From 04554826c942c323bc3b479c8fadd215fd386f17 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 27 Nov 2023 23:00:21 +0000 Subject: [PATCH] Auto-Update: 2023-11-27T23:00:18.303992+00:00 --- CVE-2006/CVE-2006-10xx/CVE-2006-1078.json | 6 +- CVE-2006/CVE-2006-10xx/CVE-2006-1079.json | 10 ++- CVE-2007/CVE-2007-06xx/CVE-2007-0664.json | 18 ++++- CVE-2009/CVE-2009-44xx/CVE-2009-4491.json | 6 +- CVE-2022/CVE-2022-419xx/CVE-2022-41951.json | 55 +++++++++++++ CVE-2023/CVE-2023-259xx/CVE-2023-25986.json | 47 ++++++++++- CVE-2023/CVE-2023-259xx/CVE-2023-25987.json | 47 ++++++++++- CVE-2023/CVE-2023-265xx/CVE-2023-26532.json | 51 +++++++++++- CVE-2023/CVE-2023-274xx/CVE-2023-27442.json | 51 +++++++++++- CVE-2023/CVE-2023-274xx/CVE-2023-27444.json | 51 +++++++++++- CVE-2023/CVE-2023-274xx/CVE-2023-27446.json | 51 +++++++++++- CVE-2023/CVE-2023-274xx/CVE-2023-27451.json | 51 +++++++++++- CVE-2023/CVE-2023-287xx/CVE-2023-28749.json | 51 +++++++++++- CVE-2023/CVE-2023-320xx/CVE-2023-32062.json | 63 +++++++++++++++ CVE-2023/CVE-2023-399xx/CVE-2023-39925.json | 61 +++++++++++++- CVE-2023/CVE-2023-411xx/CVE-2023-41109.json | 8 +- CVE-2023/CVE-2023-423xx/CVE-2023-42363.json | 20 +++++ CVE-2023/CVE-2023-430xx/CVE-2023-43081.json | 62 ++++++++++++++- CVE-2023/CVE-2023-46xx/CVE-2023-4686.json | 73 +++++++++++++++-- CVE-2023/CVE-2023-472xx/CVE-2023-47250.json | 6 +- CVE-2023/CVE-2023-472xx/CVE-2023-47251.json | 6 +- CVE-2023/CVE-2023-477xx/CVE-2023-47758.json | 47 ++++++++++- CVE-2023/CVE-2023-477xx/CVE-2023-47765.json | 47 ++++++++++- CVE-2023/CVE-2023-477xx/CVE-2023-47775.json | 51 +++++++++++- CVE-2023/CVE-2023-477xx/CVE-2023-47785.json | 51 +++++++++++- CVE-2023/CVE-2023-477xx/CVE-2023-47791.json | 51 +++++++++++- CVE-2023/CVE-2023-47xx/CVE-2023-4726.json | 68 +++++++++++++++- CVE-2023/CVE-2023-480xx/CVE-2023-48034.json | 20 +++++ CVE-2023/CVE-2023-490xx/CVE-2023-49030.json | 28 +++++++ CVE-2023/CVE-2023-490xx/CVE-2023-49044.json | 20 +++++ CVE-2023/CVE-2023-50xx/CVE-2023-5048.json | 68 +++++++++++++++- CVE-2023/CVE-2023-50xx/CVE-2023-5096.json | 68 +++++++++++++++- CVE-2023/CVE-2023-51xx/CVE-2023-5128.json | 73 +++++++++++++++-- CVE-2023/CVE-2023-51xx/CVE-2023-5163.json | 88 +++++++++++++++++++-- CVE-2023/CVE-2023-53xx/CVE-2023-5314.json | 68 +++++++++++++++- CVE-2023/CVE-2023-53xx/CVE-2023-5338.json | 68 +++++++++++++++- CVE-2023/CVE-2023-57xx/CVE-2023-5742.json | 68 +++++++++++++++- CVE-2023/CVE-2023-57xx/CVE-2023-5773.json | 15 ++++ CVE-2023/CVE-2023-58xx/CVE-2023-5885.json | 63 +++++++++++++++ CVE-2023/CVE-2023-62xx/CVE-2023-6253.json | 10 ++- README.md | 68 +++++++++------- 41 files changed, 1708 insertions(+), 126 deletions(-) create mode 100644 CVE-2022/CVE-2022-419xx/CVE-2022-41951.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32062.json create mode 100644 CVE-2023/CVE-2023-423xx/CVE-2023-42363.json create mode 100644 CVE-2023/CVE-2023-480xx/CVE-2023-48034.json create mode 100644 CVE-2023/CVE-2023-490xx/CVE-2023-49030.json create mode 100644 CVE-2023/CVE-2023-490xx/CVE-2023-49044.json create mode 100644 CVE-2023/CVE-2023-57xx/CVE-2023-5773.json create mode 100644 CVE-2023/CVE-2023-58xx/CVE-2023-5885.json diff --git a/CVE-2006/CVE-2006-10xx/CVE-2006-1078.json b/CVE-2006/CVE-2006-10xx/CVE-2006-1078.json index 16ba7fc7169..abed7ee8ef0 100644 --- a/CVE-2006/CVE-2006-10xx/CVE-2006-1078.json +++ b/CVE-2006/CVE-2006-10xx/CVE-2006-1078.json @@ -2,7 +2,7 @@ "id": "CVE-2006-1078", "sourceIdentifier": "cve@mitre.org", "published": "2006-03-09T00:02:00.000", - "lastModified": "2018-10-18T16:30:36.447", + "lastModified": "2023-11-27T22:15:07.177", "vulnStatus": "Modified", "descriptions": [ { @@ -99,6 +99,10 @@ "url": "http://seclists.org/bugtraq/2004/Oct/0359.html", "source": "cve@mitre.org" }, + { + "url": "http://seclists.org/fulldisclosure/2023/Nov/13", + "source": "cve@mitre.org" + }, { "url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html", "source": "cve@mitre.org" diff --git a/CVE-2006/CVE-2006-10xx/CVE-2006-1079.json b/CVE-2006/CVE-2006-10xx/CVE-2006-1079.json index 898798bfb3a..204bcc1c8a9 100644 --- a/CVE-2006/CVE-2006-10xx/CVE-2006-1079.json +++ b/CVE-2006/CVE-2006-10xx/CVE-2006-1079.json @@ -2,7 +2,7 @@ "id": "CVE-2006-1079", "sourceIdentifier": "cve@mitre.org", "published": "2006-03-09T00:02:00.000", - "lastModified": "2018-10-18T16:30:37.447", + "lastModified": "2023-11-27T22:15:07.283", "vulnStatus": "Modified", "descriptions": [ { @@ -79,6 +79,14 @@ "url": "http://marc.info/?l=thttpd&m=114154083000296&w=2", "source": "cve@mitre.org" }, + { + "url": "http://seclists.org/fulldisclosure/2023/Nov/13", + "source": "cve@mitre.org" + }, + { + "url": "http://www.osvdb.org/23828", + "source": "cve@mitre.org" + }, { "url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded", "source": "cve@mitre.org" diff --git a/CVE-2007/CVE-2007-06xx/CVE-2007-0664.json b/CVE-2007/CVE-2007-06xx/CVE-2007-0664.json index d5dbae71acc..fc1acf0cf32 100644 --- a/CVE-2007/CVE-2007-06xx/CVE-2007-0664.json +++ b/CVE-2007/CVE-2007-06xx/CVE-2007-0664.json @@ -2,7 +2,7 @@ "id": "CVE-2007-0664", "sourceIdentifier": "cve@mitre.org", "published": "2007-02-02T21:28:00.000", - "lastModified": "2008-11-15T06:41:25.063", + "lastModified": "2023-11-27T22:15:07.350", "vulnStatus": "Modified", "descriptions": [ { @@ -80,6 +80,22 @@ "Vendor Advisory" ] }, + { + "url": "http://osvdb.org/31965", + "source": "cve@mitre.org" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Nov/13", + "source": "cve@mitre.org" + }, + { + "url": "http://secunia.com/advisories/24018", + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, { "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml", "source": "cve@mitre.org", diff --git a/CVE-2009/CVE-2009-44xx/CVE-2009-4491.json b/CVE-2009/CVE-2009-44xx/CVE-2009-4491.json index 870773cee66..89b0a08e325 100644 --- a/CVE-2009/CVE-2009-44xx/CVE-2009-4491.json +++ b/CVE-2009/CVE-2009-44xx/CVE-2009-4491.json @@ -2,7 +2,7 @@ "id": "CVE-2009-4491", "sourceIdentifier": "cve@mitre.org", "published": "2010-01-13T20:30:00.500", - "lastModified": "2018-10-10T19:49:14.760", + "lastModified": "2023-11-27T22:15:07.440", "vulnStatus": "Modified", "descriptions": [ { @@ -71,6 +71,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Nov/13", + "source": "cve@mitre.org" + }, { "url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded", "source": "cve@mitre.org" diff --git a/CVE-2022/CVE-2022-419xx/CVE-2022-41951.json b/CVE-2022/CVE-2022-419xx/CVE-2022-41951.json new file mode 100644 index 00000000000..25b524b9640 --- /dev/null +++ b/CVE-2022/CVE-2022-419xx/CVE-2022-41951.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-41951", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-11-27T21:15:07.553", + "lastModified": "2023-11-27T21:15:07.553", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\\Bundle\\GaufretteBundle\\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25986.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25986.json index f7fb1c62276..b9115823f78 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25986.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25986.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25986", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T18:15:08.087", - "lastModified": "2023-11-22T19:00:49.717", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T21:30:56.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paygreen:paygreen_-_ancienne:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.10.2", + "matchCriteriaId": "5AA1DD10-22BA-4088-8537-BBD210816F54" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/paygreen-woocommerce/wordpress-paygreen-plugin-4-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25987.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25987.json index 66225066357..0005949212e 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25987.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25987.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25987", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T18:15:08.283", - "lastModified": "2023-11-22T19:00:49.717", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T21:36:53.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:urosevic:my_youtube_channel:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.23.4", + "matchCriteriaId": "F315ABE8-CB6F-4E62-A128-10071C56FDD7" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/youtube-channel/wordpress-my-youtube-channel-plugin-3-23-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26532.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26532.json index 1336d60ccb8..c627a8d0dfa 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26532.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26532.json @@ -2,16 +2,40 @@ "id": "CVE-2023-26532", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T14:15:08.037", - "lastModified": "2023-11-22T15:12:25.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:08:32.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <=\u00a02.1.4 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento AccessPress Themes Social Auto Poster en versiones <=2.1.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:accesspressthemes:social_auto_poster:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.4", + "matchCriteriaId": "058CFA4D-92CC-4701-BD60-F1B0AAEF3DC1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/accesspress-facebook-auto-post/wordpress-social-auto-poster-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27442.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27442.json index 3e0cf0d3eba..a133fed862e 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27442.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27442.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27442", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T14:15:08.417", - "lastModified": "2023-11-22T15:12:25.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:08:45.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <=\u00a03.29.2 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Teplitsa of social technologies Leyka en versiones <=3.29.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:techsoupeurope:leyka:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.29.2", + "matchCriteriaId": "8DEC6071-C5F4-4FA2-B0D3-54CD99FDFD73" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27444.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27444.json index 77bc1cdf72e..6fa042e9eaa 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27444.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27444.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27444", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T14:15:08.600", - "lastModified": "2023-11-22T15:12:25.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:08:57.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <=\u00a03.7.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Pierre Lannoy/PerfOps One DecaLog en versiones <=3.7.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:perfops:decalog:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.7.0", + "matchCriteriaId": "ED0DC507-3D38-4BB2-B317-8BCDD6BB0E5F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/decalog/wordpress-decalog-plugin-3-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27446.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27446.json index e8244a913ee..b4ce43db022 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27446.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27446.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27446", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T14:15:08.790", - "lastModified": "2023-11-22T15:12:25.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:09:08.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <=\u00a02.1.4 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Fluenx DeepL API translation en versiones <=2.1.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fluenx:deepl_pro_api_translation:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.4", + "matchCriteriaId": "305B2FAE-9F31-4EC5-AC9A-732BBBB0F63A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wpdeepl/wordpress-deepl-api-translation-plugin-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27451.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27451.json index 77314d9d183..b267bfc27cb 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27451.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27451.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27451", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T14:15:08.970", - "lastModified": "2023-11-22T15:12:25.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:09:24.270", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <=\u00a05.1.0.2 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en el complemento Darren Cooney Instant Images en versiones <=5.1.0.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:connekthq:instant_images:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.1.0.2", + "matchCriteriaId": "061CDE72-D4D4-4EE3-B3F1-50D887D93E8A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-5-1-0-1-auth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28749.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28749.json index 33e29d1be11..9f25fd91253 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28749.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28749.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28749", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T13:15:07.850", - "lastModified": "2023-11-22T13:56:48.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:08:00.970", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <=\u00a01.3.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento CreativeMindsSolutions CM On Demand Search And Replace en versiones <=1.3.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cminds:cm_on_demand_search_and_replace:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.0", + "matchCriteriaId": "D89F85E6-D5E1-4AE0-8E5A-7DEDF83C8B42" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cm-on-demand-search-and-replace/wordpress-cm-on-demand-search-and-replace-plugin-1-3-0-cross-site-request-forgery-csrf?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32062.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32062.json new file mode 100644 index 00000000000..cb442105b7f --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32062.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-32062", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-11-27T22:15:07.660", + "lastModified": "2023-11-27T22:15:07.660", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39925.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39925.json index 6873e77a236..55f9eced312 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39925.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39925.json @@ -2,16 +2,40 @@ "id": "CVE-2023-39925", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T19:15:08.357", - "lastModified": "2023-11-22T19:46:41.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T21:37:20.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <=\u00a06.1.6.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento PeepSo Download Community by PeepSo en versiones <= 6.1.6.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:peepso:peepso:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.2.0.0", + "matchCriteriaId": "CE7B1C15-23A4-4D00-81B6-3A72159FAA15" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/peepso-core/wordpress-peepso-plugin-6-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41109.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41109.json index 8f6e6b5c9eb..8ce07ba332c 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41109.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41109.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41109", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T20:15:08.273", - "lastModified": "2023-09-01T18:37:07.207", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-27T22:15:07.867", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -77,6 +77,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Nov/12", + "source": "cve@mitre.org" + }, { "url": "https://www.syss.de/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-423xx/CVE-2023-42363.json b/CVE-2023/CVE-2023-423xx/CVE-2023-42363.json new file mode 100644 index 00000000000..2458625fe0a --- /dev/null +++ b/CVE-2023/CVE-2023-423xx/CVE-2023-42363.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-42363", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-27T22:15:07.940", + "lastModified": "2023-11-27T22:15:07.940", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bugs.busybox.net/show_bug.cgi?id=15865", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43081.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43081.json index 50b623a3318..a8aca346771 100644 --- a/CVE-2023/CVE-2023-430xx/CVE-2023-43081.json +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43081.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43081", "sourceIdentifier": "security_alert@emc.com", "published": "2023-11-22T13:15:08.047", - "lastModified": "2023-11-22T13:56:48.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:08:21.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nPowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files.\n\n" + }, + { + "lang": "es", + "value": "PowerProtect Agent for File System Version 19.14 y anteriores contiene una vulnerabilidad de permisos predeterminados incorrectos en el componente ddfscon. Un atacante local con pocos privilegios podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la sobrescritura de los archivos de registro." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:powerprotect_agent_for_file_system:*:*:*:*:*:*:*:*", + "versionEndIncluding": "19.14", + "matchCriteriaId": "C28A610C-EF32-4205-8681-5F3A02B6B970" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000219782/dsa-2023-427-security-update-for-dell-powerprotect-agent-for-file-system-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4686.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4686.json index da11adbbc6c..f8e38863221 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4686.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4686.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4686", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:09.823", - "lastModified": "2023-11-22T17:31:59.573", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:09:43.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and trashed posts and pages in addition to other post types such as galleries." + }, + { + "lang": "es", + "value": "El complemento WP Customer Reviews para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en versiones hasta la 3.6.6 incluida a trav\u00e9s de la funci\u00f3n ajax_enabled_posts. Esto puede permitir a atacantes autenticados extraer datos confidenciales, como t\u00edtulos de publicaciones y slugs, incluidos aquellos de publicaciones y p\u00e1ginas protegidas y eliminadas, adem\u00e1s de otros tipos de publicaciones, como galer\u00edas." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,18 +58,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gowebsolutions:wp_customer_reviews:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.6.6", + "matchCriteriaId": "B038FF72-049E-4DEB-999C-7033549EF126" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wp-customer-reviews/trunk/include/admin/wp-customer-reviews-3-admin.php?rev=2617376#L866", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2965656/wp-customer-reviews/trunk?contextall=1&old=2882143&old_path=%2Fwp-customer-reviews%2Ftrunk", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24b9984c-ec33-4492-815b-67a21ac4da0e?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47250.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47250.json index 2857dca7522..4f43072a8cf 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47250.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47250.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47250", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-22T18:15:08.883", - "lastModified": "2023-11-22T19:00:49.717", + "lastModified": "2023-11-27T22:15:07.997", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -16,6 +16,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Nov/13", + "source": "cve@mitre.org" + }, { "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47251.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47251.json index c230be566ef..76acddf2b9e 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47251.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47251.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47251", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-22T18:15:08.930", - "lastModified": "2023-11-22T19:00:49.717", + "lastModified": "2023-11-27T22:15:08.037", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -16,6 +16,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Nov/13", + "source": "cve@mitre.org" + }, { "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47758.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47758.json index 05f451f6d48..eae5efbfc06 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47758.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47758.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47758", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T18:15:09.253", - "lastModified": "2023-11-22T19:00:49.717", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T21:37:09.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mondula:multi_step_form:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.7.11", + "matchCriteriaId": "7E1B9F6C-50E0-4FCB-88E5-4413983C67B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47765.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47765.json index c71e51fbb4d..d7da312e57b 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47765.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47765.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47765", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T18:15:09.440", - "lastModified": "2023-11-22T19:00:49.717", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T21:32:35.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codebard:codebard\\'s_patron_button_and_widgets_for_patreon:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.2.0", + "matchCriteriaId": "7E794B05-A2DA-4833-858E-D6F559445AC5" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/patron-button-and-widgets-by-codebard/wordpress-codebard-s-patron-button-and-widgets-for-patreon-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47775.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47775.json index 45be5268924..d49a4be47a7 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47775.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47775.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47775", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T19:15:08.577", - "lastModified": "2023-11-22T19:46:41.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T21:37:28.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments \u2014 wpDiscuz plugin <=\u00a07.6.11 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento gVectors Team Comments \u2014 wpDiscuz en versiones <= 7.6.11." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "7.6.12", + "matchCriteriaId": "C9485750-B015-4073-B088-398261389AC5" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-6-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47785.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47785.json index 25c8acd0e9c..137419c45bf 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47785.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47785.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47785", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T19:15:08.977", - "lastModified": "2023-11-22T19:46:41.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T21:37:43.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin <=\u00a07.7.9 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento LayerSlider en versiones <= 7.7.9." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kreaturamedia:layerslider:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "7.7.10", + "matchCriteriaId": "CA0A7270-75DB-472E-99B1-FABDCD89DFF0" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/layerslider/wordpress-layerslider-plugin-7-7-9-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47791.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47791.json index 697c04bfcbf..6533aeea667 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47791.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47791.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47791", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T19:15:09.180", - "lastModified": "2023-11-22T19:46:41.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T21:38:49.060", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <=\u00a01.1.2 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Leadster en versiones <= 1.1.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:leadster:leadster:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.2", + "matchCriteriaId": "EBD66F17-A91B-4E82-9662-17EE2BFD7559" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/leadster-marketing-conversaciona/wordpress-leadster-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4726.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4726.json index dc712443d38..aa907111bec 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4726.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4726.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4726", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:09.983", - "lastModified": "2023-11-22T17:31:59.573", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:09:55.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.7. due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + }, + { + "lang": "es", + "value": "El complemento Ultimate Dashboard para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en versiones hasta la 3.7.7 incluida. debido a una insuficiente sanitizaci\u00f3n de los insumos y al escape de los productos. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:davidvongries:ultimate_dashboard:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.7.7", + "matchCriteriaId": "04AF4A01-2BC4-4A3E-BC0E-640C79F5DA4C" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2991103%40ultimate-dashboard%2Ftrunk&old=2958955%40ultimate-dashboard%2Ftrunk&sfp_email=&sfph_mail=#file5", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79cce1fc-a27f-4842-b1a2-2c53857add4c?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48034.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48034.json new file mode 100644 index 00000000000..c7181f1d83f --- /dev/null +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48034.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48034", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-27T21:15:07.777", + "lastModified": "2023-11-27T21:15:07.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/aprkr/CVE-2023-48034", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49030.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49030.json new file mode 100644 index 00000000000..869e2158260 --- /dev/null +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49030.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-49030", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-27T21:15:07.820", + "lastModified": "2023-11-27T21:15:07.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/Chiaki2333/f09b47a39e175932d8a2360e439194d5", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/32ns/KLive", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Chiaki2333/vulnerability/blob/main/32ns-KLive-SQL-user.php.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49044.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49044.json new file mode 100644 index 00000000000..4fe6d210271 --- /dev/null +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49044.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-49044", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-27T21:15:07.870", + "lastModified": "2023-11-27T21:15:07.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1803/form_fast_setting_wifi_set.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5048.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5048.json index 712434a3eef..870198a5db1 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5048.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5048.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5048", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:10.137", - "lastModified": "2023-11-22T17:31:59.573", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:10:05.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Contact_Form_Builder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WDContactFormBuilder para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'Contact_Form_Builder' en versiones hasta la 1.0.72 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a que la salida se escapa en el atributo 'id' proporcionado por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:web-dorado:contact_form_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.72", + "matchCriteriaId": "12883FC1-3E80-4059-8412-263E9E5E81F7" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/contact-form-builder/tags/1.0.72/frontend/views/CFMViewForm_maker.php#L102", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7152253a-7bb8-4b5c-bffd-86e46df54b7e?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5096.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5096.json index f0cfeddd329..06ee7318b9a 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5096.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5096.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5096", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:10.293", - "lastModified": "2023-11-22T17:31:59.573", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:10:14.173", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "Los complementos HTML filter and csv-file search para WordPress son vulnerables a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'csvsearch' del complemento en versiones hasta la 2.7 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con permisos de nivel de colaborador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jonashjalmarsson:html_filter_and_csv-file_search:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.8", + "matchCriteriaId": "2B3BAD5C-9D5E-47B7-A8CE-338D0A611F64" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2985200/hk-filter-and-search", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/157eddd4-67f0-4a07-b3ab-11dbfb9f12aa?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5128.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5128.json index d307b41f29e..fadf626193b 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5128.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5128.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5128", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:10.453", - "lastModified": "2023-11-22T17:31:59.573", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:10:28.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'map' shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento TCD Google Maps para WordPress es incluida es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado de 'mapa' en versiones hasta la 1.8 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,18 +58,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tcd-theme:tcd_google_maps:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.8", + "matchCriteriaId": "AD91D6C9-E1D6-45E3-A899-A9D877A2C947" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/tcd-google-maps/trunk/design-plus-google-maps.php?rev=2700917#L154", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/tcd-google-maps/trunk/design-plus-google-maps.php?rev=2700917#L169", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50f6d0aa-059d-48d9-873b-6404f288f002?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5163.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5163.json index 7275bc1cb90..7ee6652cac4 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5163.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5163.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5163", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:10.613", - "lastModified": "2023-11-22T17:31:59.573", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:10:37.123", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Weather Atlas Widget para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'shortcode-weather-atlas' en versiones hasta la 1.2.1 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,30 +58,78 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weather-atlas:weather_atlas:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.1", + "matchCriteriaId": "633D9808-BF21-43EA-874A-C7E8AD7A8363" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L838", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L844", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L845", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L858", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L860", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2324caa-f804-4f76-9d08-8951fbee4669?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5314.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5314.json index 652f531e8ec..b22749b55d1 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5314.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5314.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5314", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:10.930", - "lastModified": "2023-11-22T17:31:59.573", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:11:02.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site's mail server." + }, + { + "lang": "es", + "value": "El complemento WP EXtra para WordPress es vulnerable al acceso no autorizado a funciones restringidas debido a una falta de verificaci\u00f3n de capacidad en la secci\u00f3n 'test-email' de la funci\u00f3n de registro() en versiones hasta la 6.2 incluida. Esto hace posible que atacantes autenticados, con permisos m\u00ednimos, como un suscriptor, env\u00eden correos electr\u00f3nicos con contenido arbitrario a ubicaciones arbitrarias desde el servidor de correo del sitio afectado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpvnteam:wp_extra:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.2", + "matchCriteriaId": "AB9484E2-1743-407C-B64A-0DE91E25681B" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2977703/wp-extra", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93c10a58-c5f2-440b-a88e-5314143fdd90?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5338.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5338.json index 4ce2f41af4d..33cd6e4d818 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5338.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5338.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5338", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:11.083", - "lastModified": "2023-11-22T17:31:59.573", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T22:11:12.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Theme Blvd Shortcodes para WordPress es incluida es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de c\u00f3digos cortos en versiones hasta la 1.6.8 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themeblvd:theme_blvd_shortcodes:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.8", + "matchCriteriaId": "9091EE24-FFAF-42DD-ADE1-E8CC6E6BFAAD" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/theme-blvd-shortcodes/tags/1.6.8/includes/class-tb-column-shortcode.php#L97", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88809668-ea6b-41df-b2a7-ffe03a931c86?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5742.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5742.json index 4b2b15279e5..d81a60f8977 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5742.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5742.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5742", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:14.720", - "lastModified": "2023-11-22T17:31:47.393", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-27T21:40:48.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento EasyRotator for WordPress para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'easyrotator' del complemento en todas las versiones hasta la 1.0.14 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dwuser:easyrotator_for_wordpress:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.14", + "matchCriteriaId": "0B37F77D-3975-46EF-88D2-E3477C85AB68" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/easyrotator-for-wordpress/tags/1.0.14/easyrotator.php#L1913", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3041e28e-d965-4672-ab10-8b1f3d874f19?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5773.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5773.json new file mode 100644 index 00000000000..698c08210c1 --- /dev/null +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5773.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2023-5773", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-11-27T22:15:08.080", + "lastModified": "2023-11-27T22:15:08.080", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-6136. Reason: This record is a reservation duplicate of CVE-20nn-nnnn. Notes: All CVE users should reference CVE-2023-6136 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5885.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5885.json new file mode 100644 index 00000000000..6341f6f8f5c --- /dev/null +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5885.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-5885", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-11-27T22:15:08.250", + "lastModified": "2023-11-27T22:15:08.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/ICSA-23-331-02", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.franklinfueling.com/en/contact-us/", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.franklinfueling.com/en/landing-pages/firmware/colibri-firmware/", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6253.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6253.json index dbb90491255..5dd3ed5efda 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6253.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6253.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6253", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2023-11-22T12:15:22.963", - "lastModified": "2023-11-22T13:56:48.513", + "lastModified": "2023-11-27T22:15:08.440", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.\n" + }, + { + "lang": "es", + "value": "Una clave de cifrado guardada en el desinstalador Digital Guardian Agent anterior a la versi\u00f3n 7.9.4 permite a un atacante local recuperar la clave de desinstalaci\u00f3n y eliminar el software extrayendo la clave de desinstalaci\u00f3n de la memoria del archivo de desinstalaci\u00f3n." } ], "metrics": {}, @@ -24,6 +28,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Nov/14", + "source": "551230f0-3615-47bd-b7cc-93e92e730bbf" + }, { "url": "https://r.sec-consult.com/fortra", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf" diff --git a/README.md b/README.md index b1915cc3a58..07fb2c0b3a9 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-27T21:00:18.236550+00:00 +2023-11-27T23:00:18.303992+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-27T20:34:42.057000+00:00 +2023-11-27T22:15:08.440000+00:00 ``` ### Last Data Feed Release @@ -29,44 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231569 +231577 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `8` +* [CVE-2022-41951](CVE-2022/CVE-2022-419xx/CVE-2022-41951.json) (`2023-11-27T21:15:07.553`) +* [CVE-2023-48034](CVE-2023/CVE-2023-480xx/CVE-2023-48034.json) (`2023-11-27T21:15:07.777`) +* [CVE-2023-49030](CVE-2023/CVE-2023-490xx/CVE-2023-49030.json) (`2023-11-27T21:15:07.820`) +* [CVE-2023-49044](CVE-2023/CVE-2023-490xx/CVE-2023-49044.json) (`2023-11-27T21:15:07.870`) +* [CVE-2023-32062](CVE-2023/CVE-2023-320xx/CVE-2023-32062.json) (`2023-11-27T22:15:07.660`) +* [CVE-2023-42363](CVE-2023/CVE-2023-423xx/CVE-2023-42363.json) (`2023-11-27T22:15:07.940`) +* [CVE-2023-5773](CVE-2023/CVE-2023-57xx/CVE-2023-5773.json) (`2023-11-27T22:15:08.080`) +* [CVE-2023-5885](CVE-2023/CVE-2023-58xx/CVE-2023-5885.json) (`2023-11-27T22:15:08.250`) ### CVEs modified in the last Commit -Recently modified CVEs: `57` +Recently modified CVEs: `32` -* [CVE-2023-4252](CVE-2023/CVE-2023-42xx/CVE-2023-4252.json) (`2023-11-27T19:03:39.603`) -* [CVE-2023-4297](CVE-2023/CVE-2023-42xx/CVE-2023-4297.json) (`2023-11-27T19:03:39.603`) -* [CVE-2023-4514](CVE-2023/CVE-2023-45xx/CVE-2023-4514.json) (`2023-11-27T19:03:39.603`) -* [CVE-2023-4642](CVE-2023/CVE-2023-46xx/CVE-2023-4642.json) (`2023-11-27T19:03:39.603`) -* [CVE-2023-4922](CVE-2023/CVE-2023-49xx/CVE-2023-4922.json) (`2023-11-27T19:03:39.603`) -* [CVE-2023-22327](CVE-2023/CVE-2023-223xx/CVE-2023-22327.json) (`2023-11-27T19:04:49.127`) -* [CVE-2023-22313](CVE-2023/CVE-2023-223xx/CVE-2023-22313.json) (`2023-11-27T19:05:22.267`) -* [CVE-2023-20533](CVE-2023/CVE-2023-205xx/CVE-2023-20533.json) (`2023-11-27T19:31:24.230`) -* [CVE-2023-5382](CVE-2023/CVE-2023-53xx/CVE-2023-5382.json) (`2023-11-27T20:11:42.213`) -* [CVE-2023-5383](CVE-2023/CVE-2023-53xx/CVE-2023-5383.json) (`2023-11-27T20:12:46.017`) -* [CVE-2023-5385](CVE-2023/CVE-2023-53xx/CVE-2023-5385.json) (`2023-11-27T20:13:07.160`) -* [CVE-2023-5386](CVE-2023/CVE-2023-53xx/CVE-2023-5386.json) (`2023-11-27T20:14:47.710`) -* [CVE-2023-46233](CVE-2023/CVE-2023-462xx/CVE-2023-46233.json) (`2023-11-27T20:15:06.880`) -* [CVE-2023-5387](CVE-2023/CVE-2023-53xx/CVE-2023-5387.json) (`2023-11-27T20:15:21.673`) -* [CVE-2023-5411](CVE-2023/CVE-2023-54xx/CVE-2023-5411.json) (`2023-11-27T20:15:34.987`) -* [CVE-2023-5415](CVE-2023/CVE-2023-54xx/CVE-2023-5415.json) (`2023-11-27T20:15:45.480`) -* [CVE-2023-5416](CVE-2023/CVE-2023-54xx/CVE-2023-5416.json) (`2023-11-27T20:16:15.877`) -* [CVE-2023-5417](CVE-2023/CVE-2023-54xx/CVE-2023-5417.json) (`2023-11-27T20:16:27.553`) -* [CVE-2023-5419](CVE-2023/CVE-2023-54xx/CVE-2023-5419.json) (`2023-11-27T20:16:37.360`) -* [CVE-2023-47772](CVE-2023/CVE-2023-477xx/CVE-2023-47772.json) (`2023-11-27T20:23:44.047`) -* [CVE-2023-41129](CVE-2023/CVE-2023-411xx/CVE-2023-41129.json) (`2023-11-27T20:26:52.227`) -* [CVE-2023-25985](CVE-2023/CVE-2023-259xx/CVE-2023-25985.json) (`2023-11-27T20:33:22.427`) -* [CVE-2023-47655](CVE-2023/CVE-2023-476xx/CVE-2023-47655.json) (`2023-11-27T20:33:58.627`) -* [CVE-2023-47651](CVE-2023/CVE-2023-476xx/CVE-2023-47651.json) (`2023-11-27T20:34:25.773`) -* [CVE-2023-47650](CVE-2023/CVE-2023-476xx/CVE-2023-47650.json) (`2023-11-27T20:34:42.057`) +* [CVE-2023-47758](CVE-2023/CVE-2023-477xx/CVE-2023-47758.json) (`2023-11-27T21:37:09.707`) +* [CVE-2023-39925](CVE-2023/CVE-2023-399xx/CVE-2023-39925.json) (`2023-11-27T21:37:20.403`) +* [CVE-2023-47775](CVE-2023/CVE-2023-477xx/CVE-2023-47775.json) (`2023-11-27T21:37:28.437`) +* [CVE-2023-47785](CVE-2023/CVE-2023-477xx/CVE-2023-47785.json) (`2023-11-27T21:37:43.020`) +* [CVE-2023-47791](CVE-2023/CVE-2023-477xx/CVE-2023-47791.json) (`2023-11-27T21:38:49.060`) +* [CVE-2023-5742](CVE-2023/CVE-2023-57xx/CVE-2023-5742.json) (`2023-11-27T21:40:48.237`) +* [CVE-2023-28749](CVE-2023/CVE-2023-287xx/CVE-2023-28749.json) (`2023-11-27T22:08:00.970`) +* [CVE-2023-43081](CVE-2023/CVE-2023-430xx/CVE-2023-43081.json) (`2023-11-27T22:08:21.640`) +* [CVE-2023-26532](CVE-2023/CVE-2023-265xx/CVE-2023-26532.json) (`2023-11-27T22:08:32.057`) +* [CVE-2023-27442](CVE-2023/CVE-2023-274xx/CVE-2023-27442.json) (`2023-11-27T22:08:45.050`) +* [CVE-2023-27444](CVE-2023/CVE-2023-274xx/CVE-2023-27444.json) (`2023-11-27T22:08:57.333`) +* [CVE-2023-27446](CVE-2023/CVE-2023-274xx/CVE-2023-27446.json) (`2023-11-27T22:09:08.697`) +* [CVE-2023-27451](CVE-2023/CVE-2023-274xx/CVE-2023-27451.json) (`2023-11-27T22:09:24.270`) +* [CVE-2023-4686](CVE-2023/CVE-2023-46xx/CVE-2023-4686.json) (`2023-11-27T22:09:43.227`) +* [CVE-2023-4726](CVE-2023/CVE-2023-47xx/CVE-2023-4726.json) (`2023-11-27T22:09:55.103`) +* [CVE-2023-5048](CVE-2023/CVE-2023-50xx/CVE-2023-5048.json) (`2023-11-27T22:10:05.503`) +* [CVE-2023-5096](CVE-2023/CVE-2023-50xx/CVE-2023-5096.json) (`2023-11-27T22:10:14.173`) +* [CVE-2023-5128](CVE-2023/CVE-2023-51xx/CVE-2023-5128.json) (`2023-11-27T22:10:28.460`) +* [CVE-2023-5163](CVE-2023/CVE-2023-51xx/CVE-2023-5163.json) (`2023-11-27T22:10:37.123`) +* [CVE-2023-5314](CVE-2023/CVE-2023-53xx/CVE-2023-5314.json) (`2023-11-27T22:11:02.433`) +* [CVE-2023-5338](CVE-2023/CVE-2023-53xx/CVE-2023-5338.json) (`2023-11-27T22:11:12.553`) +* [CVE-2023-41109](CVE-2023/CVE-2023-411xx/CVE-2023-41109.json) (`2023-11-27T22:15:07.867`) +* [CVE-2023-47250](CVE-2023/CVE-2023-472xx/CVE-2023-47250.json) (`2023-11-27T22:15:07.997`) +* [CVE-2023-47251](CVE-2023/CVE-2023-472xx/CVE-2023-47251.json) (`2023-11-27T22:15:08.037`) +* [CVE-2023-6253](CVE-2023/CVE-2023-62xx/CVE-2023-6253.json) (`2023-11-27T22:15:08.440`) ## Download and Usage