Auto-Update: 2023-11-22T09:00:17.662912+00:00

CVE-2023/CVE-2023-24xx/CVE-2023-2446.json

@@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-2446",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-11-22T08:15:07.020",
+  "lastModified": "2023-11-22T08:15:07.020",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-24xx/CVE-2023-2447.json

@@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-2447",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-11-22T08:15:07.410",
+  "lastModified": "2023-11-22T08:15:07.410",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0372efe4-b5be-4601-be43-5c12332ea1a5?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-290xx/CVE-2023-29069.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-29069",
+  "sourceIdentifier": "psirt@autodesk.com",
+  "published": "2023-11-22T07:15:07.240",
+  "lastModified": "2023-11-22T07:15:07.240",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability.\n"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0013",
+      "source": "psirt@autodesk.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-411xx/CVE-2023-41145.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-41145",
+  "sourceIdentifier": "psirt@autodesk.com",
+  "published": "2023-11-22T07:15:07.420",
+  "lastModified": "2023-11-22T07:15:07.420",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Autodesk users who no longer have an active license for an account can still access cases for that account.\n"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0020",
+      "source": "psirt@autodesk.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-411xx/CVE-2023-41146.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-41146",
+  "sourceIdentifier": "psirt@autodesk.com",
+  "published": "2023-11-22T07:15:07.473",
+  "lastModified": "2023-11-22T07:15:07.473",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Autodesk Customer Support Portal allows cases created by users under an account to see cases created by other users on the same account.\n"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0020",
+      "source": "psirt@autodesk.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-470xx/CVE-2023-47016.json

@@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-47016",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-22T07:15:07.530",
+  "lastModified": "2023-11-22T07:15:07.530",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://gist.github.com/gandalf4a/65705be4f84269cb7cd725a1d4ab2ffa",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/radareorg/radare2/issues/22349",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-473xx/CVE-2023-47392.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-47392",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-22T07:15:07.587",
+  "lastModified": "2023-11-22T07:15:07.587",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://gist.github.com/wwwziziyu/d0ae135b8075f6db735d75135254e7a1",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-473xx/CVE-2023-47393.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-47393",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-22T07:15:07.633",
+  "lastModified": "2023-11-22T07:15:07.633",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://gist.github.com/wwwziziyu/7dbf7fd43f9e304ce0819f8a9784d2c6",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-11-22T07:00:17.940178+00:00
+2023-11-22T09:00:17.662912+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-11-22T06:15:43.123000+00:00
+2023-11-22T08:15:07.410000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,15 +29,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-231262
+231270
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `8`
 
-* [CVE-2023-46814](CVE-2023/CVE-2023-468xx/CVE-2023-46814.json) (`2023-11-22T05:15:07.837`)
-* [CVE-2023-48161](CVE-2023/CVE-2023-481xx/CVE-2023-48161.json) (`2023-11-22T06:15:43.123`)
+* [CVE-2023-29069](CVE-2023/CVE-2023-290xx/CVE-2023-29069.json) (`2023-11-22T07:15:07.240`)
+* [CVE-2023-41145](CVE-2023/CVE-2023-411xx/CVE-2023-41145.json) (`2023-11-22T07:15:07.420`)
+* [CVE-2023-41146](CVE-2023/CVE-2023-411xx/CVE-2023-41146.json) (`2023-11-22T07:15:07.473`)
+* [CVE-2023-47016](CVE-2023/CVE-2023-470xx/CVE-2023-47016.json) (`2023-11-22T07:15:07.530`)
+* [CVE-2023-47392](CVE-2023/CVE-2023-473xx/CVE-2023-47392.json) (`2023-11-22T07:15:07.587`)
+* [CVE-2023-47393](CVE-2023/CVE-2023-473xx/CVE-2023-47393.json) (`2023-11-22T07:15:07.633`)
+* [CVE-2023-2446](CVE-2023/CVE-2023-24xx/CVE-2023-2446.json) (`2023-11-22T08:15:07.020`)
+* [CVE-2023-2447](CVE-2023/CVE-2023-24xx/CVE-2023-2447.json) (`2023-11-22T08:15:07.410`)
 
 
 ### CVEs modified in the last Commit