diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25152.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25152.json index ba45eb4a407..3953ec4009d 100644 --- a/CVE-2019/CVE-2019-251xx/CVE-2019-25152.json +++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25152.json @@ -2,8 +2,8 @@ "id": "CVE-2019-25152", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-22T02:15:47.730", - "lastModified": "2023-06-22T02:15:47.730", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47593.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47593.json new file mode 100644 index 00000000000..7331fa6e100 --- /dev/null +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47593.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47593", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T13:15:09.490", + "lastModified": "2023-06-22T13:15:09.490", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <=\u00a01.6.35 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/unusedcss/wordpress-rapidload-power-up-for-autoptimize-plugin-1-6-35-sql-injection?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0969.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0969.json index c66d1f7ad99..7d5f0c30485 100644 --- a/CVE-2023/CVE-2023-09xx/CVE-2023-0969.json +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0969.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0969", "sourceIdentifier": "product-security@silabs.com", "published": "2023-06-21T20:15:09.660", - "lastModified": "2023-06-21T20:15:09.660", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0970.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0970.json index 4a38e6510d1..6189f805546 100644 --- a/CVE-2023/CVE-2023-09xx/CVE-2023-0970.json +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0970.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0970", "sourceIdentifier": "product-security@silabs.com", "published": "2023-06-21T20:15:09.843", - "lastModified": "2023-06-21T20:15:09.843", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0971.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0971.json index b03e743b9bc..93c80da1ae1 100644 --- a/CVE-2023/CVE-2023-09xx/CVE-2023-0971.json +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0971.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0971", "sourceIdentifier": "product-security@silabs.com", "published": "2023-06-21T20:15:09.943", - "lastModified": "2023-06-21T20:15:09.943", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0972.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0972.json index 7669c1cc3f5..c52da241865 100644 --- a/CVE-2023/CVE-2023-09xx/CVE-2023-0972.json +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0972.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0972", "sourceIdentifier": "product-security@silabs.com", "published": "2023-06-21T20:15:10.023", - "lastModified": "2023-06-21T20:15:10.023", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20892.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20892.json new file mode 100644 index 00000000000..c7f59860302 --- /dev/null +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20892.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20892", + "sourceIdentifier": "security@vmware.com", + "published": "2023-06-22T12:15:09.870", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may exploit\u00a0heap-overflow vulnerability\u00a0to execute arbitrary code on the underlying operating system that hosts vCenter Server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20893.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20893.json new file mode 100644 index 00000000000..c4561b53749 --- /dev/null +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20893.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20893", + "sourceIdentifier": "security@vmware.com", + "published": "2023-06-22T12:15:10.490", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20894.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20894.json new file mode 100644 index 00000000000..db6ea2abe3a --- /dev/null +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20894.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20894", + "sourceIdentifier": "security@vmware.com", + "published": "2023-06-22T12:15:10.740", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20895.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20895.json new file mode 100644 index 00000000000..02c9300e06c --- /dev/null +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20895.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20895", + "sourceIdentifier": "security@vmware.com", + "published": "2023-06-22T12:15:10.893", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20896.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20896.json new file mode 100644 index 00000000000..f71ecc662f3 --- /dev/null +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20896.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20896", + "sourceIdentifier": "security@vmware.com", + "published": "2023-06-22T13:15:09.590", + "lastModified": "2023-06-22T13:15:09.590", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21124.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21124.json index a00a1e6850d..b9907839f4e 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21124.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21124.json @@ -2,19 +2,90 @@ "id": "CVE-2023-21124", "sourceIdentifier": "security@android.com", "published": "2023-06-15T19:15:09.673", - "lastModified": "2023-06-15T20:46:39.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T13:54:49.943", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265798353" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21128.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21128.json index 7ba3a730eac..0fc582a1195 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21128.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21128.json @@ -2,19 +2,90 @@ "id": "CVE-2023-21128", "sourceIdentifier": "security@android.com", "published": "2023-06-15T19:15:09.797", - "lastModified": "2023-06-15T20:46:39.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T13:49:33.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-272042183" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21129.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21129.json index e8e96bfdb58..37e12e074f5 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21129.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21129.json @@ -2,19 +2,89 @@ "id": "CVE-2023-21129", "sourceIdentifier": "security@android.com", "published": "2023-06-15T19:15:09.837", - "lastModified": "2023-06-15T20:46:39.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T13:40:11.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-274759612" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21130.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21130.json index eea8c2f58f9..ad5d4441fb7 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21130.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21130.json @@ -2,19 +2,75 @@ "id": "CVE-2023-21130", "sourceIdentifier": "security@android.com", "published": "2023-06-15T19:15:09.880", - "lastModified": "2023-06-15T20:46:39.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T13:39:25.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23795.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23795.json new file mode 100644 index 00000000000..29e64630de1 --- /dev/null +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23795.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23795", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:10.967", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <=\u00a01.9.9.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/contact-form-add/wordpress-form-builder-create-responsive-contact-forms-plugin-1-9-9-0-cross-site-request-forgery-csrf-leading-to-post-page-deletion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23807.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23807.json new file mode 100644 index 00000000000..d05d94e59a5 --- /dev/null +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23807.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23807", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:11.053", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qumos MojoPlug Slide Panel plugin <=\u00a01.1.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mojoplug-slide-panel/wordpress-mojoplug-slide-panel-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23811.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23811.json new file mode 100644 index 00000000000..acc16fe4c43 --- /dev/null +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23811.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23811", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:11.133", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neil Gee Smoothscroller plugin <=\u00a01.0.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/smoothscroller/wordpress-smoothscroller-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-242xx/CVE-2023-24261.json b/CVE-2023/CVE-2023-242xx/CVE-2023-24261.json index f1a56bc0bf9..93afc7a4806 100644 --- a/CVE-2023/CVE-2023-242xx/CVE-2023-24261.json +++ b/CVE-2023/CVE-2023-242xx/CVE-2023-24261.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24261", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-21T21:15:10.867", - "lastModified": "2023-06-21T21:15:10.867", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25435.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25435.json index 36adebfa350..6d7218d1c2c 100644 --- a/CVE-2023/CVE-2023-254xx/CVE-2023-25435.json +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25435.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25435", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-21T20:15:10.100", - "lastModified": "2023-06-21T20:15:10.100", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25499.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25499.json new file mode 100644 index 00000000000..91f1191510f --- /dev/null +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25499.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-25499", + "sourceIdentifier": "security@vaadin.com", + "published": "2023-06-22T13:15:09.660", + "lastModified": "2023-06-22T13:15:09.660", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vaadin.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@vaadin.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vaadin/flow/pull/15885", + "source": "security@vaadin.com" + }, + { + "url": "https://vaadin.com/security/CVE-2023-25499", + "source": "security@vaadin.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25500.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25500.json new file mode 100644 index 00000000000..b8d5087c266 --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25500.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25500", + "sourceIdentifier": "security@vaadin.com", + "published": "2023-06-22T13:15:09.737", + "lastModified": "2023-06-22T13:15:09.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in a potential information disclosure of class and method names in RPC responses by sending modified requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vaadin.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@vaadin.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vaadin/flow/pull/16935", + "source": "security@vaadin.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26115.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26115.json index 33d8a432c5a..8196d5f77f3 100644 --- a/CVE-2023/CVE-2023-261xx/CVE-2023-26115.json +++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26115.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26115", "sourceIdentifier": "report@snyk.io", "published": "2023-06-22T05:15:09.157", - "lastModified": "2023-06-22T05:15:09.157", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26534.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26534.json new file mode 100644 index 00000000000..1396bcfe498 --- /dev/null +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26534.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-26534", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:11.207", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneWebsite WP Repost plugin <=\u00a00.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-repost/wordpress-wp-repost-plugin-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26539.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26539.json new file mode 100644 index 00000000000..9bef81ca513 --- /dev/null +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26539.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-26539", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:11.277", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Chirkov Advanced Text Widget plugin <=\u00a02.1.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/advanced-text-widget/wordpress-advanced-text-widget-plugin-2-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27413.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27413.json index 305c44db688..79b02f22219 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27413.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27413.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27413", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T08:15:09.173", - "lastModified": "2023-06-22T08:15:09.173", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27452.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27452.json new file mode 100644 index 00000000000..77bcce6b3b5 --- /dev/null +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27452.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-27452", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:11.350", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator \u2013 easily Button Builder plugin <=\u00a02.3.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/button-generation/wordpress-button-generator-plugin-2-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-276xx/CVE-2023-27612.json b/CVE-2023/CVE-2023-276xx/CVE-2023-27612.json index 7b48be31ecc..b72323d577b 100644 --- a/CVE-2023/CVE-2023-276xx/CVE-2023-27612.json +++ b/CVE-2023/CVE-2023-276xx/CVE-2023-27612.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27612", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T08:15:09.277", - "lastModified": "2023-06-22T08:15:09.277", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-276xx/CVE-2023-27618.json b/CVE-2023/CVE-2023-276xx/CVE-2023-27618.json index 4c911c8422d..244a78f77f2 100644 --- a/CVE-2023/CVE-2023-276xx/CVE-2023-27618.json +++ b/CVE-2023/CVE-2023-276xx/CVE-2023-27618.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27618", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T09:15:10.873", - "lastModified": "2023-06-22T09:15:10.873", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-276xx/CVE-2023-27629.json b/CVE-2023/CVE-2023-276xx/CVE-2023-27629.json index 96491bd06c2..62b8312cc42 100644 --- a/CVE-2023/CVE-2023-276xx/CVE-2023-27629.json +++ b/CVE-2023/CVE-2023-276xx/CVE-2023-27629.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27629", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T08:15:09.353", - "lastModified": "2023-06-22T08:15:09.353", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-276xx/CVE-2023-27631.json b/CVE-2023/CVE-2023-276xx/CVE-2023-27631.json index f5912f2c7db..c6f832e6e2a 100644 --- a/CVE-2023/CVE-2023-276xx/CVE-2023-27631.json +++ b/CVE-2023/CVE-2023-276xx/CVE-2023-27631.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27631", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T08:15:09.433", - "lastModified": "2023-06-22T08:15:09.433", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28166.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28166.json index c9e8810a302..c4b7c8e1da6 100644 --- a/CVE-2023/CVE-2023-281xx/CVE-2023-28166.json +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28166.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28166", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T09:15:10.993", - "lastModified": "2023-06-22T09:15:10.993", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28171.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28171.json index 18e67aa5e23..60ac4b05c73 100644 --- a/CVE-2023/CVE-2023-281xx/CVE-2023-28171.json +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28171.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28171", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T09:15:11.070", - "lastModified": "2023-06-22T09:15:11.070", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28174.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28174.json new file mode 100644 index 00000000000..7a6eb389f38 --- /dev/null +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28174.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28174", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:11.423", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLightUp eRocket plugin <=\u00a01.2.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/erocket/wordpress-erocket-plugin-1-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28310.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28310.json index 65b37e7afd2..29b286a4d98 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28310.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28310.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28310", "sourceIdentifier": "secure@microsoft.com", "published": "2023-06-14T15:15:09.630", - "lastModified": "2023-06-14T15:30:49.300", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T12:55:20.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,10 +34,53 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*", + "matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*", + "matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*", + "matchCriteriaId": "583745C7-B802-4CBE-BD88-B5B9AF9B5371" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28418.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28418.json new file mode 100644 index 00000000000..279b34772dc --- /dev/null +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28418.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28418", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T13:15:09.797", + "lastModified": "2023-06-22T13:15:09.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Yudlee themes Mediciti Lite theme <=\u00a01.3.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mediciti-lite/wordpress-mediciti-lite-theme-1-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28423.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28423.json index d0c7fd02f92..42bf57e854b 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28423.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28423.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28423", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T09:15:11.147", - "lastModified": "2023-06-22T09:15:11.147", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28496.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28496.json index e4790de9771..83452cb6534 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28496.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28496.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28496", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T09:15:11.217", - "lastModified": "2023-06-22T09:15:11.217", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28534.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28534.json index d6f8bf2ee96..67b7f927ffa 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28534.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28534.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28534", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T09:15:11.297", - "lastModified": "2023-06-22T09:15:11.297", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28695.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28695.json index abcc4a25318..9e2f0ec008b 100644 --- a/CVE-2023/CVE-2023-286xx/CVE-2023-28695.json +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28695.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28695", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T09:15:11.373", - "lastModified": "2023-06-22T09:15:11.373", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28750.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28750.json new file mode 100644 index 00000000000..2551f37a1e5 --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28750.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28750", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:11.500", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <=\u00a04.6 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28774.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28774.json new file mode 100644 index 00000000000..7d318af9ea8 --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28774.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28774", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T13:15:09.870", + "lastModified": "2023-06-22T13:15:09.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grade Us, Inc. Review Stream plugin <=\u00a01.6.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/review-stream/wordpress-review-stream-plugin-1-6-5-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28776.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28776.json new file mode 100644 index 00000000000..a30428f3e65 --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28776.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28776", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:11.577", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <=\u00a01.0.15 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/continuous-image-carousel-with-lightbox/wordpress-continuous-image-carousel-with-lightbox-plugin-1-0-15-reflected-cross-site-scripting-xss-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28778.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28778.json new file mode 100644 index 00000000000..b32bb76a1ba --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28778.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28778", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:11.653", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <=\u00a01.2.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/pagination/wordpress-pagination-by-bestwebsoft-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28784.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28784.json new file mode 100644 index 00000000000..612a4bc5a20 --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28784.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28784", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:11.723", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <=\u00a021.1.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28956.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28956.json index 38bde4c66cd..514527d72c6 100644 --- a/CVE-2023/CVE-2023-289xx/CVE-2023-28956.json +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28956.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28956", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-22T02:15:48.717", - "lastModified": "2023-06-22T02:15:48.717", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29707.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29707.json index 0d522757378..457b3ae69bc 100644 --- a/CVE-2023/CVE-2023-297xx/CVE-2023-29707.json +++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29707.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29707", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-22T11:15:09.337", - "lastModified": "2023-06-22T11:15:09.337", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29708.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29708.json index 86467ec1291..c7b52348f97 100644 --- a/CVE-2023/CVE-2023-297xx/CVE-2023-29708.json +++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29708.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29708", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-22T11:15:09.390", - "lastModified": "2023-06-22T11:15:09.390", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29709.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29709.json index cef4ab6599d..f60e6ea7bd1 100644 --- a/CVE-2023/CVE-2023-297xx/CVE-2023-29709.json +++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29709.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29709", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-22T11:15:09.437", - "lastModified": "2023-06-22T11:15:09.437", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29711.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29711.json new file mode 100644 index 00000000000..2d0ac203adf --- /dev/null +++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29711.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-29711", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-22T12:15:11.793", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/shellpei/LINK-Unauthorized/blob/main/CVE-2023-29711", + "source": "cve@mitre.org" + }, + { + "url": "https://holistic-height-e6d.notion.site/LINK-PSG-5124-Switch-remote-command-vulnerability-da4fd8fb450d42879b07ef3a953a2366", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29931.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29931.json index 2db91962e39..c212756d077 100644 --- a/CVE-2023/CVE-2023-299xx/CVE-2023-29931.json +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29931.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29931", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-22T11:15:09.487", - "lastModified": "2023-06-22T11:15:09.487", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30500.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30500.json new file mode 100644 index 00000000000..8886b68cd9a --- /dev/null +++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30500.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-30500", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:11.847", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins <=\u00a01.8.1.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wpforms-lite/wordpress-wpforms-lite-plugin-1-8-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/wpforms/wordpress-wpforms-pro-plugin-1-8-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31213.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31213.json index 294e45089cf..c2c45960557 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31213.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31213.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31213", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T11:15:09.537", - "lastModified": "2023-06-22T11:15:09.537", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-318xx/CVE-2023-31867.json b/CVE-2023/CVE-2023-318xx/CVE-2023-31867.json new file mode 100644 index 00000000000..c1b0962f836 --- /dev/null +++ b/CVE-2023/CVE-2023-318xx/CVE-2023-31867.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31867", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-22T12:15:11.920", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://sage.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Digitemis/Advisory/blob/main/CVE-2023-31867.txt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-318xx/CVE-2023-31868.json b/CVE-2023/CVE-2023-318xx/CVE-2023-31868.json new file mode 100644 index 00000000000..76c752849a8 --- /dev/null +++ b/CVE-2023/CVE-2023-318xx/CVE-2023-31868.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31868", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-22T12:15:11.967", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is injected into those fields, this code will be saved by the application and executed by the web browser of the user viewing the web page. Several injection points have been identified on the application. The major one requires the user to be authenticated with a common account, he can then target an Administrator. All others endpoints need the malicious user to be authenticated as an Administrator. Therefore, the impact is diminished." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://sage.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Digitemis/Advisory/blob/main/CVE-2023-31868.txt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3110.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3110.json index e994d3b4365..4b2de57b2dc 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3110.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3110.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3110", "sourceIdentifier": "product-security@silabs.com", "published": "2023-06-21T20:15:10.263", - "lastModified": "2023-06-21T20:15:10.263", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32024.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32024.json index 329f7897540..bbf06b1192a 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32024.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32024.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32024", "sourceIdentifier": "secure@microsoft.com", "published": "2023-06-14T15:15:09.893", - "lastModified": "2023-06-14T15:30:49.300", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T13:34:21.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,10 +34,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:power_apps:-:*:*:*:*:*:*:*", + "matchCriteriaId": "420F7BF6-15F9-4C35-8F16-3C4E0066BFC1" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32024", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32031.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32031.json index bc6a5f583cc..46c65737ec4 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32031.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32031.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32031", "sourceIdentifier": "secure@microsoft.com", "published": "2023-06-14T15:15:10.013", - "lastModified": "2023-06-14T15:30:49.300", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T13:32:36.243", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,10 +34,53 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*", + "matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*", + "matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*", + "matchCriteriaId": "583745C7-B802-4CBE-BD88-B5B9AF9B5371" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32239.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32239.json new file mode 100644 index 00000000000..137a61d11d0 --- /dev/null +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32239.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32239", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T13:15:09.947", + "lastModified": "2023-06-22T13:15:09.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <=\u00a07.2.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woodmart/wordpress-woodmart-theme-7-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32449.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32449.json index 86e805fb45c..3d0ce60c725 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32449.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32449.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32449", "sourceIdentifier": "security_alert@emc.com", "published": "2023-06-22T07:15:08.867", - "lastModified": "2023-06-22T07:15:08.867", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32960.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32960.json new file mode 100644 index 00000000000..1d4b69d518e --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32960.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32960", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T13:15:10.020", + "lastModified": "2023-06-22T13:15:10.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <=\u00a01.23.3 versions leads to sitewide Cross-Site Scripting (XSS)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/updraftplus/wordpress-updraftplus-plugin-1-23-3-csrf-lead-to-wp-admin-site-wide-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33289.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33289.json index aa0db01d58e..be67308247a 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33289.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33289.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33289", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-21T20:15:10.157", - "lastModified": "2023-06-21T20:15:10.157", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33323.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33323.json new file mode 100644 index 00000000000..a119fded151 --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33323.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33323", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T13:15:10.093", + "lastModified": "2023-06-22T13:15:10.093", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <=\u00a04.0.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33387.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33387.json index 014f36295d1..a475978dce9 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33387.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33387.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33387", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-22T11:15:09.613", - "lastModified": "2023-06-22T11:15:09.613", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33405.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33405.json index 6fd36b9f60c..3264ee39d32 100644 --- a/CVE-2023/CVE-2023-334xx/CVE-2023-33405.json +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33405.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33405", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-21T21:15:11.357", - "lastModified": "2023-06-21T21:15:11.357", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33591.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33591.json index baf4f79a564..d1e540b7c04 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33591.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33591.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33591", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-21T20:15:10.213", - "lastModified": "2023-06-21T20:15:10.213", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33842.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33842.json index 108bab75365..62805128ea0 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33842.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33842.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33842", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-22T02:15:48.857", - "lastModified": "2023-06-22T02:15:48.857", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:30.407", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33997.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33997.json new file mode 100644 index 00000000000..9e66542d9c8 --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33997.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33997", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T13:15:10.170", + "lastModified": "2023-06-22T13:15:10.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <=\u00a05.5.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/bbp-style-pack/wordpress-bbp-style-pack-plugin-5-5-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34006.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34006.json new file mode 100644 index 00000000000..7b845987bd8 --- /dev/null +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34006.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34006", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T13:15:10.243", + "lastModified": "2023-06-22T13:15:10.243", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin <=\u00a03.6.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/telegram-bot/wordpress-telegram-bot-channel-plugin-3-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34368.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34368.json new file mode 100644 index 00000000000..1c1c0948744 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34368.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34368", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T13:15:10.313", + "lastModified": "2023-06-22T13:15:10.313", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <=\u00a02.5.20 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/kanban/wordpress-kanban-boards-for-wordpress-plugin-2-5-20-cross-site-scripting-xss-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34601.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34601.json index 749531b9214..f46fd309115 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34601.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34601.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34601", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-22T11:15:09.663", - "lastModified": "2023-06-22T11:15:09.663", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34927.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34927.json new file mode 100644 index 00000000000..88fc2730de5 --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34927.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-34927", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-22T13:15:10.383", + "lastModified": "2023-06-22T13:15:10.383", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://casdoor.org/", + "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/omriman067/4e90a3a4ffa40984f011d8777a995469", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/casdoor/casdoor/issues/1531", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34939.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34939.json new file mode 100644 index 00000000000..38f14a189f7 --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34939.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-34939", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-22T12:15:12.013", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ONLYOFFICE/CommunityServer/blob/master/CHANGELOG.md#version-1252", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/firsov/onlyoffice", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/firsov/onlyoffice/blob/main/CVE-2023-34939-PoC.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35090.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35090.json index c32ce98b2cc..0408be65031 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35090.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35090.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35090", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-22T11:15:09.727", - "lastModified": "2023-06-22T11:15:09.727", - "vulnStatus": "Received", + "lastModified": "2023-06-22T12:51:23.447", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35093.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35093.json new file mode 100644 index 00000000000..0a6ec6f7d9d --- /dev/null +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35093.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35093", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:12.060", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin <=\u00a03.0.8 versions allows\u00a0any logged-in users, such as subscribers to view the \"Orders\" of the plugin and get the data related to the order like\u00a0email, username, and more." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/masterstudy-lms-learning-management-system/wordpress-masterstudy-lms-plugin-3-0-7-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35917.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35917.json new file mode 100644 index 00000000000..af448e082d3 --- /dev/null +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35917.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35917", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:12.137", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <=\u00a02.0.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-paypal-payments/wordpress-woocommerce-paypal-payments-plugin-2-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35918.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35918.json new file mode 100644 index 00000000000..0ad33bd79fb --- /dev/null +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35918.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35918", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T12:15:12.213", + "lastModified": "2023-06-22T12:51:15.117", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <=\u00a02.2.33 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-bulk-stock-management/wordpress-woocommerce-bulk-stock-management-plugin-2-2-33-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 615b4516ca0..145e23f3325 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-22T12:00:26.312744+00:00 +2023-06-22T14:00:29.322535+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-22T11:15:09.727000+00:00 +2023-06-22T13:54:49.943000+00:00 ``` ### Last Data Feed Release @@ -29,27 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -218225 +218261 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `36` -* [CVE-2023-29707](CVE-2023/CVE-2023-297xx/CVE-2023-29707.json) (`2023-06-22T11:15:09.337`) -* [CVE-2023-29708](CVE-2023/CVE-2023-297xx/CVE-2023-29708.json) (`2023-06-22T11:15:09.390`) -* [CVE-2023-29709](CVE-2023/CVE-2023-297xx/CVE-2023-29709.json) (`2023-06-22T11:15:09.437`) -* [CVE-2023-29931](CVE-2023/CVE-2023-299xx/CVE-2023-29931.json) (`2023-06-22T11:15:09.487`) -* [CVE-2023-31213](CVE-2023/CVE-2023-312xx/CVE-2023-31213.json) (`2023-06-22T11:15:09.537`) -* [CVE-2023-33387](CVE-2023/CVE-2023-333xx/CVE-2023-33387.json) (`2023-06-22T11:15:09.613`) -* [CVE-2023-34601](CVE-2023/CVE-2023-346xx/CVE-2023-34601.json) (`2023-06-22T11:15:09.663`) -* [CVE-2023-35090](CVE-2023/CVE-2023-350xx/CVE-2023-35090.json) (`2023-06-22T11:15:09.727`) +* [CVE-2023-28778](CVE-2023/CVE-2023-287xx/CVE-2023-28778.json) (`2023-06-22T12:15:11.653`) +* [CVE-2023-28784](CVE-2023/CVE-2023-287xx/CVE-2023-28784.json) (`2023-06-22T12:15:11.723`) +* [CVE-2023-29711](CVE-2023/CVE-2023-297xx/CVE-2023-29711.json) (`2023-06-22T12:15:11.793`) +* [CVE-2023-30500](CVE-2023/CVE-2023-305xx/CVE-2023-30500.json) (`2023-06-22T12:15:11.847`) +* [CVE-2023-31867](CVE-2023/CVE-2023-318xx/CVE-2023-31867.json) (`2023-06-22T12:15:11.920`) +* [CVE-2023-31868](CVE-2023/CVE-2023-318xx/CVE-2023-31868.json) (`2023-06-22T12:15:11.967`) +* [CVE-2023-34939](CVE-2023/CVE-2023-349xx/CVE-2023-34939.json) (`2023-06-22T12:15:12.013`) +* [CVE-2023-35093](CVE-2023/CVE-2023-350xx/CVE-2023-35093.json) (`2023-06-22T12:15:12.060`) +* [CVE-2023-35917](CVE-2023/CVE-2023-359xx/CVE-2023-35917.json) (`2023-06-22T12:15:12.137`) +* [CVE-2023-35918](CVE-2023/CVE-2023-359xx/CVE-2023-35918.json) (`2023-06-22T12:15:12.213`) +* [CVE-2023-20892](CVE-2023/CVE-2023-208xx/CVE-2023-20892.json) (`2023-06-22T12:15:09.870`) +* [CVE-2023-20893](CVE-2023/CVE-2023-208xx/CVE-2023-20893.json) (`2023-06-22T12:15:10.490`) +* [CVE-2023-20894](CVE-2023/CVE-2023-208xx/CVE-2023-20894.json) (`2023-06-22T12:15:10.740`) +* [CVE-2023-20896](CVE-2023/CVE-2023-208xx/CVE-2023-20896.json) (`2023-06-22T13:15:09.590`) +* [CVE-2023-25499](CVE-2023/CVE-2023-254xx/CVE-2023-25499.json) (`2023-06-22T13:15:09.660`) +* [CVE-2023-25500](CVE-2023/CVE-2023-255xx/CVE-2023-25500.json) (`2023-06-22T13:15:09.737`) +* [CVE-2023-28418](CVE-2023/CVE-2023-284xx/CVE-2023-28418.json) (`2023-06-22T13:15:09.797`) +* [CVE-2023-28774](CVE-2023/CVE-2023-287xx/CVE-2023-28774.json) (`2023-06-22T13:15:09.870`) +* [CVE-2023-32239](CVE-2023/CVE-2023-322xx/CVE-2023-32239.json) (`2023-06-22T13:15:09.947`) +* [CVE-2023-32960](CVE-2023/CVE-2023-329xx/CVE-2023-32960.json) (`2023-06-22T13:15:10.020`) +* [CVE-2023-33323](CVE-2023/CVE-2023-333xx/CVE-2023-33323.json) (`2023-06-22T13:15:10.093`) +* [CVE-2023-33997](CVE-2023/CVE-2023-339xx/CVE-2023-33997.json) (`2023-06-22T13:15:10.170`) +* [CVE-2023-34006](CVE-2023/CVE-2023-340xx/CVE-2023-34006.json) (`2023-06-22T13:15:10.243`) +* [CVE-2023-34368](CVE-2023/CVE-2023-343xx/CVE-2023-34368.json) (`2023-06-22T13:15:10.313`) +* [CVE-2023-34927](CVE-2023/CVE-2023-349xx/CVE-2023-34927.json) (`2023-06-22T13:15:10.383`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `41` +* [CVE-2023-34601](CVE-2023/CVE-2023-346xx/CVE-2023-34601.json) (`2023-06-22T12:51:23.447`) +* [CVE-2023-35090](CVE-2023/CVE-2023-350xx/CVE-2023-35090.json) (`2023-06-22T12:51:23.447`) +* [CVE-2023-0969](CVE-2023/CVE-2023-09xx/CVE-2023-0969.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-0970](CVE-2023/CVE-2023-09xx/CVE-2023-0970.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-0971](CVE-2023/CVE-2023-09xx/CVE-2023-0971.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-0972](CVE-2023/CVE-2023-09xx/CVE-2023-0972.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-25435](CVE-2023/CVE-2023-254xx/CVE-2023-25435.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-33289](CVE-2023/CVE-2023-332xx/CVE-2023-33289.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-33591](CVE-2023/CVE-2023-335xx/CVE-2023-33591.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-3110](CVE-2023/CVE-2023-31xx/CVE-2023-3110.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-24261](CVE-2023/CVE-2023-242xx/CVE-2023-24261.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-33405](CVE-2023/CVE-2023-334xx/CVE-2023-33405.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-28956](CVE-2023/CVE-2023-289xx/CVE-2023-28956.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-33842](CVE-2023/CVE-2023-338xx/CVE-2023-33842.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-26115](CVE-2023/CVE-2023-261xx/CVE-2023-26115.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-32449](CVE-2023/CVE-2023-324xx/CVE-2023-32449.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-27413](CVE-2023/CVE-2023-274xx/CVE-2023-27413.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-27612](CVE-2023/CVE-2023-276xx/CVE-2023-27612.json) (`2023-06-22T12:51:30.407`) +* [CVE-2023-28310](CVE-2023/CVE-2023-283xx/CVE-2023-28310.json) (`2023-06-22T12:55:20.207`) +* [CVE-2023-32031](CVE-2023/CVE-2023-320xx/CVE-2023-32031.json) (`2023-06-22T13:32:36.243`) +* [CVE-2023-32024](CVE-2023/CVE-2023-320xx/CVE-2023-32024.json) (`2023-06-22T13:34:21.677`) +* [CVE-2023-21130](CVE-2023/CVE-2023-211xx/CVE-2023-21130.json) (`2023-06-22T13:39:25.883`) +* [CVE-2023-21129](CVE-2023/CVE-2023-211xx/CVE-2023-21129.json) (`2023-06-22T13:40:11.927`) +* [CVE-2023-21128](CVE-2023/CVE-2023-211xx/CVE-2023-21128.json) (`2023-06-22T13:49:33.047`) +* [CVE-2023-21124](CVE-2023/CVE-2023-211xx/CVE-2023-21124.json) (`2023-06-22T13:54:49.943`) ## Download and Usage