diff --git a/CVE-2023/CVE-2023-03xx/CVE-2023-0329.json b/CVE-2023/CVE-2023-03xx/CVE-2023-0329.json index c65d7bb2357..eeb7c01b31f 100644 --- a/CVE-2023/CVE-2023-03xx/CVE-2023-0329.json +++ b/CVE-2023/CVE-2023-03xx/CVE-2023-0329.json @@ -2,15 +2,38 @@ "id": "CVE-2023-0329", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:09.397", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-03T04:18:39.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.12.2", + "matchCriteriaId": "C2623190-0D53-465A-BF74-3E3984C1DED6" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/a875836d-77f4-4306-b275-2b60efff1493", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-03xx/CVE-2023-0341.json b/CVE-2023/CVE-2023-03xx/CVE-2023-0341.json index 6cbb4904133..b948b4ccfd0 100644 --- a/CVE-2023/CVE-2023-03xx/CVE-2023-0341.json +++ b/CVE-2023/CVE-2023-03xx/CVE-2023-0341.json @@ -2,7 +2,7 @@ "id": "CVE-2023-0341", "sourceIdentifier": "security@ubuntu.com", "published": "2023-02-01T00:15:10.343", - "lastModified": "2023-02-09T22:15:11.063", + "lastModified": "2023-06-03T05:15:08.917", "vulnStatus": "Modified", "descriptions": [ { @@ -103,6 +103,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCFE7DXWAAKDJPRKMXHCACKGKNV37IYZ/", + "source": "security@ubuntu.com" + }, { "url": "https://litios.github.io/2023/01/14/CVE-2023-0341.html", "source": "security@ubuntu.com", diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2298.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2298.json new file mode 100644 index 00000000000..5ae34d15770 --- /dev/null +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2298.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-2298", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-06-03T05:15:09.173", + "lastModified": "2023-06-03T05:15:09.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/meeting-scheduler-by-vcita/trunk/vcita-api-functions.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e6a0bf9-4767-4d4c-9a1e-adcb3c7719d9?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2299.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2299.json new file mode 100644 index 00000000000..18a17f2a65b --- /dev/null +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2299.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-2299", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-06-03T05:15:09.267", + "lastModified": "2023-06-03T05:15:09.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/meeting-scheduler-by-vcita/trunk/vcita-api-functions.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4855627a-de56-49ee-b0b0-01b9735d8557?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23699.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23699.json index eed13278137..4b6bd752a0f 100644 --- a/CVE-2023/CVE-2023-236xx/CVE-2023-23699.json +++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23699.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23699", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-29T15:15:09.393", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-03T04:14:09.763", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress_bar_project:progress_bar:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.2.1", + "matchCriteriaId": "BDE201CF-A10F-4327-A498-F59E1046E697" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/progress-bar/wordpress-progress-bar-plugin-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2300.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2300.json new file mode 100644 index 00000000000..2f1bbec4e1c --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2300.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-2300", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-06-03T05:15:09.330", + "lastModified": "2023-06-03T05:15:09.330", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/contact-form-with-a-meeting-scheduler-by-vcita/trunk/system/parse_vcita_callback.php#L55", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12ce97ba-8053-481f-bcd7-05d5e8292adb?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2301.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2301.json new file mode 100644 index 00000000000..3e4aa039210 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2301.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-2301", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-06-03T05:15:09.397", + "lastModified": "2023-06-03T05:15:09.397", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/contact-form-with-a-meeting-scheduler-by-vcita/trunk/system/parse_vcita_callback.php#L55", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61c39f5f-3b17-4e4d-824e-241159a73400?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2302.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2302.json new file mode 100644 index 00000000000..250d296a0d4 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2302.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-2302", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-06-03T05:15:09.460", + "lastModified": "2023-06-03T05:15:09.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/lead-capturing-call-to-actions-by-vcita/trunk/vcita-callback.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dfc237a-9157-4da9-ba8f-9daf2ba4f20b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2303.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2303.json new file mode 100644 index 00000000000..3b902953079 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2303.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-2303", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-06-03T05:15:09.527", + "lastModified": "2023-06-03T05:15:09.527", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/lead-capturing-call-to-actions-by-vcita/trunk/vcita-callback.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2345c972-9fd4-4709-8bde-315ab54f60e2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2404.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2404.json new file mode 100644 index 00000000000..ab180fb7d19 --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2404.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-2404", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-06-03T05:15:09.593", + "lastModified": "2023-06-03T05:15:09.593", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/crm-customer-relationship-management-by-vcita/trunk/vcita-callback.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e26ccd06-22e0-4d91-a53a-df6ead8a8e3b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2405.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2405.json new file mode 100644 index 00000000000..9f9919df540 --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2405.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-2405", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-06-03T05:15:09.653", + "lastModified": "2023-06-03T05:15:09.653", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/crm-customer-relationship-management-by-vcita/trunk/vcita-callback.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f75c6bf-1b93-49d5-b5fb-e59b4e67432f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2406.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2406.json new file mode 100644 index 00000000000..f8c234189cc --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2406.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-2406", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-06-03T05:15:09.717", + "lastModified": "2023-06-03T05:15:09.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments \u2013 Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/system/parse_vcita_callback.php#L55", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/paypal-payment-button-by-vcita/trunk/system/parse_vcita_callback.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ab05954-9999-43ff-8e3c-a987e2da1956?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2407.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2407.json new file mode 100644 index 00000000000..c3eab833a01 --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2407.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-2407", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-06-03T05:15:09.780", + "lastModified": "2023-06-03T05:15:09.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments \u2013 Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/system/parse_vcita_callback.php#L55", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/paypal-payment-button-by-vcita/trunk/system/parse_vcita_callback.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/207b40fa-2062-48d6-990b-f05cbbf8fb8e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2415.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2415.json new file mode 100644 index 00000000000..3d4c7692d57 --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2415.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-2415", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-06-03T05:15:09.843", + "lastModified": "2023-06-03T05:15:09.843", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php#L55", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/731cbeed-d4aa-448f-878a-8c51a3da4e18?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2416.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2416.json new file mode 100644 index 00000000000..5fd051dd564 --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2416.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-2416", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-06-03T05:15:09.903", + "lastModified": "2023-06-03T05:15:09.903", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php#L55", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f434585c-8533-4788-b0bc-5650390c29a8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2927.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2927.json index 1982249fcde..1e09bb9726c 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2927.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2927.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2927", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-27T09:15:10.240", - "lastModified": "2023-05-28T02:28:04.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-03T04:21:30.980", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jizhicms:jizhicms:2.4.5:*:*:*:*:*:*:*", + "matchCriteriaId": "6B00EB2D-0404-461A-A787-2E7479F0E624" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/JiZhiCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF).md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.230082", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.230082", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30570.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30570.json index 6a7178e715c..311c99d6105 100644 --- a/CVE-2023/CVE-2023-305xx/CVE-2023-30570.json +++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30570.json @@ -2,19 +2,77 @@ "id": "CVE-2023-30570", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-29T00:15:09.820", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-03T04:12:44.180", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.28", + "versionEndIncluding": "4.10", + "matchCriteriaId": "0CFA1697-D667-487B-88A5-5368F50B5383" + } + ] + } + ] + } + ], "references": [ { "url": "https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-318xx/CVE-2023-31874.json b/CVE-2023/CVE-2023-318xx/CVE-2023-31874.json index 524889bc050..4d9b3174e6b 100644 --- a/CVE-2023/CVE-2023-318xx/CVE-2023-31874.json +++ b/CVE-2023/CVE-2023-318xx/CVE-2023-31874.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31874", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-29T00:15:09.867", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-03T04:09:10.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Yank Note (YN) 3.52.1 permite la ejecuci\u00f3n de c\u00f3digo arbitrario cuando se abre un archivo manipulado, por ejemplo: \"via nodeRequire('child_process')\"." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yank-note:yank_note:3.52.1:*:*:*:*:*:*:*", + "matchCriteriaId": "CD3B3CC3-1DB8-4A75-9FF5-4AC5669F898B" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/172535/Yank-Note-3.52.1-Arbitrary-Code-Execution.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33291.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33291.json index 41ed02126f5..459da4ee3ca 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33291.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33291.json @@ -2,23 +2,82 @@ "id": "CVE-2023-33291", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-28T22:15:09.453", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-03T04:27:48.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ebankit:ebankit:6:*:*:*:*:*:*:*", + "matchCriteriaId": "6824EC5D-D81B-4BE1-BF73-6B95EF0095C1" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/172476/eBankIT-6-Arbitrary-OTP-Generation.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.ebankit.com/digital-banking-platform", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34151.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34151.json index dce52f81bce..2787d1dbc1b 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34151.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34151.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34151", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-30T22:15:11.000", - "lastModified": "2023-05-31T13:02:26.480", + "lastModified": "2023-06-03T05:15:09.977", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -35,6 +35,10 @@ { "url": "https://github.com/ImageMagick/ImageMagick/issues/6341", "source": "secalert@redhat.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34152.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34152.json index d7a0b0e691a..6021aa82a7e 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34152.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34152.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34152", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-30T22:15:11.070", - "lastModified": "2023-05-31T13:02:26.480", + "lastModified": "2023-06-03T05:15:10.037", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -35,6 +35,10 @@ { "url": "https://github.com/ImageMagick/ImageMagick/issues/6339", "source": "secalert@redhat.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34153.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34153.json index bf4c2def750..27ac6efc423 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34153.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34153.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34153", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-30T22:15:11.143", - "lastModified": "2023-05-31T13:02:26.480", + "lastModified": "2023-06-03T05:15:10.093", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -35,6 +35,10 @@ { "url": "https://github.com/ImageMagick/ImageMagick/issues/6338", "source": "secalert@redhat.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/README.md b/README.md index 82bf2aedbc1..87e431555be 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-03T04:00:24.432795+00:00 +2023-06-03T06:00:25.006494+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-03T03:59:10.540000+00:00 +2023-06-03T05:15:10.093000+00:00 ``` ### Last Data Feed Release @@ -29,37 +29,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -216799 +216811 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `12` -* [CVE-2023-0583](CVE-2023/CVE-2023-05xx/CVE-2023-0583.json) (`2023-06-03T02:15:09.050`) -* [CVE-2023-0584](CVE-2023/CVE-2023-05xx/CVE-2023-0584.json) (`2023-06-03T02:15:09.120`) +* [CVE-2023-2298](CVE-2023/CVE-2023-22xx/CVE-2023-2298.json) (`2023-06-03T05:15:09.173`) +* [CVE-2023-2299](CVE-2023/CVE-2023-22xx/CVE-2023-2299.json) (`2023-06-03T05:15:09.267`) +* [CVE-2023-2300](CVE-2023/CVE-2023-23xx/CVE-2023-2300.json) (`2023-06-03T05:15:09.330`) +* [CVE-2023-2301](CVE-2023/CVE-2023-23xx/CVE-2023-2301.json) (`2023-06-03T05:15:09.397`) +* [CVE-2023-2302](CVE-2023/CVE-2023-23xx/CVE-2023-2302.json) (`2023-06-03T05:15:09.460`) +* [CVE-2023-2303](CVE-2023/CVE-2023-23xx/CVE-2023-2303.json) (`2023-06-03T05:15:09.527`) +* [CVE-2023-2404](CVE-2023/CVE-2023-24xx/CVE-2023-2404.json) (`2023-06-03T05:15:09.593`) +* [CVE-2023-2405](CVE-2023/CVE-2023-24xx/CVE-2023-2405.json) (`2023-06-03T05:15:09.653`) +* [CVE-2023-2406](CVE-2023/CVE-2023-24xx/CVE-2023-2406.json) (`2023-06-03T05:15:09.717`) +* [CVE-2023-2407](CVE-2023/CVE-2023-24xx/CVE-2023-2407.json) (`2023-06-03T05:15:09.780`) +* [CVE-2023-2415](CVE-2023/CVE-2023-24xx/CVE-2023-2415.json) (`2023-06-03T05:15:09.843`) +* [CVE-2023-2416](CVE-2023/CVE-2023-24xx/CVE-2023-2416.json) (`2023-06-03T05:15:09.903`) ### CVEs modified in the last Commit -Recently modified CVEs: `16` +Recently modified CVEs: `10` -* [CVE-2023-32319](CVE-2023/CVE-2023-323xx/CVE-2023-32319.json) (`2023-06-03T02:58:54.227`) -* [CVE-2023-32316](CVE-2023/CVE-2023-323xx/CVE-2023-32316.json) (`2023-06-03T03:07:49.543`) -* [CVE-2023-32317](CVE-2023/CVE-2023-323xx/CVE-2023-32317.json) (`2023-06-03T03:27:00.970`) -* [CVE-2023-21514](CVE-2023/CVE-2023-215xx/CVE-2023-21514.json) (`2023-06-03T03:34:16.450`) -* [CVE-2023-21515](CVE-2023/CVE-2023-215xx/CVE-2023-21515.json) (`2023-06-03T03:42:38.067`) -* [CVE-2023-21516](CVE-2023/CVE-2023-215xx/CVE-2023-21516.json) (`2023-06-03T03:50:20.003`) -* [CVE-2023-32311](CVE-2023/CVE-2023-323xx/CVE-2023-32311.json) (`2023-06-03T03:52:19.483`) -* [CVE-2023-32325](CVE-2023/CVE-2023-323xx/CVE-2023-32325.json) (`2023-06-03T03:54:19.633`) -* [CVE-2023-1664](CVE-2023/CVE-2023-16xx/CVE-2023-1664.json) (`2023-06-03T03:56:45.087`) -* [CVE-2023-2923](CVE-2023/CVE-2023-29xx/CVE-2023-2923.json) (`2023-06-03T03:57:06.737`) -* [CVE-2023-32315](CVE-2023/CVE-2023-323xx/CVE-2023-32315.json) (`2023-06-03T03:57:06.817`) -* [CVE-2023-32762](CVE-2023/CVE-2023-327xx/CVE-2023-32762.json) (`2023-06-03T03:57:36.630`) -* [CVE-2023-32321](CVE-2023/CVE-2023-323xx/CVE-2023-32321.json) (`2023-06-03T03:57:51.573`) -* [CVE-2023-27613](CVE-2023/CVE-2023-276xx/CVE-2023-27613.json) (`2023-06-03T03:58:19.157`) -* [CVE-2023-32763](CVE-2023/CVE-2023-327xx/CVE-2023-32763.json) (`2023-06-03T03:58:52.207`) -* [CVE-2023-2925](CVE-2023/CVE-2023-29xx/CVE-2023-2925.json) (`2023-06-03T03:59:10.540`) +* [CVE-2023-31874](CVE-2023/CVE-2023-318xx/CVE-2023-31874.json) (`2023-06-03T04:09:10.037`) +* [CVE-2023-30570](CVE-2023/CVE-2023-305xx/CVE-2023-30570.json) (`2023-06-03T04:12:44.180`) +* [CVE-2023-23699](CVE-2023/CVE-2023-236xx/CVE-2023-23699.json) (`2023-06-03T04:14:09.763`) +* [CVE-2023-0329](CVE-2023/CVE-2023-03xx/CVE-2023-0329.json) (`2023-06-03T04:18:39.423`) +* [CVE-2023-2927](CVE-2023/CVE-2023-29xx/CVE-2023-2927.json) (`2023-06-03T04:21:30.980`) +* [CVE-2023-33291](CVE-2023/CVE-2023-332xx/CVE-2023-33291.json) (`2023-06-03T04:27:48.593`) +* [CVE-2023-0341](CVE-2023/CVE-2023-03xx/CVE-2023-0341.json) (`2023-06-03T05:15:08.917`) +* [CVE-2023-34151](CVE-2023/CVE-2023-341xx/CVE-2023-34151.json) (`2023-06-03T05:15:09.977`) +* [CVE-2023-34152](CVE-2023/CVE-2023-341xx/CVE-2023-34152.json) (`2023-06-03T05:15:10.037`) +* [CVE-2023-34153](CVE-2023/CVE-2023-341xx/CVE-2023-34153.json) (`2023-06-03T05:15:10.093`) ## Download and Usage