admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-21T11:00:17.830456+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-21 11:00:21 +00:00
parent 550001da5e
commit 3e47ca0604
5 changed files with 176 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2023/CVE-2023-47xx/CVE-2023-4799.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-4799",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-11-20T19:15:09.433",
"lastModified": "2023-11-20T19:18:46.073",
"lastModified": "2023-11-21T09:15:07.360",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Magic Embeds WordPress plugin through 3.0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
"value": "The Magic Embeds WordPress plugin before 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},

55
CVE-2023/CVE-2023-55xx/CVE-2023-5598.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5598",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2023-11-21T10:15:07.900",
"lastModified": "2023-11-21T10:15:07.900",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stored Cross-site Scripting (XSS) vulnerabilities\u00c2\u00a0affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories",
"source": "3DS.Information-Security@3ds.com"
}
]
}

55
CVE-2023/CVE-2023-55xx/CVE-2023-5599.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5599",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2023-11-21T10:15:08.210",
"lastModified": "2023-11-21T10:15:08.210",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories",
"source": "3DS.Information-Security@3ds.com"
}
]
}

55
CVE-2023/CVE-2023-57xx/CVE-2023-5776.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5776",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-21T09:15:07.467",
"lastModified": "2023-11-21T09:15:07.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, and pmdm_wp_delete_user_meta functions. This makes it possible for unauthenticated attackers to delete arbitrary user, term, and post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://plugins.svn.wordpress.org/post-meta-data-manager/tags/1.2.1/readme.txt",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2981559%40post-meta-data-manager&new=2981559%40post-meta-data-manager&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2994271%40post-meta-data-manager&new=2994271%40post-meta-data-manager&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d49b8c44-4dad-4990-a8a8-116b424a7dfa?source=cve",
"source": "security@wordfence.com"
}
]
}

23
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-21T09:00:18.897571+00:00
2023-11-21T11:00:17.830456+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-21T07:15:11.460000+00:00
2023-11-21T10:15:08.210000+00:00
```
### Last Data Feed Release
@ -29,28 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231200
231203
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `3`
* [CVE-2023-21416](CVE-2023/CVE-2023-214xx/CVE-2023-21416.json) (`2023-11-21T07:15:08.890`)
* [CVE-2023-21417](CVE-2023/CVE-2023-214xx/CVE-2023-21417.json) (`2023-11-21T07:15:09.283`)
* [CVE-2023-21418](CVE-2023/CVE-2023-214xx/CVE-2023-21418.json) (`2023-11-21T07:15:09.583`)
* [CVE-2023-46935](CVE-2023/CVE-2023-469xx/CVE-2023-46935.json) (`2023-11-21T07:15:09.967`)
* [CVE-2023-4149](CVE-2023/CVE-2023-41xx/CVE-2023-4149.json) (`2023-11-21T07:15:10.093`)
* [CVE-2023-4424](CVE-2023/CVE-2023-44xx/CVE-2023-4424.json) (`2023-11-21T07:15:10.557`)
* [CVE-2023-5553](CVE-2023/CVE-2023-55xx/CVE-2023-5553.json) (`2023-11-21T07:15:11.180`)
* [CVE-2023-5776](CVE-2023/CVE-2023-57xx/CVE-2023-5776.json) (`2023-11-21T09:15:07.467`)
* [CVE-2023-5598](CVE-2023/CVE-2023-55xx/CVE-2023-5598.json) (`2023-11-21T10:15:07.900`)
* [CVE-2023-5599](CVE-2023/CVE-2023-55xx/CVE-2023-5599.json) (`2023-11-21T10:15:08.210`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `1`
* [CVE-2020-27792](CVE-2020/CVE-2020-277xx/CVE-2020-27792.json) (`2023-11-21T07:15:07.617`)
* [CVE-2023-6006](CVE-2023/CVE-2023-60xx/CVE-2023-6006.json) (`2023-11-21T07:15:11.460`)
* [CVE-2023-4799](CVE-2023/CVE-2023-47xx/CVE-2023-4799.json) (`2023-11-21T09:15:07.360`)
## Download and Usage