5385.json) (`2023-11-27T20:13:07.160`)
* [CVE-2023-5386](CVE-2023/CVE-2023-53xx/CVE-2023-5386.json) (`2023-11-27T20:14:47.710`)
* [CVE-2023-46233](CVE-2023/CVE-2023-462xx/CVE-2023-46233.json) (`2023-11-27T20:15:06.880`)
* [CVE-2023-5387](CVE-2023/CVE-2023-53xx/CVE-2023-5387.json) (`2023-11-27T20:15:21.673`)
* [CVE-2023-5411](CVE-2023/CVE-2023-54xx/CVE-2023-5411.json) (`2023-11-27T20:15:34.987`)
* [CVE-2023-5415](CVE-2023/CVE-2023-54xx/CVE-2023-5415.json) (`2023-11-27T20:15:45.480`)
* [CVE-2023-5416](CVE-2023/CVE-2023-54xx/CVE-2023-5416.json) (`2023-11-27T20:16:15.877`)
* [CVE-2023-5417](CVE-2023/CVE-2023-54xx/CVE-2023-5417.json) (`2023-11-27T20:16:27.553`)
* [CVE-2023-5419](CVE-2023/CVE-2023-54xx/CVE-2023-5419.json) (`2023-11-27T20:16:37.360`)
* [CVE-2023-47772](CVE-2023/CVE-2023-477xx/CVE-2023-47772.json) (`2023-11-27T20:23:44.047`)
* [CVE-2023-41129](CVE-2023/CVE-2023-411xx/CVE-2023-41129.json) (`2023-11-27T20:26:52.227`)
* [CVE-2023-25985](CVE-2023/CVE-2023-259xx/CVE-2023-25985.json) (`2023-11-27T20:33:22.427`)
* [CVE-2023-47655](CVE-2023/CVE-2023-476xx/CVE-2023-47655.json) (`2023-11-27T20:33:58.627`)
* [CVE-2023-47651](CVE-2023/CVE-2023-476xx/CVE-2023-47651.json) (`2023-11-27T20:34:25.773`)
* [CVE-2023-47650](CVE-2023/CVE-2023-476xx/CVE-2023-47650.json) (`2023-11-27T20:34:42.057`)
* [CVE-2023-47758](CVE-2023/CVE-2023-477xx/CVE-2023-47758.json) (`2023-11-27T21:37:09.707`)
* [CVE-2023-39925](CVE-2023/CVE-2023-399xx/CVE-2023-39925.json) (`2023-11-27T21:37:20.403`)
* [CVE-2023-47775](CVE-2023/CVE-2023-477xx/CVE-2023-47775.json) (`2023-11-27T21:37:28.437`)
* [CVE-2023-47785](CVE-2023/CVE-2023-477xx/CVE-2023-47785.json) (`2023-11-27T21:37:43.020`)
* [CVE-2023-47791](CVE-2023/CVE-2023-477xx/CVE-2023-47791.json) (`2023-11-27T21:38:49.060`)
* [CVE-2023-5742](CVE-2023/CVE-2023-57xx/CVE-2023-5742.json) (`2023-11-27T21:40:48.237`)
* [CVE-2023-28749](CVE-2023/CVE-2023-287xx/CVE-2023-28749.json) (`2023-11-27T22:08:00.970`)
* [CVE-2023-43081](CVE-2023/CVE-2023-430xx/CVE-2023-43081.json) (`2023-11-27T22:08:21.640`)
* [CVE-2023-26532](CVE-2023/CVE-2023-265xx/CVE-2023-26532.json) (`2023-11-27T22:08:32.057`)
* [CVE-2023-27442](CVE-2023/CVE-2023-274xx/CVE-2023-27442.json) (`2023-11-27T22:08:45.050`)
* [CVE-2023-27444](CVE-2023/CVE-2023-274xx/CVE-2023-27444.json) (`2023-11-27T22:08:57.333`)
* [CVE-2023-27446](CVE-2023/CVE-2023-274xx/CVE-2023-27446.json) (`2023-11-27T22:09:08.697`)
* [CVE-2023-27451](CVE-2023/CVE-2023-274xx/CVE-2023-27451.json) (`2023-11-27T22:09:24.270`)
* [CVE-2023-4686](CVE-2023/CVE-2023-46xx/CVE-2023-4686.json) (`2023-11-27T22:09:43.227`)
* [CVE-2023-4726](CVE-2023/CVE-2023-47xx/CVE-2023-4726.json) (`2023-11-27T22:09:55.103`)
* [CVE-2023-5048](CVE-2023/CVE-2023-50xx/CVE-2023-5048.json) (`2023-11-27T22:10:05.503`)
* [CVE-2023-5096](CVE-2023/CVE-2023-50xx/CVE-2023-5096.json) (`2023-11-27T22:10:14.173`)
* [CVE-2023-5128](CVE-2023/CVE-2023-51xx/CVE-2023-5128.json) (`2023-11-27T22:10:28.460`)
* [CVE-2023-5163](CVE-2023/CVE-2023-51xx/CVE-2023-5163.json) (`2023-11-27T22:10:37.123`)
* [CVE-2023-5314](CVE-2023/CVE-2023-53xx/CVE-2023-5314.json) (`2023-11-27T22:11:02.433`)
* [CVE-2023-5338](CVE-2023/CVE-2023-53xx/CVE-2023-5338.json) (`2023-11-27T22:11:12.553`)
* [CVE-2023-41109](CVE-2023/CVE-2023-411xx/CVE-2023-41109.json) (`2023-11-27T22:15:07.867`)
* [CVE-2023-47250](CVE-2023/CVE-2023-472xx/CVE-2023-47250.json) (`2023-11-27T22:15:07.997`)
* [CVE-2023-47251](CVE-2023/CVE-2023-472xx/CVE-2023-47251.json) (`2023-11-27T22:15:08.037`)
* [CVE-2023-6253](CVE-2023/CVE-2023-62xx/CVE-2023-6253.json) (`2023-11-27T22:15:08.440`)
## Download and Usage