From 1e6be0e034b6857d9f48b2330880a72357af0ec7 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 10 Aug 2023 14:00:36 +0000 Subject: [PATCH] Auto-Update: 2023-08-10T14:00:32.566155+00:00 --- CVE-2022/CVE-2022-278xx/CVE-2022-27861.json | 4 +- CVE-2022/CVE-2022-446xx/CVE-2022-44629.json | 4 +- CVE-2022/CVE-2022-473xx/CVE-2022-47350.json | 135 +++++++++++++++++++- CVE-2023/CVE-2023-237xx/CVE-2023-23798.json | 4 +- CVE-2023/CVE-2023-238xx/CVE-2023-23826.json | 4 +- CVE-2023/CVE-2023-238xx/CVE-2023-23828.json | 55 ++++++++ CVE-2023/CVE-2023-238xx/CVE-2023-23871.json | 4 +- CVE-2023/CVE-2023-239xx/CVE-2023-23900.json | 55 ++++++++ CVE-2023/CVE-2023-240xx/CVE-2023-24009.json | 4 +- CVE-2023/CVE-2023-243xx/CVE-2023-24389.json | 4 +- CVE-2023/CVE-2023-243xx/CVE-2023-24391.json | 55 ++++++++ CVE-2023/CVE-2023-243xx/CVE-2023-24393.json | 55 ++++++++ CVE-2023/CVE-2023-263xx/CVE-2023-26309.json | 4 +- CVE-2023/CVE-2023-263xx/CVE-2023-26311.json | 4 +- CVE-2023/CVE-2023-287xx/CVE-2023-28779.json | 55 ++++++++ CVE-2023/CVE-2023-304xx/CVE-2023-30481.json | 55 ++++++++ CVE-2023/CVE-2023-306xx/CVE-2023-30654.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30679.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30680.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30681.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30682.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30683.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30684.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30685.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30686.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30687.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30688.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30689.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30691.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30693.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30694.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30695.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30696.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30697.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30698.json | 4 +- CVE-2023/CVE-2023-306xx/CVE-2023-30699.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30700.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30701.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30702.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30703.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30704.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30705.json | 4 +- CVE-2023/CVE-2023-312xx/CVE-2023-31209.json | 4 +- CVE-2023/CVE-2023-343xx/CVE-2023-34374.json | 55 ++++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36530.json | 55 ++++++++ CVE-2023/CVE-2023-370xx/CVE-2023-37069.json | 24 ++++ CVE-2023/CVE-2023-379xx/CVE-2023-37983.json | 55 ++++++++ CVE-2023/CVE-2023-379xx/CVE-2023-37988.json | 4 +- CVE-2023/CVE-2023-37xx/CVE-2023-3766.json | 63 ++++++++- CVE-2023/CVE-2023-387xx/CVE-2023-38700.json | 69 +++++++++- CVE-2023/CVE-2023-393xx/CVE-2023-39314.json | 55 ++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39344.json | 52 +++++++- CVE-2023/CVE-2023-42xx/CVE-2023-4276.json | 8 +- CVE-2023/CVE-2023-42xx/CVE-2023-4277.json | 8 +- CVE-2023/CVE-2023-42xx/CVE-2023-4282.json | 67 ++++++++++ CVE-2023/CVE-2023-42xx/CVE-2023-4283.json | 63 +++++++++ README.md | 57 +++++++-- 57 files changed, 1134 insertions(+), 110 deletions(-) create mode 100644 CVE-2023/CVE-2023-238xx/CVE-2023-23828.json create mode 100644 CVE-2023/CVE-2023-239xx/CVE-2023-23900.json create mode 100644 CVE-2023/CVE-2023-243xx/CVE-2023-24391.json create mode 100644 CVE-2023/CVE-2023-243xx/CVE-2023-24393.json create mode 100644 CVE-2023/CVE-2023-287xx/CVE-2023-28779.json create mode 100644 CVE-2023/CVE-2023-304xx/CVE-2023-30481.json create mode 100644 CVE-2023/CVE-2023-343xx/CVE-2023-34374.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36530.json create mode 100644 CVE-2023/CVE-2023-370xx/CVE-2023-37069.json create mode 100644 CVE-2023/CVE-2023-379xx/CVE-2023-37983.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39314.json create mode 100644 CVE-2023/CVE-2023-42xx/CVE-2023-4282.json create mode 100644 CVE-2023/CVE-2023-42xx/CVE-2023-4283.json diff --git a/CVE-2022/CVE-2022-278xx/CVE-2022-27861.json b/CVE-2022/CVE-2022-278xx/CVE-2022-27861.json index 446f75499c7..b02caa3008a 100644 --- a/CVE-2022/CVE-2022-278xx/CVE-2022-27861.json +++ b/CVE-2022/CVE-2022-278xx/CVE-2022-27861.json @@ -2,8 +2,8 @@ "id": "CVE-2022-27861", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-10T10:15:09.603", - "lastModified": "2023-08-10T10:15:09.603", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-446xx/CVE-2022-44629.json b/CVE-2022/CVE-2022-446xx/CVE-2022-44629.json index 4f3d5964219..4dc0a93012f 100644 --- a/CVE-2022/CVE-2022-446xx/CVE-2022-44629.json +++ b/CVE-2022/CVE-2022-446xx/CVE-2022-44629.json @@ -2,8 +2,8 @@ "id": "CVE-2022-44629", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-10T10:15:09.873", - "lastModified": "2023-08-10T10:15:09.873", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47350.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47350.json index d2f3d9ef938..e237f94b857 100644 --- a/CVE-2022/CVE-2022-473xx/CVE-2022-47350.json +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47350.json @@ -2,19 +2,146 @@ "id": "CVE-2022-47350", "sourceIdentifier": "security@unisoc.com", "published": "2023-08-07T02:15:09.770", - "lastModified": "2023-08-07T12:57:26.370", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-10T13:49:45.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23798.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23798.json index b153e029033..defa0065515 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23798.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23798.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23798", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-10T11:15:10.987", - "lastModified": "2023-08-10T11:15:10.987", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23826.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23826.json index 7f5eb31d153..b736ecae7cc 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23826.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23826.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23826", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-10T10:15:09.983", - "lastModified": "2023-08-10T10:15:09.983", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23828.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23828.json new file mode 100644 index 00000000000..089d3093e82 --- /dev/null +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23828.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23828", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-10T13:15:09.733", + "lastModified": "2023-08-10T13:15:09.733", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Swashata WP Category Post List Widget plugin <=\u00a02.0.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-category-posts-list/wordpress-wp-category-post-list-widget-plugin-2-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23871.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23871.json index d673945fbb0..4eb554565fd 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23871.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23871.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23871", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-10T11:15:11.593", - "lastModified": "2023-08-10T11:15:11.593", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23900.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23900.json new file mode 100644 index 00000000000..48041b78a3b --- /dev/null +++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23900.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23900", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-10T12:15:10.113", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <=\u00a06.8.8 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/yikes-inc-easy-mailchimp-extender/wordpress-easy-forms-for-mailchimp-plugin-6-8-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24009.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24009.json index eaaa5965776..d81a767df35 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24009.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24009.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24009", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-10T11:15:11.913", - "lastModified": "2023-08-10T11:15:11.913", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24389.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24389.json index 8b1c2346753..851afd1364b 100644 --- a/CVE-2023/CVE-2023-243xx/CVE-2023-24389.json +++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24389.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24389", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-10T10:15:10.077", - "lastModified": "2023-08-10T10:15:10.077", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24391.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24391.json new file mode 100644 index 00000000000..d117fe6d7f1 --- /dev/null +++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24391.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-24391", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-10T13:15:10.033", + "lastModified": "2023-08-10T13:15:10.033", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <=\u00a02.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/apply-online/wordpress-applyonline-application-form-builder-and-manager-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24393.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24393.json new file mode 100644 index 00000000000..3acffd260e0 --- /dev/null +++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24393.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-24393", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-10T13:15:10.150", + "lastModified": "2023-08-10T13:15:10.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <=\u00a01.6 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/animated-number-counters/wordpress-animated-number-counters-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26309.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26309.json index 25741851f4a..db7d3b41c37 100644 --- a/CVE-2023/CVE-2023-263xx/CVE-2023-26309.json +++ b/CVE-2023/CVE-2023-263xx/CVE-2023-26309.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26309", "sourceIdentifier": "security@oppo.com", "published": "2023-08-10T09:15:09.623", - "lastModified": "2023-08-10T09:15:09.623", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26311.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26311.json index 63952777f86..97131a20e99 100644 --- a/CVE-2023/CVE-2023-263xx/CVE-2023-26311.json +++ b/CVE-2023/CVE-2023-263xx/CVE-2023-26311.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26311", "sourceIdentifier": "security@oppo.com", "published": "2023-08-10T11:15:12.140", - "lastModified": "2023-08-10T11:15:12.140", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28779.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28779.json new file mode 100644 index 00000000000..2f17c825ef9 --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28779.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28779", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-10T13:15:10.263", + "lastModified": "2023-08-10T13:15:10.263", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <=\u00a03.4.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/terms-descriptions/wordpress-terms-descriptions-plugin-3-4-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30481.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30481.json new file mode 100644 index 00000000000..fc323f4c9fd --- /dev/null +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30481.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30481", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-10T12:15:10.563", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <=\u00a03.2.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/agp-font-awesome-collection/wordpress-agp-font-awesome-collection-plugin-3-2-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30654.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30654.json index 65721def8bc..bf2b8c76391 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30654.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30654.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30654", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:10.487", - "lastModified": "2023-08-10T02:15:10.487", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30679.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30679.json index 7202f049267..60719c18532 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30679.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30679.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30679", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:10.610", - "lastModified": "2023-08-10T02:15:10.610", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30680.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30680.json index 2df181e56af..5a02e1548a5 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30680.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30680.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30680", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:10.713", - "lastModified": "2023-08-10T02:15:10.713", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30681.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30681.json index 080bf22f81f..829c4cff4eb 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30681.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30681.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30681", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:10.807", - "lastModified": "2023-08-10T02:15:10.807", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30682.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30682.json index e3f6d13ce86..b8a67551e8b 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30682.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30682.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30682", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:10.913", - "lastModified": "2023-08-10T02:15:10.913", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30683.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30683.json index 4812bbbe8a4..c378653ae00 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30683.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30683.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30683", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:11.007", - "lastModified": "2023-08-10T02:15:11.007", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30684.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30684.json index b8df2224f69..cfdc4b62ca6 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30684.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30684.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30684", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:11.097", - "lastModified": "2023-08-10T02:15:11.097", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30685.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30685.json index 7db4d1d32e9..72a298db327 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30685.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30685.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30685", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:11.190", - "lastModified": "2023-08-10T02:15:11.190", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30686.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30686.json index 713015e3d74..f43d6ad1cd2 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30686.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30686.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30686", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:11.273", - "lastModified": "2023-08-10T02:15:11.273", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30687.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30687.json index 69297dffcfb..aa22884807e 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30687.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30687.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30687", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:11.367", - "lastModified": "2023-08-10T02:15:11.367", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30688.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30688.json index 6d1b4f1d438..1c10ca9e3d9 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30688.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30688.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30688", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:11.457", - "lastModified": "2023-08-10T02:15:11.457", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30689.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30689.json index 34806e52149..b104993b44d 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30689.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30689.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30689", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:11.547", - "lastModified": "2023-08-10T02:15:11.547", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30691.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30691.json index 5b37e71c750..ac91040c9db 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30691.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30691.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30691", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:11.630", - "lastModified": "2023-08-10T02:15:11.630", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30693.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30693.json index 58ba78fa574..3b993496838 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30693.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30693.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30693", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:11.730", - "lastModified": "2023-08-10T02:15:11.730", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30694.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30694.json index 5161e3b7ab8..b0a66b6b742 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30694.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30694.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30694", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:11.817", - "lastModified": "2023-08-10T02:15:11.817", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30695.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30695.json index 66c1b2384cd..68904aa0594 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30695.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30695.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30695", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:11.903", - "lastModified": "2023-08-10T02:15:11.903", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30696.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30696.json index 3cf299d80ff..4a13f7b5ef8 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30696.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30696.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30696", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:12.000", - "lastModified": "2023-08-10T02:15:12.000", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30697.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30697.json index 3d08ba9ea7b..605f290fd1c 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30697.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30697.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30697", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:12.077", - "lastModified": "2023-08-10T02:15:12.077", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30698.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30698.json index 8c1736bb32c..92d5a42d848 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30698.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30698.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30698", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:12.173", - "lastModified": "2023-08-10T02:15:12.173", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30699.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30699.json index e312efd830e..bb31bc415da 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30699.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30699.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30699", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:12.267", - "lastModified": "2023-08-10T02:15:12.267", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30700.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30700.json index 74374697f07..c67af380da3 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30700.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30700.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30700", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:12.360", - "lastModified": "2023-08-10T02:15:12.360", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30701.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30701.json index 46db8f3bf8a..9586cac8294 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30701.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30701.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30701", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:12.453", - "lastModified": "2023-08-10T02:15:12.453", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30702.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30702.json index 1f28b49a8cd..60425496b0a 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30702.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30702.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30702", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:12.547", - "lastModified": "2023-08-10T02:15:12.547", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30703.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30703.json index cd625c362ac..db05e984c18 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30703.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30703.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30703", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:12.650", - "lastModified": "2023-08-10T02:15:12.650", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30704.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30704.json index e6ba70e96da..1c88197aa55 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30704.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30704.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30704", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:12.737", - "lastModified": "2023-08-10T02:15:12.737", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30705.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30705.json index 41412472194..45deac12941 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30705.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30705.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30705", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-08-10T02:15:12.827", - "lastModified": "2023-08-10T02:15:12.827", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31209.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31209.json index 2450dff8a58..5b4b19a2b81 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31209.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31209.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31209", "sourceIdentifier": "security@checkmk.com", "published": "2023-08-10T09:15:12.123", - "lastModified": "2023-08-10T09:15:12.123", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34374.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34374.json new file mode 100644 index 00000000000..9c6106ec31c --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34374.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34374", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-10T12:15:10.973", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Rahul Aryan AnsPress plugin <=\u00a04.3.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/anspress-question-answer/wordpress-anspress-question-and-answer-plugin-4-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36530.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36530.json new file mode 100644 index 00000000000..9f9541f3210 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36530.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-36530", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-10T12:15:11.347", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <=\u00a04.67 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manager-plugin-4-67-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37069.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37069.json new file mode 100644 index 00000000000..f383b9b0475 --- /dev/null +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37069.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-37069", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-10T13:15:10.373", + "lastModified": "2023-08-10T13:15:10.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://code-projects.org/online-hospital-management-system-in-php-with-source-code/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37069-Exploit.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37983.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37983.json new file mode 100644 index 00000000000..4ab8addb76d --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37983.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37983", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-10T13:15:10.443", + "lastModified": "2023-08-10T13:15:10.443", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in No\u00ebl Jackson Art Direction plugin <=\u00a00.2.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/art-direction/wordpress-art-direction-plugin-0-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37988.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37988.json index fe658e7d9d5..b4ffdb3b8eb 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37988.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37988.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37988", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-10T11:15:12.427", - "lastModified": "2023-08-10T11:15:12.427", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3766.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3766.json index f8d8a290dfb..00ec470c98c 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3766.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3766.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3766", "sourceIdentifier": "cna@cloudflare.com", "published": "2023-08-03T15:15:32.097", - "lastModified": "2023-08-03T15:37:04.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-10T14:00:07.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + }, { "source": "cna@cloudflare.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "cna@cloudflare.com", "type": "Secondary", @@ -46,14 +76,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cloudflare:odoh-rs:*:*:*:*:*:rust:*:*", + "versionEndExcluding": "1.0.2", + "matchCriteriaId": "B3221FFC-89CD-49F9-B571-82AF6E35E693" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cloudflare/odoh-rs/pull/28", - "source": "cna@cloudflare.com" + "source": "cna@cloudflare.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/cloudflare/odoh-rs/security/advisories/GHSA-gpcv-p28p-fv2p", - "source": "cna@cloudflare.com" + "source": "cna@cloudflare.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38700.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38700.json index db58a877a64..e341be3af8b 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38700.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38700.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38700", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-04T19:15:09.697", - "lastModified": "2023-08-06T12:01:17.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-10T13:48:14.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:matrix:matrix-appservice-irc:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "1.0.1", + "matchCriteriaId": "D782170E-C590-428D-ACE7-29E22D4D6235" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/matrix-org/matrix-appservice-irc/commit/8bbd2b69a16cbcbeffdd9b5c973fd89d61498d75", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/matrix-org/matrix-appservice-irc/releases/tag/1.0.1", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c7hh-3v6c-fj4q", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39314.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39314.json new file mode 100644 index 00000000000..f95a2672b4d --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39314.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39314", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-10T13:15:10.557", + "lastModified": "2023-08-10T13:15:10.557", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <=\u00a03.30.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-30-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39344.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39344.json index 3fe6ce9fb21..ef06568d646 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39344.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39344.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39344", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-04T20:15:10.207", - "lastModified": "2023-08-06T12:01:17.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-10T12:47:00.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fobybus:social-media-skeleton:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6E0A924E-3B60-4C07-981C-A39EC940BEB7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/fobybus/social-media-skeleton/commit/3cabdd35c3d874608883c9eaf9bf69b2014d25c1", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-857x-p6fq-mgfh", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4276.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4276.json index 9fd27c83cf1..1522ff185e9 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4276.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4276.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4276", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-10T07:15:37.463", - "lastModified": "2023-08-10T07:15:37.463", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El plugin Absolute Privacy para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 2.1 inclusive. Esto se debe a la falta de validaci\u00f3n nonce en la funci\u00f3n \"abpr_profileShortcode\". Esto hace posible que los atacantes no autenticados cambien el correo electr\u00f3nico y la contrase\u00f1a del usuario, a trav\u00e9s de una solicitud manipulada concedida, y puedan enga\u00f1ar a un administrador del sitio para realizar una acci\u00f3n como hacer hacer clic en un enlace. " } ], "metrics": { diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4277.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4277.json index 874ff23a88d..d11bae55376 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4277.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4277.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4277", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-10T07:15:37.797", - "lastModified": "2023-08-10T07:15:37.797", - "vulnStatus": "Received", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the 'process_change_profile_form' function. This makes it possible for unauthenticated attackers to change user email via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El plugin Realia para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 1.4.0 inclusive. Esto se debe a la falta de validaci\u00f3n nonce en la funci\u00f3n \"process_change_profile_form\". Esto hace posible que los atacantes no autenticados cambien el correo electr\u00f3nico del usuario, a trav\u00e9s de una solicitud manipulada concedida, y puedan enga\u00f1ar a un administrador del sitio para realizar una acci\u00f3n como hacer clic en un enlace. " } ], "metrics": { diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4282.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4282.json new file mode 100644 index 00000000000..06cde579510 --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4282.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-4282", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-08-10T12:15:12.000", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/3.8.2/EmbedPress/ThirdParty/Googlecalendar/Embedpress_Google_Helper.php#L801", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/3.8.2/EmbedPress/ThirdParty/Googlecalendar/Embedpress_Google_Helper.php#L807", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2950211/embedpress#file18", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fa2ec9e-2859-4a96-9e33-9e22d37e544f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4283.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4283.json new file mode 100644 index 00000000000..c9f01298e7f --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4283.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-4283", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-08-10T12:15:12.440", + "lastModified": "2023-08-10T12:43:50.693", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/3.8.2/EmbedPress/ThirdParty/Googlecalendar/Embedpress_Google_Helper.php#L522", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2950211/embedpress#file18", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b340eda1-e9d2-40b6-89f9-41d995ce3555?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ca653e26fc9..ec176604d67 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-10T12:00:29.478765+00:00 +2023-08-10T14:00:32.566155+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-10T11:15:12.427000+00:00 +2023-08-10T14:00:07.877000+00:00 ``` ### Last Data Feed Release @@ -29,28 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222252 +222265 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `13` -* [CVE-2022-27861](CVE-2022/CVE-2022-278xx/CVE-2022-27861.json) (`2023-08-10T10:15:09.603`) -* [CVE-2022-44629](CVE-2022/CVE-2022-446xx/CVE-2022-44629.json) (`2023-08-10T10:15:09.873`) -* [CVE-2023-23826](CVE-2023/CVE-2023-238xx/CVE-2023-23826.json) (`2023-08-10T10:15:09.983`) -* [CVE-2023-24389](CVE-2023/CVE-2023-243xx/CVE-2023-24389.json) (`2023-08-10T10:15:10.077`) -* [CVE-2023-23798](CVE-2023/CVE-2023-237xx/CVE-2023-23798.json) (`2023-08-10T11:15:10.987`) -* [CVE-2023-23871](CVE-2023/CVE-2023-238xx/CVE-2023-23871.json) (`2023-08-10T11:15:11.593`) -* [CVE-2023-24009](CVE-2023/CVE-2023-240xx/CVE-2023-24009.json) (`2023-08-10T11:15:11.913`) -* [CVE-2023-26311](CVE-2023/CVE-2023-263xx/CVE-2023-26311.json) (`2023-08-10T11:15:12.140`) -* [CVE-2023-37988](CVE-2023/CVE-2023-379xx/CVE-2023-37988.json) (`2023-08-10T11:15:12.427`) +* [CVE-2023-23900](CVE-2023/CVE-2023-239xx/CVE-2023-23900.json) (`2023-08-10T12:15:10.113`) +* [CVE-2023-30481](CVE-2023/CVE-2023-304xx/CVE-2023-30481.json) (`2023-08-10T12:15:10.563`) +* [CVE-2023-34374](CVE-2023/CVE-2023-343xx/CVE-2023-34374.json) (`2023-08-10T12:15:10.973`) +* [CVE-2023-36530](CVE-2023/CVE-2023-365xx/CVE-2023-36530.json) (`2023-08-10T12:15:11.347`) +* [CVE-2023-4282](CVE-2023/CVE-2023-42xx/CVE-2023-4282.json) (`2023-08-10T12:15:12.000`) +* [CVE-2023-4283](CVE-2023/CVE-2023-42xx/CVE-2023-4283.json) (`2023-08-10T12:15:12.440`) +* [CVE-2023-23828](CVE-2023/CVE-2023-238xx/CVE-2023-23828.json) (`2023-08-10T13:15:09.733`) +* [CVE-2023-24391](CVE-2023/CVE-2023-243xx/CVE-2023-24391.json) (`2023-08-10T13:15:10.033`) +* [CVE-2023-24393](CVE-2023/CVE-2023-243xx/CVE-2023-24393.json) (`2023-08-10T13:15:10.150`) +* [CVE-2023-28779](CVE-2023/CVE-2023-287xx/CVE-2023-28779.json) (`2023-08-10T13:15:10.263`) +* [CVE-2023-37069](CVE-2023/CVE-2023-370xx/CVE-2023-37069.json) (`2023-08-10T13:15:10.373`) +* [CVE-2023-37983](CVE-2023/CVE-2023-379xx/CVE-2023-37983.json) (`2023-08-10T13:15:10.443`) +* [CVE-2023-39314](CVE-2023/CVE-2023-393xx/CVE-2023-39314.json) (`2023-08-10T13:15:10.557`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `43` +* [CVE-2023-30695](CVE-2023/CVE-2023-306xx/CVE-2023-30695.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-30696](CVE-2023/CVE-2023-306xx/CVE-2023-30696.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-30697](CVE-2023/CVE-2023-306xx/CVE-2023-30697.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-30698](CVE-2023/CVE-2023-306xx/CVE-2023-30698.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-30699](CVE-2023/CVE-2023-306xx/CVE-2023-30699.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-30700](CVE-2023/CVE-2023-307xx/CVE-2023-30700.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-30701](CVE-2023/CVE-2023-307xx/CVE-2023-30701.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-30702](CVE-2023/CVE-2023-307xx/CVE-2023-30702.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-30703](CVE-2023/CVE-2023-307xx/CVE-2023-30703.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-30704](CVE-2023/CVE-2023-307xx/CVE-2023-30704.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-30705](CVE-2023/CVE-2023-307xx/CVE-2023-30705.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-4276](CVE-2023/CVE-2023-42xx/CVE-2023-4276.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-4277](CVE-2023/CVE-2023-42xx/CVE-2023-4277.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-26309](CVE-2023/CVE-2023-263xx/CVE-2023-26309.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-31209](CVE-2023/CVE-2023-312xx/CVE-2023-31209.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-23826](CVE-2023/CVE-2023-238xx/CVE-2023-23826.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-24389](CVE-2023/CVE-2023-243xx/CVE-2023-24389.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-23798](CVE-2023/CVE-2023-237xx/CVE-2023-23798.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-23871](CVE-2023/CVE-2023-238xx/CVE-2023-23871.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-24009](CVE-2023/CVE-2023-240xx/CVE-2023-24009.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-26311](CVE-2023/CVE-2023-263xx/CVE-2023-26311.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-37988](CVE-2023/CVE-2023-379xx/CVE-2023-37988.json) (`2023-08-10T12:43:50.693`) +* [CVE-2023-39344](CVE-2023/CVE-2023-393xx/CVE-2023-39344.json) (`2023-08-10T12:47:00.707`) +* [CVE-2023-38700](CVE-2023/CVE-2023-387xx/CVE-2023-38700.json) (`2023-08-10T13:48:14.993`) +* [CVE-2023-3766](CVE-2023/CVE-2023-37xx/CVE-2023-3766.json) (`2023-08-10T14:00:07.877`) ## Download and Usage