Auto-Update: 2023-09-07T04:00:25.134761+00:00

CVE-2022/CVE-2022-343xx/CVE-2022-34300.json

@@ -2,8 +2,8 @@
   "id": "CVE-2022-34300",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2022-06-23T17:15:18.460",
-  "lastModified": "2022-06-29T22:14:24.870",
+  "lastModified": "2023-09-07T03:15:07.537",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -101,6 +101,10 @@
         "Issue Tracking",
         "Third Party Advisory"
       ]
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LQCZL36LTOHWCQ25R5WTRSD5QMM436Q6/",
+      "source": "cve@mitre.org"
     }
   ]
 }

CVE-2022/CVE-2022-417xx/CVE-2022-41717.json

@@ -2,7 +2,7 @@
   "id": "CVE-2022-41717",
   "sourceIdentifier": "security@golang.org",
   "published": "2022-12-08T20:15:10.330",
-  "lastModified": "2023-09-05T03:15:09.377",
+  "lastModified": "2023-09-07T03:15:07.973",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -153,6 +153,10 @@
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/",
       "source": "security@golang.org"
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/",
+      "source": "security@golang.org"
+    },
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/",
       "source": "security@golang.org",

CVE-2023/CVE-2023-226xx/CVE-2023-22652.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-22652",
   "sourceIdentifier": "meissner@suse.de",
   "published": "2023-06-01T12:15:09.557",
-  "lastModified": "2023-09-01T06:15:42.900",
+  "lastModified": "2023-09-07T02:15:07.570",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -100,6 +100,10 @@
         "Broken Link"
       ]
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDD5GL5T3V5XZ3VFA4HPE6YGJ2K4HHPC/",
+      "source": "meissner@suse.de"
+    },
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG5256D5I3GFA3RBAJQ2WYPJDYAIL74/",
       "source": "meissner@suse.de"

CVE-2023/CVE-2023-300xx/CVE-2023-30079.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-30079",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-08-22T19:16:36.190",
-  "lastModified": "2023-09-01T06:15:43.760",
+  "lastModified": "2023-09-07T02:15:07.933",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -79,6 +79,10 @@
         "Exploit"
       ]
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDD5GL5T3V5XZ3VFA4HPE6YGJ2K4HHPC/",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG5256D5I3GFA3RBAJQ2WYPJDYAIL74/",
       "source": "cve@mitre.org"

CVE-2023/CVE-2023-335xx/CVE-2023-33551.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-33551",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-06-01T15:15:09.050",
-  "lastModified": "2023-06-12T14:10:17.633",
+  "lastModified": "2023-09-07T03:15:08.103",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -72,6 +72,10 @@
         "Patch",
         "Third Party Advisory"
       ]
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHOIRL6XH5NYR3LYI3KP5DE4SDSQWR7W/",
+      "source": "cve@mitre.org"
     }
   ]
 }

CVE-2023/CVE-2023-335xx/CVE-2023-33552.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-33552",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-06-01T15:15:09.163",
-  "lastModified": "2023-06-12T14:27:41.910",
+  "lastModified": "2023-09-07T03:15:08.190",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -73,6 +73,10 @@
         "Patch",
         "Third Party Advisory"
       ]
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHOIRL6XH5NYR3LYI3KP5DE4SDSQWR7W/",
+      "source": "cve@mitre.org"
     }
   ]
 }

CVE-2023/CVE-2023-343xx/CVE-2023-34357.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-34357",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-09-07T03:15:08.263",
+  "lastModified": "2023-09-07T03:15:08.263",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nSoar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-640"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7347-2653e-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}

CVE-2023/CVE-2023-403xx/CVE-2023-40305.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-40305",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-08-14T06:15:09.683",
-  "lastModified": "2023-08-29T18:28:13.013",
+  "lastModified": "2023-09-07T03:15:08.413",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -71,6 +71,10 @@
         "Product"
       ]
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W6SL3NKMH5R4S5PD2O3MTC2UR4SBVHK/",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://savannah.gnu.org/bugs/index.php?64503",
       "source": "cve@mitre.org",

CVE-2023/CVE-2023-47xx/CVE-2023-4733.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-4733",
   "sourceIdentifier": "security@huntr.dev",
   "published": "2023-09-04T14:15:07.563",
-  "lastModified": "2023-09-05T06:50:39.603",
+  "lastModified": "2023-09-07T03:15:08.517",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Undergoing Analysis",
   "descriptions": [
     {
       "lang": "en",
@@ -54,6 +54,10 @@
     {
       "url": "https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217",
       "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/",
+      "source": "security@huntr.dev"
     }
   ]
 }

CVE-2023/CVE-2023-47xx/CVE-2023-4750.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-4750",
   "sourceIdentifier": "security@huntr.dev",
   "published": "2023-09-04T14:15:08.263",
-  "lastModified": "2023-09-05T06:50:39.603",
+  "lastModified": "2023-09-07T03:15:08.620",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Undergoing Analysis",
   "descriptions": [
     {
       "lang": "en",
@@ -54,6 +54,10 @@
     {
       "url": "https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea",
       "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/",
+      "source": "security@huntr.dev"
     }
   ]
 }

CVE-2023/CVE-2023-47xx/CVE-2023-4752.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-4752",
   "sourceIdentifier": "security@huntr.dev",
   "published": "2023-09-04T14:15:08.450",
-  "lastModified": "2023-09-05T06:50:39.603",
+  "lastModified": "2023-09-07T03:15:08.713",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Undergoing Analysis",
   "descriptions": [
     {
       "lang": "en",
@@ -54,6 +54,10 @@
     {
       "url": "https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757",
       "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/",
+      "source": "security@huntr.dev"
     }
   ]
 }

CVE-2023/CVE-2023-47xx/CVE-2023-4772.json

@@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-4772",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-09-07T02:15:08.033",
+  "lastModified": "2023-09-07T02:15:08.033",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/newsletter/tags/7.8.9/subscription/subscription.php#L1653",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2955097/newsletter#file21",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/87da5300-1add-44fc-a3e0-e8912f946c84?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-47xx/CVE-2023-4792.json

@@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-4792",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-09-07T02:15:08.163",
+  "lastModified": "2023-09-07T02:15:08.163",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/duplicate-post-page-menu-custom-post-type/trunk/duplicate-post-page-menu-cpt.php?rev=2871256#L383",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2963515%40duplicate-post-page-menu-custom-post-type&new=2963515%40duplicate-post-page-menu-custom-post-type&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6bb08e8-9ef5-41db-a111-c377a5dfae77?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-09-07T02:00:25.179617+00:00
+2023-09-07T04:00:25.134761+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-09-07T01:10:21.083000+00:00
+2023-09-07T03:15:08.713000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,44 +29,32 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-224421
+224424
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `0`
+Recently added CVEs: `3`
 
+* [CVE-2023-4772](CVE-2023/CVE-2023-47xx/CVE-2023-4772.json) (`2023-09-07T02:15:08.033`)
+* [CVE-2023-4792](CVE-2023/CVE-2023-47xx/CVE-2023-4792.json) (`2023-09-07T02:15:08.163`)
+* [CVE-2023-34357](CVE-2023/CVE-2023-343xx/CVE-2023-34357.json) (`2023-09-07T03:15:08.263`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `197`
+Recently modified CVEs: `10`
 
-* [CVE-2023-20243](CVE-2023/CVE-2023-202xx/CVE-2023-20243.json) (`2023-09-07T01:10:21.083`)
+* [CVE-2022-34300](CVE-2022/CVE-2022-343xx/CVE-2022-34300.json) (`2023-09-07T03:15:07.537`)
-* [CVE-2023-20263](CVE-2023/CVE-2023-202xx/CVE-2023-20263.json) (`2023-09-07T01:10:21.083`)
+* [CVE-2022-41717](CVE-2022/CVE-2022-417xx/CVE-2022-41717.json) (`2023-09-07T03:15:07.973`)
-* [CVE-2023-20269](CVE-2023/CVE-2023-202xx/CVE-2023-20269.json) (`2023-09-07T01:10:21.083`)
+* [CVE-2023-22652](CVE-2023/CVE-2023-226xx/CVE-2023-22652.json) (`2023-09-07T02:15:07.570`)
-* [CVE-2023-38484](CVE-2023/CVE-2023-384xx/CVE-2023-38484.json) (`2023-09-07T01:10:21.083`)
+* [CVE-2023-30079](CVE-2023/CVE-2023-300xx/CVE-2023-30079.json) (`2023-09-07T02:15:07.933`)
-* [CVE-2023-38485](CVE-2023/CVE-2023-384xx/CVE-2023-38485.json) (`2023-09-07T01:10:21.083`)
+* [CVE-2023-33551](CVE-2023/CVE-2023-335xx/CVE-2023-33551.json) (`2023-09-07T03:15:08.103`)
-* [CVE-2023-38486](CVE-2023/CVE-2023-384xx/CVE-2023-38486.json) (`2023-09-07T01:10:21.083`)
+* [CVE-2023-33552](CVE-2023/CVE-2023-335xx/CVE-2023-33552.json) (`2023-09-07T03:15:08.190`)
-* [CVE-2023-39511](CVE-2023/CVE-2023-395xx/CVE-2023-39511.json) (`2023-09-07T01:10:21.083`)
+* [CVE-2023-40305](CVE-2023/CVE-2023-403xx/CVE-2023-40305.json) (`2023-09-07T03:15:08.413`)
-* [CVE-2023-41050](CVE-2023/CVE-2023-410xx/CVE-2023-41050.json) (`2023-09-07T01:10:21.083`)
+* [CVE-2023-4733](CVE-2023/CVE-2023-47xx/CVE-2023-4733.json) (`2023-09-07T03:15:08.517`)
-* [CVE-2023-41319](CVE-2023/CVE-2023-413xx/CVE-2023-41319.json) (`2023-09-07T01:10:21.083`)
+* [CVE-2023-4750](CVE-2023/CVE-2023-47xx/CVE-2023-4750.json) (`2023-09-07T03:15:08.620`)
-* [CVE-2023-41328](CVE-2023/CVE-2023-413xx/CVE-2023-41328.json) (`2023-09-07T01:10:21.083`)
+* [CVE-2023-4752](CVE-2023/CVE-2023-47xx/CVE-2023-4752.json) (`2023-09-07T03:15:08.713`)
-* [CVE-2023-41330](CVE-2023/CVE-2023-413xx/CVE-2023-41330.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-40591](CVE-2023/CVE-2023-405xx/CVE-2023-40591.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-41601](CVE-2023/CVE-2023-416xx/CVE-2023-41601.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-4809](CVE-2023/CVE-2023-48xx/CVE-2023-4809.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-23623](CVE-2023/CVE-2023-236xx/CVE-2023-23623.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-29198](CVE-2023/CVE-2023-291xx/CVE-2023-29198.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-38605](CVE-2023/CVE-2023-386xx/CVE-2023-38605.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-38616](CVE-2023/CVE-2023-386xx/CVE-2023-38616.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-39956](CVE-2023/CVE-2023-399xx/CVE-2023-39956.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-39967](CVE-2023/CVE-2023-399xx/CVE-2023-39967.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-40392](CVE-2023/CVE-2023-403xx/CVE-2023-40392.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-40397](CVE-2023/CVE-2023-403xx/CVE-2023-40397.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-41053](CVE-2023/CVE-2023-410xx/CVE-2023-41053.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-41327](CVE-2023/CVE-2023-413xx/CVE-2023-41327.json) (`2023-09-07T01:10:21.083`)
-* [CVE-2023-41329](CVE-2023/CVE-2023-413xx/CVE-2023-41329.json) (`2023-09-07T01:10:21.083`)
 
 
 ## Download and Usage