admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-22T14:00:29.322535+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-22 14:00:32 +00:00
parent 791967a671
commit 290f110665
78 changed files with 2316 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2019/CVE-2019-251xx/CVE-2019-25152.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-25152", "id": "CVE-2019-25152",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2023-06-22T02:15:47.730", "published": "2023-06-22T02:15:47.730",
"lastModified": "2023-06-22T02:15:47.730", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

55
CVE-2022/CVE-2022-475xx/CVE-2022-47593.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47593",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T13:15:09.490",
"lastModified": "2023-06-22T13:15:09.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <=\u00a01.6.35 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/unusedcss/wordpress-rapidload-power-up-for-autoptimize-plugin-1-6-35-sql-injection?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-09xx/CVE-2023-0969.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0969", "id": "CVE-2023-0969",
"sourceIdentifier": "product-security@silabs.com", "sourceIdentifier": "product-security@silabs.com",
"published": "2023-06-21T20:15:09.660", "published": "2023-06-21T20:15:09.660",
"lastModified": "2023-06-21T20:15:09.660", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-09xx/CVE-2023-0970.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0970", "id": "CVE-2023-0970",
"sourceIdentifier": "product-security@silabs.com", "sourceIdentifier": "product-security@silabs.com",
"published": "2023-06-21T20:15:09.843", "published": "2023-06-21T20:15:09.843",
"lastModified": "2023-06-21T20:15:09.843", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-09xx/CVE-2023-0971.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0971", "id": "CVE-2023-0971",
"sourceIdentifier": "product-security@silabs.com", "sourceIdentifier": "product-security@silabs.com",
"published": "2023-06-21T20:15:09.943", "published": "2023-06-21T20:15:09.943",
"lastModified": "2023-06-21T20:15:09.943", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-09xx/CVE-2023-0972.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0972", "id": "CVE-2023-0972",
"sourceIdentifier": "product-security@silabs.com", "sourceIdentifier": "product-security@silabs.com",
"published": "2023-06-21T20:15:10.023", "published": "2023-06-21T20:15:10.023",
"lastModified": "2023-06-21T20:15:10.023", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

43
CVE-2023/CVE-2023-208xx/CVE-2023-20892.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20892",
"sourceIdentifier": "security@vmware.com",
"published": "2023-06-22T12:15:09.870",
"lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may exploit\u00a0heap-overflow vulnerability\u00a0to execute arbitrary code on the underlying operating system that hosts vCenter Server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html",
"source": "security@vmware.com"
}
]
}

43
CVE-2023/CVE-2023-208xx/CVE-2023-20893.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20893",
"sourceIdentifier": "security@vmware.com",
"published": "2023-06-22T12:15:10.490",
"lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html",
"source": "security@vmware.com"
}
]
}

43
CVE-2023/CVE-2023-208xx/CVE-2023-20894.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20894",
"sourceIdentifier": "security@vmware.com",
"published": "2023-06-22T12:15:10.740",
"lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html",
"source": "security@vmware.com"
}
]
}

43
CVE-2023/CVE-2023-208xx/CVE-2023-20895.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20895",
"sourceIdentifier": "security@vmware.com",
"published": "2023-06-22T12:15:10.893",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html",
"source": "security@vmware.com"
}
]
}

43
CVE-2023/CVE-2023-208xx/CVE-2023-20896.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20896",
"sourceIdentifier": "security@vmware.com",
"published": "2023-06-22T13:15:09.590",
"lastModified": "2023-06-22T13:15:09.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html",
"source": "security@vmware.com"
}
]
}

83
CVE-2023/CVE-2023-211xx/CVE-2023-21124.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-21124", "id": "CVE-2023-21124",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.673", "published": "2023-06-15T19:15:09.673",
"lastModified": "2023-06-15T20:46:39.603", "lastModified": "2023-06-22T13:54:49.943",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265798353" "value": "In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265798353"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://source.android.com/security/bulletin/2023-06-01", "source": "nvd@nist.gov",
"source": "security@android.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

83
CVE-2023/CVE-2023-211xx/CVE-2023-21128.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-21128", "id": "CVE-2023-21128",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.797", "published": "2023-06-15T19:15:09.797",
"lastModified": "2023-06-15T20:46:39.603", "lastModified": "2023-06-22T13:49:33.047",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-272042183" "value": "In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-272042183"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://source.android.com/security/bulletin/2023-06-01", "source": "nvd@nist.gov",
"source": "security@android.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

82
CVE-2023/CVE-2023-211xx/CVE-2023-21129.json
View File

@ -2,19 +2,89 @@
"id": "CVE-2023-21129", "id": "CVE-2023-21129",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.837", "published": "2023-06-15T19:15:09.837",
"lastModified": "2023-06-15T20:46:39.603", "lastModified": "2023-06-22T13:40:11.927",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-274759612" "value": "In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-274759612"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://source.android.com/security/bulletin/2023-06-01", "source": "nvd@nist.gov",
"source": "security@android.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

68
CVE-2023/CVE-2023-211xx/CVE-2023-21130.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-21130", "id": "CVE-2023-21130",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.880", "published": "2023-06-15T19:15:09.880",
"lastModified": "2023-06-15T20:46:39.603", "lastModified": "2023-06-22T13:39:25.883",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002" "value": "In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://source.android.com/security/bulletin/2023-06-01", "source": "nvd@nist.gov",
"source": "security@android.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

55
CVE-2023/CVE-2023-237xx/CVE-2023-23795.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23795",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:10.967",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <=\u00a01.9.9.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/contact-form-add/wordpress-form-builder-create-responsive-contact-forms-plugin-1-9-9-0-cross-site-request-forgery-csrf-leading-to-post-page-deletion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-238xx/CVE-2023-23807.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23807",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:11.053",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qumos MojoPlug Slide Panel plugin <=\u00a01.1.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mojoplug-slide-panel/wordpress-mojoplug-slide-panel-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-238xx/CVE-2023-23811.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23811",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:11.133",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neil Gee Smoothscroller plugin <=\u00a01.0.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/smoothscroller/wordpress-smoothscroller-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-242xx/CVE-2023-24261.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24261", "id": "CVE-2023-24261",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-21T21:15:10.867", "published": "2023-06-21T21:15:10.867",
"lastModified": "2023-06-21T21:15:10.867", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-254xx/CVE-2023-25435.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25435", "id": "CVE-2023-25435",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-21T20:15:10.100", "published": "2023-06-21T20:15:10.100",
"lastModified": "2023-06-21T20:15:10.100", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

59
CVE-2023/CVE-2023-254xx/CVE-2023-25499.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-25499",
"sourceIdentifier": "security@vaadin.com",
"published": "2023-06-22T13:15:09.660",
"lastModified": "2023-06-22T13:15:09.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vaadin.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@vaadin.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/vaadin/flow/pull/15885",
"source": "security@vaadin.com"
},
{
"url": "https://vaadin.com/security/CVE-2023-25499",
"source": "security@vaadin.com"
}
]
}

55
CVE-2023/CVE-2023-255xx/CVE-2023-25500.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25500",
"sourceIdentifier": "security@vaadin.com",
"published": "2023-06-22T13:15:09.737",
"lastModified": "2023-06-22T13:15:09.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in a potential information disclosure of class and method names in RPC responses by sending modified requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vaadin.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@vaadin.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/vaadin/flow/pull/16935",
"source": "security@vaadin.com"
}
]
}

4
CVE-2023/CVE-2023-261xx/CVE-2023-26115.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26115", "id": "CVE-2023-26115",
"sourceIdentifier": "report@snyk.io", "sourceIdentifier": "report@snyk.io",
"published": "2023-06-22T05:15:09.157", "published": "2023-06-22T05:15:09.157",
"lastModified": "2023-06-22T05:15:09.157", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

55
CVE-2023/CVE-2023-265xx/CVE-2023-26534.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26534",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:11.207",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneWebsite WP Repost plugin <=\u00a00.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-repost/wordpress-wp-repost-plugin-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-265xx/CVE-2023-26539.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26539",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:11.277",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Chirkov Advanced Text Widget plugin <=\u00a02.1.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-text-widget/wordpress-advanced-text-widget-plugin-2-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-274xx/CVE-2023-27413.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27413", "id": "CVE-2023-27413",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T08:15:09.173", "published": "2023-06-22T08:15:09.173",
"lastModified": "2023-06-22T08:15:09.173", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

55
CVE-2023/CVE-2023-274xx/CVE-2023-27452.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27452",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:11.350",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator \u2013 easily Button Builder plugin <=\u00a02.3.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/button-generation/wordpress-button-generator-plugin-2-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-276xx/CVE-2023-27612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27612", "id": "CVE-2023-27612",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T08:15:09.277", "published": "2023-06-22T08:15:09.277",
"lastModified": "2023-06-22T08:15:09.277", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-276xx/CVE-2023-27618.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27618", "id": "CVE-2023-27618",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T09:15:10.873", "published": "2023-06-22T09:15:10.873",
"lastModified": "2023-06-22T09:15:10.873", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-276xx/CVE-2023-27629.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27629", "id": "CVE-2023-27629",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T08:15:09.353", "published": "2023-06-22T08:15:09.353",
"lastModified": "2023-06-22T08:15:09.353", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-276xx/CVE-2023-27631.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27631", "id": "CVE-2023-27631",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T08:15:09.433", "published": "2023-06-22T08:15:09.433",
"lastModified": "2023-06-22T08:15:09.433", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-281xx/CVE-2023-28166.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28166", "id": "CVE-2023-28166",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T09:15:10.993", "published": "2023-06-22T09:15:10.993",
"lastModified": "2023-06-22T09:15:10.993", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-281xx/CVE-2023-28171.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28171", "id": "CVE-2023-28171",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T09:15:11.070", "published": "2023-06-22T09:15:11.070",
"lastModified": "2023-06-22T09:15:11.070", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

55
CVE-2023/CVE-2023-281xx/CVE-2023-28174.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28174",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:11.423",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLightUp eRocket plugin <=\u00a01.2.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/erocket/wordpress-erocket-plugin-1-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

53
CVE-2023/CVE-2023-283xx/CVE-2023-28310.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28310", "id": "CVE-2023-28310",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-14T15:15:09.630", "published": "2023-06-14T15:15:09.630",
"lastModified": "2023-06-14T15:30:49.300", "lastModified": "2023-06-22T12:55:20.207",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -34,10 +34,53 @@
} }
] ]
}, },
"references": [ "weaknesses": [
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310", "source": "nvd@nist.gov",
"source": "secure@microsoft.com" "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
"matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
"matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*",
"matchCriteriaId": "583745C7-B802-4CBE-BD88-B5B9AF9B5371"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

55
CVE-2023/CVE-2023-284xx/CVE-2023-28418.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28418",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T13:15:09.797",
"lastModified": "2023-06-22T13:15:09.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Yudlee themes Mediciti Lite theme <=\u00a01.3.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mediciti-lite/wordpress-mediciti-lite-theme-1-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-284xx/CVE-2023-28423.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28423", "id": "CVE-2023-28423",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T09:15:11.147", "published": "2023-06-22T09:15:11.147",
"lastModified": "2023-06-22T09:15:11.147", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-284xx/CVE-2023-28496.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28496", "id": "CVE-2023-28496",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T09:15:11.217", "published": "2023-06-22T09:15:11.217",
"lastModified": "2023-06-22T09:15:11.217", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-285xx/CVE-2023-28534.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28534", "id": "CVE-2023-28534",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T09:15:11.297", "published": "2023-06-22T09:15:11.297",
"lastModified": "2023-06-22T09:15:11.297", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-286xx/CVE-2023-28695.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28695", "id": "CVE-2023-28695",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T09:15:11.373", "published": "2023-06-22T09:15:11.373",
"lastModified": "2023-06-22T09:15:11.373", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

55
CVE-2023/CVE-2023-287xx/CVE-2023-28750.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28750",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:11.500",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <=\u00a04.6 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28774.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28774",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T13:15:09.870",
"lastModified": "2023-06-22T13:15:09.870",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grade Us, Inc. Review Stream plugin <=\u00a01.6.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/review-stream/wordpress-review-stream-plugin-1-6-5-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28776.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28776",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:11.577",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <=\u00a01.0.15 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/continuous-image-carousel-with-lightbox/wordpress-continuous-image-carousel-with-lightbox-plugin-1-0-15-reflected-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28778.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28778",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:11.653",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <=\u00a01.2.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pagination/wordpress-pagination-by-bestwebsoft-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28784.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28784",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:11.723",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <=\u00a021.1.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-289xx/CVE-2023-28956.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28956", "id": "CVE-2023-28956",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-22T02:15:48.717", "published": "2023-06-22T02:15:48.717",
"lastModified": "2023-06-22T02:15:48.717", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-297xx/CVE-2023-29707.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29707", "id": "CVE-2023-29707",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T11:15:09.337", "published": "2023-06-22T11:15:09.337",
"lastModified": "2023-06-22T11:15:09.337", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-297xx/CVE-2023-29708.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29708", "id": "CVE-2023-29708",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T11:15:09.390", "published": "2023-06-22T11:15:09.390",
"lastModified": "2023-06-22T11:15:09.390", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-297xx/CVE-2023-29709.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29709", "id": "CVE-2023-29709",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T11:15:09.437", "published": "2023-06-22T11:15:09.437",
"lastModified": "2023-06-22T11:15:09.437", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

24
CVE-2023/CVE-2023-297xx/CVE-2023-29711.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-29711",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T12:15:11.793",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/shellpei/LINK-Unauthorized/blob/main/CVE-2023-29711",
"source": "cve@mitre.org"
},
{
"url": "https://holistic-height-e6d.notion.site/LINK-PSG-5124-Switch-remote-command-vulnerability-da4fd8fb450d42879b07ef3a953a2366",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-299xx/CVE-2023-29931.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29931", "id": "CVE-2023-29931",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T11:15:09.487", "published": "2023-06-22T11:15:09.487",
"lastModified": "2023-06-22T11:15:09.487", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

59
CVE-2023/CVE-2023-305xx/CVE-2023-30500.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-30500",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:11.847",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins <=\u00a01.8.1.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpforms-lite/wordpress-wpforms-lite-plugin-1-8-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
{
"url": "https://patchstack.com/database/vulnerability/wpforms/wordpress-wpforms-pro-plugin-1-8-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-312xx/CVE-2023-31213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31213", "id": "CVE-2023-31213",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T11:15:09.537", "published": "2023-06-22T11:15:09.537",
"lastModified": "2023-06-22T11:15:09.537", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

24
CVE-2023/CVE-2023-318xx/CVE-2023-31867.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31867",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T12:15:11.920",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection."
}
],
"metrics": {},
"references": [
{
"url": "http://sage.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Digitemis/Advisory/blob/main/CVE-2023-31867.txt",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-318xx/CVE-2023-31868.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31868",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T12:15:11.967",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is injected into those fields, this code will be saved by the application and executed by the web browser of the user viewing the web page. Several injection points have been identified on the application. The major one requires the user to be authenticated with a common account, he can then target an Administrator. All others endpoints need the malicious user to be authenticated as an Administrator. Therefore, the impact is diminished."
}
],
"metrics": {},
"references": [
{
"url": "http://sage.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Digitemis/Advisory/blob/main/CVE-2023-31868.txt",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-31xx/CVE-2023-3110.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3110", "id": "CVE-2023-3110",
"sourceIdentifier": "product-security@silabs.com", "sourceIdentifier": "product-security@silabs.com",
"published": "2023-06-21T20:15:10.263", "published": "2023-06-21T20:15:10.263",
"lastModified": "2023-06-21T20:15:10.263", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

43
CVE-2023/CVE-2023-320xx/CVE-2023-32024.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32024", "id": "CVE-2023-32024",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-14T15:15:09.893", "published": "2023-06-14T15:15:09.893",
"lastModified": "2023-06-14T15:30:49.300", "lastModified": "2023-06-22T13:34:21.677",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -34,10 +34,43 @@
} }
] ]
}, },
"references": [ "weaknesses": [
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32024", "source": "nvd@nist.gov",
"source": "secure@microsoft.com" "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:power_apps:-:*:*:*:*:*:*:*",
"matchCriteriaId": "420F7BF6-15F9-4C35-8F16-3C4E0066BFC1"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32024",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

53
CVE-2023/CVE-2023-320xx/CVE-2023-32031.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32031", "id": "CVE-2023-32031",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-14T15:15:10.013", "published": "2023-06-14T15:15:10.013",
"lastModified": "2023-06-14T15:30:49.300", "lastModified": "2023-06-22T13:32:36.243",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -34,10 +34,53 @@
} }
] ]
}, },
"references": [ "weaknesses": [
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031", "source": "nvd@nist.gov",
"source": "secure@microsoft.com" "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
"matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
"matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*",
"matchCriteriaId": "583745C7-B802-4CBE-BD88-B5B9AF9B5371"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

55
CVE-2023/CVE-2023-322xx/CVE-2023-32239.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32239",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T13:15:09.947",
"lastModified": "2023-06-22T13:15:09.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <=\u00a07.2.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woodmart/wordpress-woodmart-theme-7-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-324xx/CVE-2023-32449.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32449", "id": "CVE-2023-32449",
"sourceIdentifier": "security_alert@emc.com", "sourceIdentifier": "security_alert@emc.com",
"published": "2023-06-22T07:15:08.867", "published": "2023-06-22T07:15:08.867",
"lastModified": "2023-06-22T07:15:08.867", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

55
CVE-2023/CVE-2023-329xx/CVE-2023-32960.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32960",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T13:15:10.020",
"lastModified": "2023-06-22T13:15:10.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <=\u00a01.23.3 versions leads to sitewide Cross-Site Scripting (XSS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/updraftplus/wordpress-updraftplus-plugin-1-23-3-csrf-lead-to-wp-admin-site-wide-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-332xx/CVE-2023-33289.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33289", "id": "CVE-2023-33289",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-21T20:15:10.157", "published": "2023-06-21T20:15:10.157",
"lastModified": "2023-06-21T20:15:10.157", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

55
CVE-2023/CVE-2023-333xx/CVE-2023-33323.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33323",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T13:15:10.093",
"lastModified": "2023-06-22T13:15:10.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <=\u00a04.0.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-333xx/CVE-2023-33387.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33387", "id": "CVE-2023-33387",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T11:15:09.613", "published": "2023-06-22T11:15:09.613",
"lastModified": "2023-06-22T11:15:09.613", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-334xx/CVE-2023-33405.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33405", "id": "CVE-2023-33405",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-21T21:15:11.357", "published": "2023-06-21T21:15:11.357",
"lastModified": "2023-06-21T21:15:11.357", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-335xx/CVE-2023-33591.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33591", "id": "CVE-2023-33591",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-21T20:15:10.213", "published": "2023-06-21T20:15:10.213",
"lastModified": "2023-06-21T20:15:10.213", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-338xx/CVE-2023-33842.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33842", "id": "CVE-2023-33842",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-22T02:15:48.857", "published": "2023-06-22T02:15:48.857",
"lastModified": "2023-06-22T02:15:48.857", "lastModified": "2023-06-22T12:51:30.407",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

55
CVE-2023/CVE-2023-339xx/CVE-2023-33997.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33997",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T13:15:10.170",
"lastModified": "2023-06-22T13:15:10.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <=\u00a05.5.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bbp-style-pack/wordpress-bbp-style-pack-plugin-5-5-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-340xx/CVE-2023-34006.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34006",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T13:15:10.243",
"lastModified": "2023-06-22T13:15:10.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin <=\u00a03.6.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/telegram-bot/wordpress-telegram-bot-channel-plugin-3-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-343xx/CVE-2023-34368.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34368",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T13:15:10.313",
"lastModified": "2023-06-22T13:15:10.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <=\u00a02.5.20 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kanban/wordpress-kanban-boards-for-wordpress-plugin-2-5-20-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-346xx/CVE-2023-34601.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34601", "id": "CVE-2023-34601",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T11:15:09.663", "published": "2023-06-22T11:15:09.663",
"lastModified": "2023-06-22T11:15:09.663", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

28
CVE-2023/CVE-2023-349xx/CVE-2023-34927.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-34927",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T13:15:10.383",
"lastModified": "2023-06-22T13:15:10.383",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL."
}
],
"metrics": {},
"references": [
{
"url": "https://casdoor.org/",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/omriman067/4e90a3a4ffa40984f011d8777a995469",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/casdoor/casdoor/issues/1531",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-349xx/CVE-2023-34939.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-34939",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T12:15:12.013",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ONLYOFFICE/CommunityServer/blob/master/CHANGELOG.md#version-1252",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/firsov/onlyoffice",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/firsov/onlyoffice/blob/main/CVE-2023-34939-PoC.md",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-350xx/CVE-2023-35090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35090", "id": "CVE-2023-35090",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T11:15:09.727", "published": "2023-06-22T11:15:09.727",
"lastModified": "2023-06-22T11:15:09.727", "lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

55
CVE-2023/CVE-2023-350xx/CVE-2023-35093.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35093",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:12.060",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin <=\u00a03.0.8 versions allows\u00a0any logged-in users, such as subscribers to view the \"Orders\" of the plugin and get the data related to the order like\u00a0email, username, and more."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/masterstudy-lms-learning-management-system/wordpress-masterstudy-lms-plugin-3-0-7-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-359xx/CVE-2023-35917.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35917",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:12.137",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <=\u00a02.0.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-paypal-payments/wordpress-woocommerce-paypal-payments-plugin-2-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-359xx/CVE-2023-35918.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35918",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:12.213",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <=\u00a02.2.33 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-bulk-stock-management/wordpress-woocommerce-bulk-stock-management-plugin-2-2-33-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

68
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-06-22T12:00:26.312744+00:00 2023-06-22T14:00:29.322535+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-06-22T11:15:09.727000+00:00 2023-06-22T13:54:49.943000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,27 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
218225 218261
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `8` Recently added CVEs: `36`
* [CVE-2023-29707](CVE-2023/CVE-2023-297xx/CVE-2023-29707.json) (`2023-06-22T11:15:09.337`) * [CVE-2023-28778](CVE-2023/CVE-2023-287xx/CVE-2023-28778.json) (`2023-06-22T12:15:11.653`)
* [CVE-2023-29708](CVE-2023/CVE-2023-297xx/CVE-2023-29708.json) (`2023-06-22T11:15:09.390`) * [CVE-2023-28784](CVE-2023/CVE-2023-287xx/CVE-2023-28784.json) (`2023-06-22T12:15:11.723`)
* [CVE-2023-29709](CVE-2023/CVE-2023-297xx/CVE-2023-29709.json) (`2023-06-22T11:15:09.437`) * [CVE-2023-29711](CVE-2023/CVE-2023-297xx/CVE-2023-29711.json) (`2023-06-22T12:15:11.793`)
* [CVE-2023-29931](CVE-2023/CVE-2023-299xx/CVE-2023-29931.json) (`2023-06-22T11:15:09.487`) * [CVE-2023-30500](CVE-2023/CVE-2023-305xx/CVE-2023-30500.json) (`2023-06-22T12:15:11.847`)
* [CVE-2023-31213](CVE-2023/CVE-2023-312xx/CVE-2023-31213.json) (`2023-06-22T11:15:09.537`) * [CVE-2023-31867](CVE-2023/CVE-2023-318xx/CVE-2023-31867.json) (`2023-06-22T12:15:11.920`)
* [CVE-2023-33387](CVE-2023/CVE-2023-333xx/CVE-2023-33387.json) (`2023-06-22T11:15:09.613`) * [CVE-2023-31868](CVE-2023/CVE-2023-318xx/CVE-2023-31868.json) (`2023-06-22T12:15:11.967`)
* [CVE-2023-34601](CVE-2023/CVE-2023-346xx/CVE-2023-34601.json) (`2023-06-22T11:15:09.663`) * [CVE-2023-34939](CVE-2023/CVE-2023-349xx/CVE-2023-34939.json) (`2023-06-22T12:15:12.013`)
* [CVE-2023-35090](CVE-2023/CVE-2023-350xx/CVE-2023-35090.json) (`2023-06-22T11:15:09.727`) * [CVE-2023-35093](CVE-2023/CVE-2023-350xx/CVE-2023-35093.json) (`2023-06-22T12:15:12.060`)
* [CVE-2023-35917](CVE-2023/CVE-2023-359xx/CVE-2023-35917.json) (`2023-06-22T12:15:12.137`)
* [CVE-2023-35918](CVE-2023/CVE-2023-359xx/CVE-2023-35918.json) (`2023-06-22T12:15:12.213`)
* [CVE-2023-20892](CVE-2023/CVE-2023-208xx/CVE-2023-20892.json) (`2023-06-22T12:15:09.870`)
* [CVE-2023-20893](CVE-2023/CVE-2023-208xx/CVE-2023-20893.json) (`2023-06-22T12:15:10.490`)
* [CVE-2023-20894](CVE-2023/CVE-2023-208xx/CVE-2023-20894.json) (`2023-06-22T12:15:10.740`)
* [CVE-2023-20896](CVE-2023/CVE-2023-208xx/CVE-2023-20896.json) (`2023-06-22T13:15:09.590`)
* [CVE-2023-25499](CVE-2023/CVE-2023-254xx/CVE-2023-25499.json) (`2023-06-22T13:15:09.660`)
* [CVE-2023-25500](CVE-2023/CVE-2023-255xx/CVE-2023-25500.json) (`2023-06-22T13:15:09.737`)
* [CVE-2023-28418](CVE-2023/CVE-2023-284xx/CVE-2023-28418.json) (`2023-06-22T13:15:09.797`)
* [CVE-2023-28774](CVE-2023/CVE-2023-287xx/CVE-2023-28774.json) (`2023-06-22T13:15:09.870`)
* [CVE-2023-32239](CVE-2023/CVE-2023-322xx/CVE-2023-32239.json) (`2023-06-22T13:15:09.947`)
* [CVE-2023-32960](CVE-2023/CVE-2023-329xx/CVE-2023-32960.json) (`2023-06-22T13:15:10.020`)
* [CVE-2023-33323](CVE-2023/CVE-2023-333xx/CVE-2023-33323.json) (`2023-06-22T13:15:10.093`)
* [CVE-2023-33997](CVE-2023/CVE-2023-339xx/CVE-2023-33997.json) (`2023-06-22T13:15:10.170`)
* [CVE-2023-34006](CVE-2023/CVE-2023-340xx/CVE-2023-34006.json) (`2023-06-22T13:15:10.243`)
* [CVE-2023-34368](CVE-2023/CVE-2023-343xx/CVE-2023-34368.json) (`2023-06-22T13:15:10.313`)
* [CVE-2023-34927](CVE-2023/CVE-2023-349xx/CVE-2023-34927.json) (`2023-06-22T13:15:10.383`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `0` Recently modified CVEs: `41`
* [CVE-2023-34601](CVE-2023/CVE-2023-346xx/CVE-2023-34601.json) (`2023-06-22T12:51:23.447`)
* [CVE-2023-35090](CVE-2023/CVE-2023-350xx/CVE-2023-35090.json) (`2023-06-22T12:51:23.447`)
* [CVE-2023-0969](CVE-2023/CVE-2023-09xx/CVE-2023-0969.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-0970](CVE-2023/CVE-2023-09xx/CVE-2023-0970.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-0971](CVE-2023/CVE-2023-09xx/CVE-2023-0971.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-0972](CVE-2023/CVE-2023-09xx/CVE-2023-0972.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-25435](CVE-2023/CVE-2023-254xx/CVE-2023-25435.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-33289](CVE-2023/CVE-2023-332xx/CVE-2023-33289.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-33591](CVE-2023/CVE-2023-335xx/CVE-2023-33591.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-3110](CVE-2023/CVE-2023-31xx/CVE-2023-3110.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-24261](CVE-2023/CVE-2023-242xx/CVE-2023-24261.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-33405](CVE-2023/CVE-2023-334xx/CVE-2023-33405.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-28956](CVE-2023/CVE-2023-289xx/CVE-2023-28956.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-33842](CVE-2023/CVE-2023-338xx/CVE-2023-33842.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-26115](CVE-2023/CVE-2023-261xx/CVE-2023-26115.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-32449](CVE-2023/CVE-2023-324xx/CVE-2023-32449.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-27413](CVE-2023/CVE-2023-274xx/CVE-2023-27413.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-27612](CVE-2023/CVE-2023-276xx/CVE-2023-27612.json) (`2023-06-22T12:51:30.407`)
* [CVE-2023-28310](CVE-2023/CVE-2023-283xx/CVE-2023-28310.json) (`2023-06-22T12:55:20.207`)
* [CVE-2023-32031](CVE-2023/CVE-2023-320xx/CVE-2023-32031.json) (`2023-06-22T13:32:36.243`)
* [CVE-2023-32024](CVE-2023/CVE-2023-320xx/CVE-2023-32024.json) (`2023-06-22T13:34:21.677`)
* [CVE-2023-21130](CVE-2023/CVE-2023-211xx/CVE-2023-21130.json) (`2023-06-22T13:39:25.883`)
* [CVE-2023-21129](CVE-2023/CVE-2023-211xx/CVE-2023-21129.json) (`2023-06-22T13:40:11.927`)
* [CVE-2023-21128](CVE-2023/CVE-2023-211xx/CVE-2023-21128.json) (`2023-06-22T13:49:33.047`)
* [CVE-2023-21124](CVE-2023/CVE-2023-211xx/CVE-2023-21124.json) (`2023-06-22T13:54:49.943`)
## Download and Usage ## Download and Usage