Auto-Update: 2023-10-17T10:00:52.176211+00:00

2025-07-09 16:05:11 +00:00 · 2023-10-17 10:00:55 +00:00 · 2023-10-17 10:00:55 +00:00 · 49b61e4d36
commit 49b61e4d36
parent 8d3ffb229f
7 changed files with 299 additions and 15 deletions
--- a/CVE-2023/CVE-2023-243xx/CVE-2023-24385.json
+++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24385.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-24385",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-10-17T09:15:09.960",
+  "lastModified": "2023-10-17T09:15:09.960",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <=\u00a03.11 versions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/media-library-assistant/wordpress-media-library-assistant-plugin-3-11-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-363xx/CVE-2023-36387.json
+++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36387.json
@ -2,12 +2,16 @@
  "id": "CVE-2023-36387",
  "sourceIdentifier": "security@apache.org",
  "published": "2023-09-06T13:15:08.537",
-  "lastModified": "2023-09-11T14:25:26.437",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-10-17T08:15:09.210",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.\n"
+    },
+    {
+      "lang": "es",
+      "value": "Un permiso de API REST predeterminado incorrecto para los usuarios de Gamma en Apache Superset hasta la versi\u00f3n 2.1.0 incluida permite que un usuario de Gamma autenticado pruebe las conexiones de la base de datos.\n"
    }
  ],
  "metrics": {
@ -56,22 +60,22 @@
  },
  "weaknesses": [
    {
-      "source": "nvd@nist.gov",
+      "source": "security@apache.org",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
-          "value": "CWE-281"
+          "value": "CWE-863"
        }
      ]
    },
    {
-      "source": "security@apache.org",
+      "source": "nvd@nist.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
-          "value": "CWE-918"
+          "value": "CWE-281"
        }
      ]
    }
@ -95,6 +99,10 @@
    }
  ],
  "references": [
+    {
+      "url": "https://github.com/apache/superset/pull/24185",
+      "source": "security@apache.org"
+    },
    {
      "url": "https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3",
      "source": "security@apache.org",
--- a/CVE-2023/CVE-2023-424xx/CVE-2023-42497.json
+++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42497.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-42497",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2023-10-17T08:15:09.437",
+  "lastModified": "2023-10-17T08:15:09.437",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.6,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497",
+      "source": "security@liferay.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-426xx/CVE-2023-42629.json
+++ b/CVE-2023/CVE-2023-426xx/CVE-2023-42629.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-42629",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2023-10-17T09:15:10.167",
+  "lastModified": "2023-10-17T09:15:10.167",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.0,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42629",
+      "source": "security@liferay.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-43xx/CVE-2023-4399.json
+++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4399.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-4399",
+  "sourceIdentifier": "security@grafana.com",
+  "published": "2023-10-17T08:15:09.553",
+  "lastModified": "2023-10-17T08:15:09.553",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Grafana is an open-source platform for monitoring and observability. \n\nIn Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn\u2019t call specific hosts.\n\nHowever, the restriction can be bypassed used punycode encoding of the characters in the request address.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@grafana.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.6,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@grafana.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-183"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://grafana.com/security/security-advisories/cve-2023-4399/",
+      "source": "security@grafana.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-443xx/CVE-2023-44309.json
+++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44309.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-44309",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2023-10-17T09:15:10.347",
+  "lastModified": "2023-10-17T09:15:10.347",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field of a linked source asset."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.0,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44309",
+      "source": "security@liferay.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-10-17T08:00:25.402342+00:00
+2023-10-17T10:00:52.176211+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-10-17T07:15:10.090000+00:00
+2023-10-17T09:15:10.347000+00:00
 ```

 ### Last Data Feed Release
@ -29,24 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-228020
+228025
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `5`

-* [CVE-2023-44693](CVE-2023/CVE-2023-446xx/CVE-2023-44693.json) (`2023-10-17T06:15:09.553`)
-* [CVE-2023-44694](CVE-2023/CVE-2023-446xx/CVE-2023-44694.json) (`2023-10-17T06:15:09.690`)
-* [CVE-2023-39456](CVE-2023/CVE-2023-394xx/CVE-2023-39456.json) (`2023-10-17T07:15:09.737`)
-* [CVE-2023-41752](CVE-2023/CVE-2023-417xx/CVE-2023-41752.json) (`2023-10-17T07:15:09.960`)
-* [CVE-2023-4089](CVE-2023/CVE-2023-40xx/CVE-2023-4089.json) (`2023-10-17T07:15:10.090`)
+* [CVE-2023-42497](CVE-2023/CVE-2023-424xx/CVE-2023-42497.json) (`2023-10-17T08:15:09.437`)
+* [CVE-2023-4399](CVE-2023/CVE-2023-43xx/CVE-2023-4399.json) (`2023-10-17T08:15:09.553`)
+* [CVE-2023-24385](CVE-2023/CVE-2023-243xx/CVE-2023-24385.json) (`2023-10-17T09:15:09.960`)
+* [CVE-2023-42629](CVE-2023/CVE-2023-426xx/CVE-2023-42629.json) (`2023-10-17T09:15:10.167`)
+* [CVE-2023-44309](CVE-2023/CVE-2023-443xx/CVE-2023-44309.json) (`2023-10-17T09:15:10.347`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+* [CVE-2023-36387](CVE-2023/CVE-2023-363xx/CVE-2023-36387.json) (`2023-10-17T08:15:09.210`)


 ## Download and Usage