admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-12-16 17:25:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-18T04:00:41.593036+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-18 04:00:45 +00:00
parent 5e49c53d5d
commit 36a84e5fe0
15 changed files with 737 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2020/CVE-2020-366xx/CVE-2020-36695.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2020-36695",
"sourceIdentifier": "hirt@hitachi.co.jp",
"published": "2023-07-18T03:15:52.963",
"lastModified": "2023-07-18T03:15:52.963",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html",
"source": "hirt@hitachi.co.jp"
}
]
}

43
CVE-2021/CVE-2021-430xx/CVE-2021-43072.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2021-43072",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-07-18T03:15:54.947",
"lastModified": "2023-07-18T03:15:54.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://fortiguard.com/advisory/FG-IR-21-206",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2022/CVE-2022-41xx/CVE-2022-4146.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-4146",
"sourceIdentifier": "hirt@hitachi.co.jp",
"published": "2023-07-18T03:15:55.067",
"lastModified": "2023-07-18T03:15:55.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-917"
}
]
}
],
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-123/index.html",
"source": "hirt@hitachi.co.jp"
}
]
}

43
CVE-2023/CVE-2023-319xx/CVE-2023-31998.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-31998",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-07-18T03:15:55.163",
"lastModified": "2023-07-18T03:15:55.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-033-033/17f7c7c0-830b-4625-a2ee-e90e514e7b0f",
"source": "support@hackerone.com"
}
]
}

4
CVE-2023/CVE-2023-341xx/CVE-2023-34139.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-34139",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-07-17T18:15:09.607",
"lastModified": "2023-07-17T18:58:33.633",
"lastModified": "2023-07-18T03:15:55.260",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the Free Time WiFi hotspot feature of in the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2,\u00a0could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device."
"value": "A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2,\u00a0could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device."
}
],
"metrics": {

55
CVE-2023/CVE-2023-341xx/CVE-2023-34142.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34142",
"sourceIdentifier": "hirt@hitachi.co.jp",
"published": "2023-07-18T03:15:55.427",
"lastModified": "2023-07-18T03:15:55.427",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html",
"source": "hirt@hitachi.co.jp"
}
]
}

55
CVE-2023/CVE-2023-341xx/CVE-2023-34143.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34143",
"sourceIdentifier": "hirt@hitachi.co.jp",
"published": "2023-07-18T03:15:55.510",
"lastModified": "2023-07-18T03:15:55.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-297"
}
]
}
],
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html",
"source": "hirt@hitachi.co.jp"
}
]
}

63
CVE-2023/CVE-2023-34xx/CVE-2023-3403.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-3403",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-18T03:15:55.673",
"lastModified": "2023-07-18T03:15:55.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import new users and update existing users."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.4.8/admin/class-profile-magic-admin.php#L1027",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2938904/profilegrid-user-profiles-groups-and-communities#file0",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b335fc19-2998-4711-8813-6cb68d7447bd?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-34xx/CVE-2023-3459.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-3459",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-18T03:15:55.793",
"lastModified": "2023-07-18T03:15:55.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with shop manager-level permissions to change user passwords and potentially take over administrator accounts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/users-customers-import-export-for-wp-woocommerce/tags/2.4.1/admin/modules/user/import/import.php#L446",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2938705/users-customers-import-export-for-wp-woocommerce#file201",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47337214-9cc3-4b12-bb71-9acbab3649b7?source=cve",
"source": "security@wordfence.com"
}
]
}

75
CVE-2023/CVE-2023-37xx/CVE-2023-3708.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2023-3708",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-18T03:15:55.897",
"lastModified": "2023-07-18T03:15:55.897",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://deothemes.com/changelog/medikaid-changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=196755%40nokke&new=196755%40nokke&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=196756%40arendelle&new=196756%40arendelle&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=196757%40amela&new=196757%40amela&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=196758%40everse&new=196758%40everse&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1b8b0f14-f31a-45cd-bb98-0b717059aa80?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-37xx/CVE-2023-3709.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3709",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-18T03:15:56.010",
"lastModified": "2023-07-18T03:15:56.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2938619%40royal-elementor-addons&new=2936984%40royal-elementor-addons&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/86c9bcf1-c69e-47ca-b74b-8ce6157f520b?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-37xx/CVE-2023-3713.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-3713",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-18T03:15:56.110",
"lastModified": "2023-07-18T03:15:56.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. This can be used by attackers to achieve privilege escalation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.4.8/admin/class-profile-magic-admin.php#L599",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2938904/profilegrid-user-profiles-groups-and-communities#file0",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/473ba791-af99-4aae-99cb-ccf220e443e7?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2023/CVE-2023-37xx/CVE-2023-3714.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-3714",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-18T03:15:56.207",
"lastModified": "2023-07-18T03:15:56.207",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, including the 'associate_role' parameter, which defines the member's role. This issue was partially patched in version 5.5.2 preventing privilege escalation, however, it was fully patched in 5.5.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.4.8/public/partials/profile-magic-group.php#L80",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2938904/profilegrid-user-profiles-groups-and-communities#file4",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2939344/profilegrid-user-profiles-groups-and-communities/trunk/public/partials/profile-magic-group.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4766651-92a6-42c9-81bc-7ea25350f561?source=cve",
"source": "security@wordfence.com"
}
]
}

20
CVE-2023/CVE-2023-384xx/CVE-2023-38434.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38434",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-18T03:15:55.610",
"lastModified": "2023-07-18T03:15:55.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cozis/xHTTP/issues/1",
"source": "cve@mitre.org"
}
]
}

31
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-18T02:00:26.061449+00:00
2023-07-18T04:00:41.593036+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-18T00:15:09.750000+00:00
2023-07-18T03:15:56.207000+00:00
```
### Last Data Feed Release
@ -29,26 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
220493
220506
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `13`
* [CVE-2023-38426](CVE-2023/CVE-2023-384xx/CVE-2023-38426.json) (`2023-07-18T00:15:09.483`)
* [CVE-2023-38427](CVE-2023/CVE-2023-384xx/CVE-2023-38427.json) (`2023-07-18T00:15:09.530`)
* [CVE-2023-38428](CVE-2023/CVE-2023-384xx/CVE-2023-38428.json) (`2023-07-18T00:15:09.577`)
* [CVE-2023-38429](CVE-2023/CVE-2023-384xx/CVE-2023-38429.json) (`2023-07-18T00:15:09.620`)
* [CVE-2023-38430](CVE-2023/CVE-2023-384xx/CVE-2023-38430.json) (`2023-07-18T00:15:09.663`)
* [CVE-2023-38431](CVE-2023/CVE-2023-384xx/CVE-2023-38431.json) (`2023-07-18T00:15:09.707`)
* [CVE-2023-38432](CVE-2023/CVE-2023-384xx/CVE-2023-38432.json) (`2023-07-18T00:15:09.750`)
* [CVE-2020-36695](CVE-2020/CVE-2020-366xx/CVE-2020-36695.json) (`2023-07-18T03:15:52.963`)
* [CVE-2021-43072](CVE-2021/CVE-2021-430xx/CVE-2021-43072.json) (`2023-07-18T03:15:54.947`)
* [CVE-2022-4146](CVE-2022/CVE-2022-41xx/CVE-2022-4146.json) (`2023-07-18T03:15:55.067`)
* [CVE-2023-31998](CVE-2023/CVE-2023-319xx/CVE-2023-31998.json) (`2023-07-18T03:15:55.163`)
* [CVE-2023-34142](CVE-2023/CVE-2023-341xx/CVE-2023-34142.json) (`2023-07-18T03:15:55.427`)
* [CVE-2023-34143](CVE-2023/CVE-2023-341xx/CVE-2023-34143.json) (`2023-07-18T03:15:55.510`)
* [CVE-2023-38434](CVE-2023/CVE-2023-384xx/CVE-2023-38434.json) (`2023-07-18T03:15:55.610`)
* [CVE-2023-3403](CVE-2023/CVE-2023-34xx/CVE-2023-3403.json) (`2023-07-18T03:15:55.673`)
* [CVE-2023-3459](CVE-2023/CVE-2023-34xx/CVE-2023-3459.json) (`2023-07-18T03:15:55.793`)
* [CVE-2023-3708](CVE-2023/CVE-2023-37xx/CVE-2023-3708.json) (`2023-07-18T03:15:55.897`)
* [CVE-2023-3709](CVE-2023/CVE-2023-37xx/CVE-2023-3709.json) (`2023-07-18T03:15:56.010`)
* [CVE-2023-3713](CVE-2023/CVE-2023-37xx/CVE-2023-3713.json) (`2023-07-18T03:15:56.110`)
* [CVE-2023-3714](CVE-2023/CVE-2023-37xx/CVE-2023-3714.json) (`2023-07-18T03:15:56.207`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
* [CVE-2023-34139](CVE-2023/CVE-2023-341xx/CVE-2023-34139.json) (`2023-07-18T03:15:55.260`)
## Download and Usage