admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-03T06:00:25.006494+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-03 06:00:28 +00:00
parent 2084452010
commit 2cbdfafa98
23 changed files with 1145 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
CVE-2023/CVE-2023-03xx/CVE-2023-0329.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-0329", "id": "CVE-2023-0329",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:09.397", "published": "2023-05-30T08:15:09.397",
"lastModified": "2023-05-30T12:52:56.613", "lastModified": "2023-06-03T04:18:39.423",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role." "value": "The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.12.2",
"matchCriteriaId": "C2623190-0D53-465A-BF74-3E3984C1DED6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/a875836d-77f4-4306-b275-2b60efff1493", "url": "https://wpscan.com/vulnerability/a875836d-77f4-4306-b275-2b60efff1493",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

6
CVE-2023/CVE-2023-03xx/CVE-2023-0341.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0341", "id": "CVE-2023-0341",
"sourceIdentifier": "security@ubuntu.com", "sourceIdentifier": "security@ubuntu.com",
"published": "2023-02-01T00:15:10.343", "published": "2023-02-01T00:15:10.343",
"lastModified": "2023-02-09T22:15:11.063", "lastModified": "2023-06-03T05:15:08.917",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
@ -103,6 +103,10 @@
"Third Party Advisory" "Third Party Advisory"
] ]
}, },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCFE7DXWAAKDJPRKMXHCACKGKNV37IYZ/",
"source": "security@ubuntu.com"
},
{ {
"url": "https://litios.github.io/2023/01/14/CVE-2023-0341.html", "url": "https://litios.github.io/2023/01/14/CVE-2023-0341.html",
"source": "security@ubuntu.com", "source": "security@ubuntu.com",

63
CVE-2023/CVE-2023-22xx/CVE-2023-2298.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2298",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.173",
"lastModified": "2023-06-03T05:15:09.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/meeting-scheduler-by-vcita/trunk/vcita-api-functions.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e6a0bf9-4767-4d4c-9a1e-adcb3c7719d9?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-22xx/CVE-2023-2299.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2299",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.267",
"lastModified": "2023-06-03T05:15:09.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/meeting-scheduler-by-vcita/trunk/vcita-api-functions.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4855627a-de56-49ee-b0b0-01b9735d8557?source=cve",
"source": "security@wordfence.com"
}
]
}

47
CVE-2023/CVE-2023-236xx/CVE-2023-23699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23699", "id": "CVE-2023-23699",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-29T15:15:09.393", "published": "2023-05-29T15:15:09.393",
"lastModified": "2023-05-30T12:52:56.613", "lastModified": "2023-06-03T04:14:09.763",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress_bar_project:progress_bar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.1",
"matchCriteriaId": "BDE201CF-A10F-4327-A498-F59E1046E697"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/progress-bar/wordpress-progress-bar-plugin-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/progress-bar/wordpress-progress-bar-plugin-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-23xx/CVE-2023-2300.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2300",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.330",
"lastModified": "2023-06-03T05:15:09.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/contact-form-with-a-meeting-scheduler-by-vcita/trunk/system/parse_vcita_callback.php#L55",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12ce97ba-8053-481f-bcd7-05d5e8292adb?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-23xx/CVE-2023-2301.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2301",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.397",
"lastModified": "2023-06-03T05:15:09.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/contact-form-with-a-meeting-scheduler-by-vcita/trunk/system/parse_vcita_callback.php#L55",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61c39f5f-3b17-4e4d-824e-241159a73400?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-23xx/CVE-2023-2302.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2302",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.460",
"lastModified": "2023-06-03T05:15:09.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/lead-capturing-call-to-actions-by-vcita/trunk/vcita-callback.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dfc237a-9157-4da9-ba8f-9daf2ba4f20b?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-23xx/CVE-2023-2303.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2303",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.527",
"lastModified": "2023-06-03T05:15:09.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/lead-capturing-call-to-actions-by-vcita/trunk/vcita-callback.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2345c972-9fd4-4709-8bde-315ab54f60e2?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-24xx/CVE-2023-2404.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2404",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.593",
"lastModified": "2023-06-03T05:15:09.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/crm-customer-relationship-management-by-vcita/trunk/vcita-callback.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e26ccd06-22e0-4d91-a53a-df6ead8a8e3b?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-24xx/CVE-2023-2405.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2405",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.653",
"lastModified": "2023-06-03T05:15:09.653",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/crm-customer-relationship-management-by-vcita/trunk/vcita-callback.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f75c6bf-1b93-49d5-b5fb-e59b4e67432f?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2023/CVE-2023-24xx/CVE-2023-2406.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-2406",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.717",
"lastModified": "2023-06-03T05:15:09.717",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments \u2013 Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/system/parse_vcita_callback.php#L55",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/paypal-payment-button-by-vcita/trunk/system/parse_vcita_callback.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ab05954-9999-43ff-8e3c-a987e2da1956?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2023/CVE-2023-24xx/CVE-2023-2407.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-2407",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.780",
"lastModified": "2023-06-03T05:15:09.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments \u2013 Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/system/parse_vcita_callback.php#L55",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/paypal-payment-button-by-vcita/trunk/system/parse_vcita_callback.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/207b40fa-2062-48d6-990b-f05cbbf8fb8e?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-24xx/CVE-2023-2415.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2415",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.843",
"lastModified": "2023-06-03T05:15:09.843",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php#L55",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/731cbeed-d4aa-448f-878a-8c51a3da4e18?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-24xx/CVE-2023-2416.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2416",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.903",
"lastModified": "2023-06-03T05:15:09.903",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php#L55",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f434585c-8533-4788-b0bc-5650390c29a8?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2023/CVE-2023-29xx/CVE-2023-2927.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2927", "id": "CVE-2023-2927",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-27T09:15:10.240", "published": "2023-05-27T09:15:10.240",
"lastModified": "2023-05-28T02:28:04.970", "lastModified": "2023-06-03T04:21:30.980",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -11,6 +11,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
@ -71,18 +93,46 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jizhicms:jizhicms:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6B00EB2D-0404-461A-A787-2E7479F0E624"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/JiZhiCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF).md", "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/JiZhiCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF).md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.230082", "url": "https://vuldb.com/?ctiid.230082",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?id.230082", "url": "https://vuldb.com/?id.230082",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

66
CVE-2023/CVE-2023-305xx/CVE-2023-30570.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2023-30570", "id": "CVE-2023-30570",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-05-29T00:15:09.820", "published": "2023-05-29T00:15:09.820",
"lastModified": "2023-05-30T12:52:56.613", "lastModified": "2023-06-03T04:12:44.180",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28." "value": "pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.28",
"versionEndIncluding": "4.10",
"matchCriteriaId": "0CFA1697-D667-487B-88A5-5368F50B5383"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt", "url": "https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-318xx/CVE-2023-31874.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31874", "id": "CVE-2023-31874",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-05-29T00:15:09.867", "published": "2023-05-29T00:15:09.867",
"lastModified": "2023-05-30T12:52:56.613", "lastModified": "2023-06-03T04:09:10.037",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,11 +14,67 @@
"value": "Yank Note (YN) 3.52.1 permite la ejecuci\u00f3n de c\u00f3digo arbitrario cuando se abre un archivo manipulado, por ejemplo: \"via nodeRequire('child_process')\"." "value": "Yank Note (YN) 3.52.1 permite la ejecuci\u00f3n de c\u00f3digo arbitrario cuando se abre un archivo manipulado, por ejemplo: \"via nodeRequire('child_process')\"."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yank-note:yank_note:3.52.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD3B3CC3-1DB8-4A75-9FF5-4AC5669F898B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://packetstormsecurity.com/files/172535/Yank-Note-3.52.1-Arbitrary-Code-Execution.html", "url": "http://packetstormsecurity.com/files/172535/Yank-Note-3.52.1-Arbitrary-Code-Execution.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

69
CVE-2023/CVE-2023-332xx/CVE-2023-33291.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-33291", "id": "CVE-2023-33291",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-05-28T22:15:09.453", "published": "2023-05-28T22:15:09.453",
"lastModified": "2023-05-30T12:52:56.613", "lastModified": "2023-06-03T04:27:48.593",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.)" "value": "In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.)"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ebankit:ebankit:6:*:*:*:*:*:*:*",
"matchCriteriaId": "6824EC5D-D81B-4BE1-BF73-6B95EF0095C1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://packetstormsecurity.com/files/172476/eBankIT-6-Arbitrary-OTP-Generation.html", "url": "http://packetstormsecurity.com/files/172476/eBankIT-6-Arbitrary-OTP-Generation.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://www.ebankit.com/digital-banking-platform", "url": "https://www.ebankit.com/digital-banking-platform",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
} }
] ]
} }

6
CVE-2023/CVE-2023-341xx/CVE-2023-34151.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34151", "id": "CVE-2023-34151",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-30T22:15:11.000", "published": "2023-05-30T22:15:11.000",
"lastModified": "2023-05-31T13:02:26.480", "lastModified": "2023-06-03T05:15:09.977",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
@ -35,6 +35,10 @@
{ {
"url": "https://github.com/ImageMagick/ImageMagick/issues/6341", "url": "https://github.com/ImageMagick/ImageMagick/issues/6341",
"source": "secalert@redhat.com" "source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/",
"source": "secalert@redhat.com"
} }
] ]
} }

6
CVE-2023/CVE-2023-341xx/CVE-2023-34152.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34152", "id": "CVE-2023-34152",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-30T22:15:11.070", "published": "2023-05-30T22:15:11.070",
"lastModified": "2023-05-31T13:02:26.480", "lastModified": "2023-06-03T05:15:10.037",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
@ -35,6 +35,10 @@
{ {
"url": "https://github.com/ImageMagick/ImageMagick/issues/6339", "url": "https://github.com/ImageMagick/ImageMagick/issues/6339",
"source": "secalert@redhat.com" "source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/",
"source": "secalert@redhat.com"
} }
] ]
} }

6
CVE-2023/CVE-2023-341xx/CVE-2023-34153.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34153", "id": "CVE-2023-34153",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-30T22:15:11.143", "published": "2023-05-30T22:15:11.143",
"lastModified": "2023-05-31T13:02:26.480", "lastModified": "2023-06-03T05:15:10.093",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
@ -35,6 +35,10 @@
{ {
"url": "https://github.com/ImageMagick/ImageMagick/issues/6338", "url": "https://github.com/ImageMagick/ImageMagick/issues/6338",
"source": "secalert@redhat.com" "source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/",
"source": "secalert@redhat.com"
} }
] ]
} }

50
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-06-03T04:00:24.432795+00:00 2023-06-03T06:00:25.006494+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-06-03T03:59:10.540000+00:00 2023-06-03T05:15:10.093000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,37 +29,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
216799 216811
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `2` Recently added CVEs: `12`
* [CVE-2023-0583](CVE-2023/CVE-2023-05xx/CVE-2023-0583.json) (`2023-06-03T02:15:09.050`) * [CVE-2023-2298](CVE-2023/CVE-2023-22xx/CVE-2023-2298.json) (`2023-06-03T05:15:09.173`)
* [CVE-2023-0584](CVE-2023/CVE-2023-05xx/CVE-2023-0584.json) (`2023-06-03T02:15:09.120`) * [CVE-2023-2299](CVE-2023/CVE-2023-22xx/CVE-2023-2299.json) (`2023-06-03T05:15:09.267`)
* [CVE-2023-2300](CVE-2023/CVE-2023-23xx/CVE-2023-2300.json) (`2023-06-03T05:15:09.330`)
* [CVE-2023-2301](CVE-2023/CVE-2023-23xx/CVE-2023-2301.json) (`2023-06-03T05:15:09.397`)
* [CVE-2023-2302](CVE-2023/CVE-2023-23xx/CVE-2023-2302.json) (`2023-06-03T05:15:09.460`)
* [CVE-2023-2303](CVE-2023/CVE-2023-23xx/CVE-2023-2303.json) (`2023-06-03T05:15:09.527`)
* [CVE-2023-2404](CVE-2023/CVE-2023-24xx/CVE-2023-2404.json) (`2023-06-03T05:15:09.593`)
* [CVE-2023-2405](CVE-2023/CVE-2023-24xx/CVE-2023-2405.json) (`2023-06-03T05:15:09.653`)
* [CVE-2023-2406](CVE-2023/CVE-2023-24xx/CVE-2023-2406.json) (`2023-06-03T05:15:09.717`)
* [CVE-2023-2407](CVE-2023/CVE-2023-24xx/CVE-2023-2407.json) (`2023-06-03T05:15:09.780`)
* [CVE-2023-2415](CVE-2023/CVE-2023-24xx/CVE-2023-2415.json) (`2023-06-03T05:15:09.843`)
* [CVE-2023-2416](CVE-2023/CVE-2023-24xx/CVE-2023-2416.json) (`2023-06-03T05:15:09.903`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `16` Recently modified CVEs: `10`
* [CVE-2023-32319](CVE-2023/CVE-2023-323xx/CVE-2023-32319.json) (`2023-06-03T02:58:54.227`) * [CVE-2023-31874](CVE-2023/CVE-2023-318xx/CVE-2023-31874.json) (`2023-06-03T04:09:10.037`)
* [CVE-2023-32316](CVE-2023/CVE-2023-323xx/CVE-2023-32316.json) (`2023-06-03T03:07:49.543`) * [CVE-2023-30570](CVE-2023/CVE-2023-305xx/CVE-2023-30570.json) (`2023-06-03T04:12:44.180`)
* [CVE-2023-32317](CVE-2023/CVE-2023-323xx/CVE-2023-32317.json) (`2023-06-03T03:27:00.970`) * [CVE-2023-23699](CVE-2023/CVE-2023-236xx/CVE-2023-23699.json) (`2023-06-03T04:14:09.763`)
* [CVE-2023-21514](CVE-2023/CVE-2023-215xx/CVE-2023-21514.json) (`2023-06-03T03:34:16.450`) * [CVE-2023-0329](CVE-2023/CVE-2023-03xx/CVE-2023-0329.json) (`2023-06-03T04:18:39.423`)
* [CVE-2023-21515](CVE-2023/CVE-2023-215xx/CVE-2023-21515.json) (`2023-06-03T03:42:38.067`) * [CVE-2023-2927](CVE-2023/CVE-2023-29xx/CVE-2023-2927.json) (`2023-06-03T04:21:30.980`)
* [CVE-2023-21516](CVE-2023/CVE-2023-215xx/CVE-2023-21516.json) (`2023-06-03T03:50:20.003`) * [CVE-2023-33291](CVE-2023/CVE-2023-332xx/CVE-2023-33291.json) (`2023-06-03T04:27:48.593`)
* [CVE-2023-32311](CVE-2023/CVE-2023-323xx/CVE-2023-32311.json) (`2023-06-03T03:52:19.483`) * [CVE-2023-0341](CVE-2023/CVE-2023-03xx/CVE-2023-0341.json) (`2023-06-03T05:15:08.917`)
* [CVE-2023-32325](CVE-2023/CVE-2023-323xx/CVE-2023-32325.json) (`2023-06-03T03:54:19.633`) * [CVE-2023-34151](CVE-2023/CVE-2023-341xx/CVE-2023-34151.json) (`2023-06-03T05:15:09.977`)
* [CVE-2023-1664](CVE-2023/CVE-2023-16xx/CVE-2023-1664.json) (`2023-06-03T03:56:45.087`) * [CVE-2023-34152](CVE-2023/CVE-2023-341xx/CVE-2023-34152.json) (`2023-06-03T05:15:10.037`)
* [CVE-2023-2923](CVE-2023/CVE-2023-29xx/CVE-2023-2923.json) (`2023-06-03T03:57:06.737`) * [CVE-2023-34153](CVE-2023/CVE-2023-341xx/CVE-2023-34153.json) (`2023-06-03T05:15:10.093`)
* [CVE-2023-32315](CVE-2023/CVE-2023-323xx/CVE-2023-32315.json) (`2023-06-03T03:57:06.817`)
* [CVE-2023-32762](CVE-2023/CVE-2023-327xx/CVE-2023-32762.json) (`2023-06-03T03:57:36.630`)
* [CVE-2023-32321](CVE-2023/CVE-2023-323xx/CVE-2023-32321.json) (`2023-06-03T03:57:51.573`)
* [CVE-2023-27613](CVE-2023/CVE-2023-276xx/CVE-2023-27613.json) (`2023-06-03T03:58:19.157`)
* [CVE-2023-32763](CVE-2023/CVE-2023-327xx/CVE-2023-32763.json) (`2023-06-03T03:58:52.207`)
* [CVE-2023-2925](CVE-2023/CVE-2023-29xx/CVE-2023-2925.json) (`2023-06-03T03:59:10.540`)
## Download and Usage ## Download and Usage