admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-17T12:00:25.377260+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-17 12:00:28 +00:00
parent 49b61e4d36
commit 4020b527cf
10 changed files with 483 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2023/CVE-2023-443xx/CVE-2023-44310.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-44310",
"sourceIdentifier": "security@liferay.com",
"published": "2023-10-17T10:15:09.793",
"lastModified": "2023-10-17T10:15:09.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's \"Name\" text field."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) almacenada en Page Tree menu Liferay Portal 7.3.6 hasta 7.4.3.78, y Liferay DXP 7.3 fixpack 1 hasta la actualizaci\u00f3n 23, y 7.4 antes de la actualizaci\u00f3n 79 permite a atacantes remotos inyectar script web o HTML arbitrario mediante un payload manipulado inyectado en el campo de texto \"Name\" de la p\u00e1gina."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310",
"source": "security@liferay.com"
}
]
}

59
CVE-2023/CVE-2023-443xx/CVE-2023-44311.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-44311",
"sourceIdentifier": "security@liferay.com",
"published": "2023-10-17T10:15:09.947",
"lastModified": "2023-10-17T10:15:09.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de Cross-Site Scripting (XSS) reflejadas en el complemento para la clase OAuth2ProviderApplicationRedirect del m\u00f3dulo OAuth 2.0 en Liferay Portal v7.4.3.41 a 7.4.3.89 y Liferay DXP 7.4 actualizaci\u00f3n 41 a 89 permiten a atacantes remotos inyectar script web o HTML arbitrarios mediante el (1) c\u00f3digo o (2) el par\u00e1metro de error. Este problema se debe a una soluci\u00f3n incompleta en CVE-2023-33941."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44311",
"source": "security@liferay.com"
}
]
}

59
CVE-2023/CVE-2023-449xx/CVE-2023-44990.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-44990",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-17T10:15:10.017",
"lastModified": "2023-10-17T10:15:10.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional plugin <=\u00a01.0.7.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento realmag777 WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional en versiones &lt;= 1.0.7.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-plugin-1-0-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-450xx/CVE-2023-45003.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45003",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-17T11:15:10.637",
"lastModified": "2023-10-17T11:15:10.637",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin <=\u00a02.2.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-social-feed/wordpress-social-feed-plugin-2-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-450xx/CVE-2023-45005.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45005",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-17T10:15:10.093",
"lastModified": "2023-10-17T10:15:10.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Castos Seriously Simple Stats plugin <=\u00a01.5.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Castos Seriously Simple Stats en versiones &lt;= 1.5.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/seriously-simple-stats/wordpress-seriously-simple-stats-plugin-1-5-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-450xx/CVE-2023-45010.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45010",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-17T11:15:10.730",
"lastModified": "2023-10-17T11:15:10.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex MacArthur Complete Open Graph plugin <=\u00a03.4.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/complete-open-graph/wordpress-complete-open-graph-plugin-3-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-48xx/CVE-2023-4822.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4822", "id": "CVE-2023-4822",
"sourceIdentifier": "security@grafana.com", "sourceIdentifier": "security@grafana.com",
"published": "2023-10-16T09:15:11.687", "published": "2023-10-16T09:15:11.687",
"lastModified": "2023-10-16T11:58:00.980", "lastModified": "2023-10-17T10:15:10.193",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The vulnerability impacts instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.\n\nIt also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.\n\nThis means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.\n\nThe vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.\n\n" "value": "Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.\n\nIt also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.\n\nThis means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.\n\nThe vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.\n\n"
},
{
"lang": "es",
"value": "Grafana es una plataforma de c\u00f3digo abierto para monitorizaci\u00f3n y observabilidad. La vulnerabilidad afecta las instancias de Grafana con varias organizaciones y permite a un usuario con permisos de Organization Admin en una organizaci\u00f3n cambiar los permisos asociados con los roles de Organization Viewer, Organization Editor and Organization Admin en todas las organizaciones. Tambi\u00e9n permite que un Organization Admin asigne o revoque cualquier permiso que tenga para cualquier usuario a nivel mundial. Esto significa que cualquier Organization Admin puede elevar sus propios permisos en cualquier organizaci\u00f3n de la que ya sea miembro, y elevar o restringir los permisos de cualquier otro usuario. La vulnerabilidad no permite que un usuario se convierta en miembro de una organizaci\u00f3n de la que a\u00fan no es miembro, ni agregue otros usuarios a una organizaci\u00f3n de la que el usuario actual no es miembro."
} }
], ],
"metrics": { "metrics": {

59
CVE-2023/CVE-2023-53xx/CVE-2023-5339.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5339",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-10-17T10:15:10.343",
"lastModified": "2023-10-17T10:15:10.343",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost Desktop\u00a0fails to set an appropriate log level during initial run after fresh installation\u00a0resulting in logging all keystrokes\u00a0including password entry\u00a0being logged.\u00a0\n\n"
},
{
"lang": "es",
"value": "Mattermost Desktop no puede establecer un nivel de registro apropiado durante la ejecuci\u00f3n inicial despu\u00e9s de una nueva instalaci\u00f3n, lo que provoca que se registren todas las pulsaciones de teclas, incluida la entrada de contrase\u00f1a."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

59
CVE-2023/CVE-2023-55xx/CVE-2023-5522.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5522",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-10-17T10:15:10.427",
"lastModified": "2023-10-17T10:15:10.427",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost Mobile fails to limit\u00a0the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and\u00a0freeze the mobile app of users when viewing that particular channel.\u00a0\n\n"
},
{
"lang": "es",
"value": "Mattermost Mobile no limita la cantidad m\u00e1xima de elementos Markdown en una publicaci\u00f3n, lo que permite a un atacante enviar una publicaci\u00f3n con cientos de emojis a un canal y congelar la aplicaci\u00f3n m\u00f3vil de los usuarios cuando ven ese canal en particular."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

23
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-10-17T10:00:52.176211+00:00 2023-10-17T12:00:25.377260+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-10-17T09:15:10.347000+00:00 2023-10-17T11:15:10.730000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,25 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
228025 228033
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `5` Recently added CVEs: `8`
* [CVE-2023-42497](CVE-2023/CVE-2023-424xx/CVE-2023-42497.json) (`2023-10-17T08:15:09.437`) * [CVE-2023-44310](CVE-2023/CVE-2023-443xx/CVE-2023-44310.json) (`2023-10-17T10:15:09.793`)
* [CVE-2023-4399](CVE-2023/CVE-2023-43xx/CVE-2023-4399.json) (`2023-10-17T08:15:09.553`) * [CVE-2023-44311](CVE-2023/CVE-2023-443xx/CVE-2023-44311.json) (`2023-10-17T10:15:09.947`)
* [CVE-2023-24385](CVE-2023/CVE-2023-243xx/CVE-2023-24385.json) (`2023-10-17T09:15:09.960`) * [CVE-2023-44990](CVE-2023/CVE-2023-449xx/CVE-2023-44990.json) (`2023-10-17T10:15:10.017`)
* [CVE-2023-42629](CVE-2023/CVE-2023-426xx/CVE-2023-42629.json) (`2023-10-17T09:15:10.167`) * [CVE-2023-45005](CVE-2023/CVE-2023-450xx/CVE-2023-45005.json) (`2023-10-17T10:15:10.093`)
* [CVE-2023-44309](CVE-2023/CVE-2023-443xx/CVE-2023-44309.json) (`2023-10-17T09:15:10.347`) * [CVE-2023-5339](CVE-2023/CVE-2023-53xx/CVE-2023-5339.json) (`2023-10-17T10:15:10.343`)
* [CVE-2023-5522](CVE-2023/CVE-2023-55xx/CVE-2023-5522.json) (`2023-10-17T10:15:10.427`)
* [CVE-2023-45003](CVE-2023/CVE-2023-450xx/CVE-2023-45003.json) (`2023-10-17T11:15:10.637`)
* [CVE-2023-45010](CVE-2023/CVE-2023-450xx/CVE-2023-45010.json) (`2023-10-17T11:15:10.730`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `1` Recently modified CVEs: `1`
* [CVE-2023-36387](CVE-2023/CVE-2023-363xx/CVE-2023-36387.json) (`2023-10-17T08:15:09.210`) * [CVE-2023-4822](CVE-2023/CVE-2023-48xx/CVE-2023-4822.json) (`2023-10-17T10:15:10.193`)
## Download and Usage ## Download and Usage