From 4ae9d8d47f737d6743d570116fc58992336d8c24 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 10 Oct 2023 10:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-10T10:00:25.292960+00:00 --- CVE-2022/CVE-2022-466xx/CVE-2022-46663.json | 6 ++- CVE-2023/CVE-2023-00xx/CVE-2023-0028.json | 22 +++------ CVE-2023/CVE-2023-04xx/CVE-2023-0493.json | 20 +++----- CVE-2023/CVE-2023-07xx/CVE-2023-0747.json | 21 +++----- CVE-2023/CVE-2023-07xx/CVE-2023-0748.json | 21 +++----- CVE-2023/CVE-2023-08xx/CVE-2023-0879.json | 21 +++----- CVE-2023/CVE-2023-09xx/CVE-2023-0919.json | 21 +++----- CVE-2023/CVE-2023-11xx/CVE-2023-1177.json | 21 +++----- CVE-2023/CVE-2023-12xx/CVE-2023-1283.json | 21 +++----- CVE-2023/CVE-2023-16xx/CVE-2023-1647.json | 29 +++++------ CVE-2023/CVE-2023-23xx/CVE-2023-2307.json | 21 +++----- CVE-2023/CVE-2023-25xx/CVE-2023-2564.json | 21 +++----- CVE-2023/CVE-2023-416xx/CVE-2023-41694.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-416xx/CVE-2023-41697.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-417xx/CVE-2023-41730.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41850.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41851.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41852.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41853.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41854.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41858.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41876.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-436xx/CVE-2023-43641.json | 6 ++- CVE-2023/CVE-2023-442xx/CVE-2023-44257.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-442xx/CVE-2023-44259.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-50xx/CVE-2023-5084.json | 21 +++----- README.md | 37 +++++++++++--- 27 files changed, 800 insertions(+), 169 deletions(-) create mode 100644 CVE-2023/CVE-2023-416xx/CVE-2023-41694.json create mode 100644 CVE-2023/CVE-2023-416xx/CVE-2023-41697.json create mode 100644 CVE-2023/CVE-2023-417xx/CVE-2023-41730.json create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41850.json create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41851.json create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41852.json create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41853.json create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41854.json create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41858.json create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41876.json create mode 100644 CVE-2023/CVE-2023-442xx/CVE-2023-44257.json create mode 100644 CVE-2023/CVE-2023-442xx/CVE-2023-44259.json diff --git a/CVE-2022/CVE-2022-466xx/CVE-2022-46663.json b/CVE-2022/CVE-2022-466xx/CVE-2022-46663.json index 4551fe131a0..81facd7bcc6 100644 --- a/CVE-2022/CVE-2022-466xx/CVE-2022-46663.json +++ b/CVE-2022/CVE-2022-466xx/CVE-2022-46663.json @@ -2,7 +2,7 @@ "id": "CVE-2022-46663", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-07T21:15:09.247", - "lastModified": "2023-06-10T03:15:09.107", + "lastModified": "2023-10-10T08:15:09.527", "vulnStatus": "Modified", "descriptions": [ { @@ -92,6 +92,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LR7AUWB34JD4PCW3HHASBEDGGHFWPAQP/", "source": "cve@mitre.org" }, + { + "url": "https://security.gentoo.org/glsa/202310-11", + "source": "cve@mitre.org" + }, { "url": "https://www.openwall.com/lists/oss-security/2023/02/07/7", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0028.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0028.json index b6f78d4a712..9f5927c066e 100644 --- a/CVE-2023/CVE-2023-00xx/CVE-2023-0028.json +++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0028.json @@ -2,12 +2,12 @@ "id": "CVE-2023-0028", "sourceIdentifier": "security@huntr.dev", "published": "2023-01-01T01:15:12.627", - "lastModified": "2023-01-06T21:36:28.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-10T08:15:09.673", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+." + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+.\n\n" } ], "metrics": { @@ -31,15 +31,13 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -88,12 +86,8 @@ ], "references": [ { - "url": "https://github.com/linagora/twake/commit/61f4c0caf4ce61c839fb304a707972974daacae9", - "source": "security@huntr.dev", - "tags": [ - "Patch", - "Third Party Advisory" - ] + "url": "https://github.com/linagora/Twake/pull/2678/commits/c0708c397e199c68cea0db9f59d29d7dbdcdde7b", + "source": "security@huntr.dev" }, { "url": "https://huntr.dev/bounties/bfd935f4-2d1d-4d3f-8b59-522abe7dd065", diff --git a/CVE-2023/CVE-2023-04xx/CVE-2023-0493.json b/CVE-2023/CVE-2023-04xx/CVE-2023-0493.json index a9bc2afb8cd..4572fa231c4 100644 --- a/CVE-2023/CVE-2023-04xx/CVE-2023-0493.json +++ b/CVE-2023/CVE-2023-04xx/CVE-2023-0493.json @@ -2,12 +2,12 @@ "id": "CVE-2023-0493", "sourceIdentifier": "security@huntr.dev", "published": "2023-01-26T23:15:15.920", - "lastModified": "2023-04-06T17:15:09.957", + "lastModified": "2023-10-10T08:15:09.813", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5." + "value": "Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.\n\n" } ], "metrics": { @@ -31,15 +31,13 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -92,12 +90,8 @@ "source": "security@huntr.dev" }, { - "url": "https://github.com/btcpayserver/btcpayserver/commit/02070d65836cd24627929b3403efbae8de56039a", - "source": "security@huntr.dev", - "tags": [ - "Patch", - "Third Party Advisory" - ] + "url": "https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd24627929b3403efbae8de56039a", + "source": "security@huntr.dev" }, { "url": "https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f", diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0747.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0747.json index b67f8ee0f1e..a922f106b92 100644 --- a/CVE-2023/CVE-2023-07xx/CVE-2023-0747.json +++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0747.json @@ -2,12 +2,12 @@ "id": "CVE-2023-0747", "sourceIdentifier": "security@huntr.dev", "published": "2023-02-08T14:15:09.697", - "lastModified": "2023-02-18T20:35:36.730", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-10T08:15:09.930", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6." + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\n\n" } ], "metrics": { @@ -31,15 +31,13 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -88,11 +86,8 @@ ], "references": [ { - "url": "https://github.com/btcpayserver/btcpayserver/commit/d4e464ad4ef0cbbf61751e70f77865de325dd6cf", - "source": "security@huntr.dev", - "tags": [ - "Patch" - ] + "url": "https://github.com/btcpayserver/btcpayserver/pull/4567/commits/d4e464ad4ef0cbbf61751e70f77865de325dd6cf", + "source": "security@huntr.dev" }, { "url": "https://huntr.dev/bounties/7830b9b4-af2e-44ef-8b00-ee2491d4e7ff", diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0748.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0748.json index 6de40f5a382..242a0ab97f5 100644 --- a/CVE-2023/CVE-2023-07xx/CVE-2023-0748.json +++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0748.json @@ -2,12 +2,12 @@ "id": "CVE-2023-0748", "sourceIdentifier": "security@huntr.dev", "published": "2023-02-08T15:15:13.467", - "lastModified": "2023-02-18T20:38:12.043", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-10T08:15:10.033", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6." + "value": "Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\n\n" } ], "metrics": { @@ -31,15 +31,13 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", @@ -88,11 +86,8 @@ ], "references": [ { - "url": "https://github.com/btcpayserver/btcpayserver/commit/c2cfa17e9619046b43987627b8429541d2834109", - "source": "security@huntr.dev", - "tags": [ - "Patch" - ] + "url": "https://github.com/btcpayserver/btcpayserver/pull/4575/commits/c2cfa17e9619046b43987627b8429541d2834109", + "source": "security@huntr.dev" }, { "url": "https://huntr.dev/bounties/1a0403b6-9ec9-4587-b559-b1afba798c86", diff --git a/CVE-2023/CVE-2023-08xx/CVE-2023-0879.json b/CVE-2023/CVE-2023-08xx/CVE-2023-0879.json index 20ec9972e47..bad89de0480 100644 --- a/CVE-2023/CVE-2023-08xx/CVE-2023-0879.json +++ b/CVE-2023/CVE-2023-08xx/CVE-2023-0879.json @@ -2,12 +2,12 @@ "id": "CVE-2023-0879", "sourceIdentifier": "security@huntr.dev", "published": "2023-02-17T02:15:10.680", - "lastModified": "2023-02-25T03:38:54.770", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-10T08:15:10.137", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12." + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.\n\n" } ], "metrics": { @@ -31,15 +31,13 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -88,11 +86,8 @@ ], "references": [ { - "url": "https://github.com/btcpayserver/btcpayserver/commit/f2f3b245c4d8980d8e54e4708c796df82332c3d7", - "source": "security@huntr.dev", - "tags": [ - "Patch" - ] + "url": "https://github.com/btcpayserver/btcpayserver/pull/4635/commits/f2f3b245c4d8980d8e54e4708c796df82332c3d7", + "source": "security@huntr.dev" }, { "url": "https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541", diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0919.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0919.json index b555087e575..34eab5e87c7 100644 --- a/CVE-2023/CVE-2023-09xx/CVE-2023-0919.json +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0919.json @@ -2,12 +2,12 @@ "id": "CVE-2023-0919", "sourceIdentifier": "security@huntr.dev", "published": "2023-02-19T15:15:10.433", - "lastModified": "2023-02-28T20:26:40.133", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-10T08:15:10.243", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0." + "value": "Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0.\n\n" } ], "metrics": { @@ -31,15 +31,13 @@ }, "exploitabilityScore": 2.1, "impactScore": 1.4 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -88,11 +86,8 @@ ], "references": [ { - "url": "https://github.com/kareadita/kavita/commit/6648b79e1b2f92449d5816d0722b7a3d72f259d5", - "source": "security@huntr.dev", - "tags": [ - "Patch" - ] + "url": "https://github.com/Kareadita/Kavita/pull/1748/commits/6648b79e1b2f92449d5816d0722b7a3d72f259d5", + "source": "security@huntr.dev" }, { "url": "https://huntr.dev/bounties/3c514923-473f-4c50-ae0d-d002a41fe70f", diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1177.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1177.json index 029ed75ec74..0c515c8df08 100644 --- a/CVE-2023/CVE-2023-11xx/CVE-2023-1177.json +++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1177.json @@ -2,12 +2,12 @@ "id": "CVE-2023-1177", "sourceIdentifier": "security@huntr.dev", "published": "2023-03-24T15:15:10.193", - "lastModified": "2023-03-28T14:42:27.717", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-10T08:15:10.367", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.2.1." + "value": "Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.\n\n" } ], "metrics": { @@ -31,15 +31,13 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -88,11 +86,8 @@ ], "references": [ { - "url": "https://github.com/mlflow/mlflow/commit/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e", - "source": "security@huntr.dev", - "tags": [ - "Patch" - ] + "url": "https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e", + "source": "security@huntr.dev" }, { "url": "https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28", diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1283.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1283.json index 5d2285286ef..b30f3313d1c 100644 --- a/CVE-2023/CVE-2023-12xx/CVE-2023-1283.json +++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1283.json @@ -2,12 +2,12 @@ "id": "CVE-2023-1283", "sourceIdentifier": "security@huntr.dev", "published": "2023-03-08T22:15:09.683", - "lastModified": "2023-03-14T19:39:32.307", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-10T08:15:10.477", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Code Injection in GitHub repository builderio/qwik prior to 0.21.0." + "value": "Code Injection in GitHub repository builderio/qwik prior to 0.21.0.\n\n" } ], "metrics": { @@ -31,15 +31,13 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -88,11 +86,8 @@ ], "references": [ { - "url": "https://github.com/builderio/qwik/commit/4d9ba6e098ae6e537aa55abb6b8369bb670ffe66", - "source": "security@huntr.dev", - "tags": [ - "Patch" - ] + "url": "https://github.com/BuilderIO/qwik/pull/3249/commits/4d9ba6e098ae6e537aa55abb6b8369bb670ffe66", + "source": "security@huntr.dev" }, { "url": "https://huntr.dev/bounties/63f1ff91-48f3-4886-a179-103f1ddd8ff8", diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1647.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1647.json index 243d492ae21..9cfe3b0d8e3 100644 --- a/CVE-2023/CVE-2023-16xx/CVE-2023-1647.json +++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1647.json @@ -2,12 +2,12 @@ "id": "CVE-2023-1647", "sourceIdentifier": "security@huntr.dev", "published": "2023-03-27T01:15:07.223", - "lastModified": "2023-03-31T00:38:20.477", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-10T08:15:10.580", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Improper Access Control in GitHub repository calcom/cal.com prior to 2.7." + "value": "Improper Access Control in GitHub repository calcom/cal.com prior to 2.7.\n\n" } ], "metrics": { @@ -31,15 +31,13 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -58,22 +56,22 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security@huntr.dev", "type": "Primary", "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-284" } ] }, { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-284" + "value": "NVD-CWE-Other" } ] } @@ -98,11 +96,8 @@ ], "references": [ { - "url": "https://github.com/calcom/cal.com/commit/c76e5f46101a826b2de39123c22f50c840dddba0", - "source": "security@huntr.dev", - "tags": [ - "Patch" - ] + "url": "https://github.com/sbs20/scanservjs/pull/606/commits/d51fd52c1569813990b8f74e64ae6979c665dca1", + "source": "security@huntr.dev" }, { "url": "https://huntr.dev/bounties/d6de3d6e-9551-47d1-b28c-7e965c1b82b6", diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2307.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2307.json index 2bac6d0bf84..8b91365eee5 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2307.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2307.json @@ -2,12 +2,12 @@ "id": "CVE-2023-2307", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-26T17:15:11.217", - "lastModified": "2023-05-03T16:41:14.190", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-10T08:15:10.687", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0." + "value": "Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.\n\n" } ], "metrics": { @@ -31,15 +31,13 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -88,11 +86,8 @@ ], "references": [ { - "url": "https://github.com/builderio/qwik/commit/09190b70027354baf7ad3d208df9c05a87f75f57", - "source": "security@huntr.dev", - "tags": [ - "Patch" - ] + "url": "https://github.com/BuilderIO/qwik/pull/3862/commits/09190b70027354baf7ad3d208df9c05a87f75f57", + "source": "security@huntr.dev" }, { "url": "https://huntr.dev/bounties/204ea12e-9e5c-4166-bf0e-fd49c8836917", diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2564.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2564.json index 9253f90de3a..0722091ea48 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2564.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2564.json @@ -2,12 +2,12 @@ "id": "CVE-2023-2564", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-07T14:15:42.343", - "lastModified": "2023-05-12T14:43:05.987", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-10T08:15:10.790", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0." + "value": "OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0.\n\n" } ], "metrics": { @@ -31,15 +31,13 @@ }, "exploitabilityScore": 3.9, "impactScore": 6.0 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -88,11 +86,8 @@ ], "references": [ { - "url": "https://github.com/sbs20/scanservjs/commit/d51fd52c1569813990b8f74e64ae6979c665dca1", - "source": "security@huntr.dev", - "tags": [ - "Patch" - ] + "url": "https://github.com/sbs20/scanservjs/pull/606/commits/d51fd52c1569813990b8f74e64ae6979c665dca1", + "source": "security@huntr.dev" }, { "url": "https://huntr.dev/bounties/d13113ad-a107-416b-acc1-01e4c16ec461", diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41694.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41694.json new file mode 100644 index 00000000000..0f570a244c6 --- /dev/null +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41694.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41694", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T08:15:10.907", + "lastModified": "2023-10-10T08:15:10.907", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <=\u00a01.0.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/realbig-media/wordpress-realbig-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41697.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41697.json new file mode 100644 index 00000000000..2a77ccf4dda --- /dev/null +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41697.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41697", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T08:15:10.983", + "lastModified": "2023-10-10T08:15:10.983", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <=\u00a01.9 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/easy-wp-cleaner/wordpress-easy-wp-cleaner-plugin-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41730.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41730.json new file mode 100644 index 00000000000..e1f339e5efb --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41730.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41730", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T08:15:11.057", + "lastModified": "2023-10-10T08:15:11.057", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <=\u00a01.22.3.31 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/sendpress/wordpress-sendpress-newsletters-plugin-1-22-3-31-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41850.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41850.json new file mode 100644 index 00000000000..a6f1d943f45 --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41850.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41850", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T09:15:09.737", + "lastModified": "2023-10-10T09:15:09.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <=\u00a01.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/outbound-link-manager/wordpress-outbound-link-manager-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41851.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41851.json new file mode 100644 index 00000000000..2e7d1b71eaf --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41851.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41851", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T09:15:09.833", + "lastModified": "2023-10-10T09:15:09.833", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <=\u00a01.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-custom-post-template/wordpress-wp-custom-post-template-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41852.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41852.json new file mode 100644 index 00000000000..c2f1a7a9524 --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41852.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41852", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T09:15:09.917", + "lastModified": "2023-10-10T09:15:09.917", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch \u2013 Grow your Email List plugin <=\u00a03.1.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mailmunch/wordpress-mailmunch-grow-your-email-list-plugin-3-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41853.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41853.json new file mode 100644 index 00000000000..b20e780daa4 --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41853.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41853", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T09:15:09.997", + "lastModified": "2023-10-10T09:15:09.997", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <=\u00a01.0.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-ical-availability/wordpress-wp-ical-availability-plugin-1-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41854.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41854.json new file mode 100644 index 00000000000..78d552c81df --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41854.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41854", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T09:15:10.080", + "lastModified": "2023-10-10T09:15:10.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <=\u00a01.5.7 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-central/wordpress-wpcentral-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41858.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41858.json new file mode 100644 index 00000000000..6fa2262270c --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41858.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41858", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T09:15:10.167", + "lastModified": "2023-10-10T09:15:10.167", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <=\u00a01.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/order-delivery-date/wordpress-order-delivery-date-for-wp-e-commerce-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41876.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41876.json new file mode 100644 index 00000000000..22752aac1ff --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41876.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41876", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T09:15:10.250", + "lastModified": "2023-10-10T09:15:10.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <=\u00a01.0.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-gallery-metabox/wordpress-wp-gallery-metabox-plugin-1-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43641.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43641.json index 77e07416dde..cdf24d2a2ed 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43641.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43641.json @@ -2,7 +2,7 @@ "id": "CVE-2023-43641", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-09T22:15:12.707", - "lastModified": "2023-10-09T22:15:12.707", + "lastModified": "2023-10-10T08:15:11.137", "vulnStatus": "Received", "descriptions": [ { @@ -50,6 +50,10 @@ { "url": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/", "source": "security-advisories@github.com" + }, + { + "url": "https://security.gentoo.org/glsa/202310-10", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44257.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44257.json new file mode 100644 index 00000000000..e5001fd8c45 --- /dev/null +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44257.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44257", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T09:15:10.337", + "lastModified": "2023-10-10T09:15:10.337", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <=\u00a01.7.6 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mangboard/wordpress-mang-board-wp-plugin-1-7-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44259.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44259.json new file mode 100644 index 00000000000..7ce219f3f37 --- /dev/null +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44259.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44259", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T09:15:10.417", + "lastModified": "2023-10-10T09:15:10.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <=\u00a02.10.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mediavine-control-panel/wordpress-mediavine-control-panel-plugin-2-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5084.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5084.json index ac4d020f322..6b95f4f259d 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5084.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5084.json @@ -2,12 +2,12 @@ "id": "CVE-2023-5084", "sourceIdentifier": "security@huntr.dev", "published": "2023-09-20T10:15:15.723", - "lastModified": "2023-09-22T16:28:20.927", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-10T08:15:11.257", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8." + "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.\n\n" }, { "lang": "es", @@ -35,15 +35,13 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 - } - ], - "cvssMetricV30": [ + }, { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", @@ -92,11 +90,8 @@ ], "references": [ { - "url": "https://github.com/hestiacp/hestiacp/commit/5131f5a966759df77477fdf7f29daa2bda93b1ff", - "source": "security@huntr.dev", - "tags": [ - "Patch" - ] + "url": "https://github.com/hestiacp/hestiacp/pull/4013/commits/5131f5a966759df77477fdf7f29daa2bda93b1ff", + "source": "security@huntr.dev" }, { "url": "https://huntr.dev/bounties/f3340570-6e59-4c72-a7d1-d4b829b4fb45", diff --git a/README.md b/README.md index cef20c90efc..ddabc1b8b7a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-10T08:00:26.912403+00:00 +2023-10-10T10:00:25.292960+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-10T07:15:11.577000+00:00 +2023-10-10T09:15:10.417000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227285 +227297 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `12` -* [CVE-2023-41684](CVE-2023/CVE-2023-416xx/CVE-2023-41684.json) (`2023-10-10T07:15:11.577`) +* [CVE-2023-41694](CVE-2023/CVE-2023-416xx/CVE-2023-41694.json) (`2023-10-10T08:15:10.907`) +* [CVE-2023-41697](CVE-2023/CVE-2023-416xx/CVE-2023-41697.json) (`2023-10-10T08:15:10.983`) +* [CVE-2023-41730](CVE-2023/CVE-2023-417xx/CVE-2023-41730.json) (`2023-10-10T08:15:11.057`) +* [CVE-2023-41850](CVE-2023/CVE-2023-418xx/CVE-2023-41850.json) (`2023-10-10T09:15:09.737`) +* [CVE-2023-41851](CVE-2023/CVE-2023-418xx/CVE-2023-41851.json) (`2023-10-10T09:15:09.833`) +* [CVE-2023-41852](CVE-2023/CVE-2023-418xx/CVE-2023-41852.json) (`2023-10-10T09:15:09.917`) +* [CVE-2023-41853](CVE-2023/CVE-2023-418xx/CVE-2023-41853.json) (`2023-10-10T09:15:09.997`) +* [CVE-2023-41854](CVE-2023/CVE-2023-418xx/CVE-2023-41854.json) (`2023-10-10T09:15:10.080`) +* [CVE-2023-41858](CVE-2023/CVE-2023-418xx/CVE-2023-41858.json) (`2023-10-10T09:15:10.167`) +* [CVE-2023-41876](CVE-2023/CVE-2023-418xx/CVE-2023-41876.json) (`2023-10-10T09:15:10.250`) +* [CVE-2023-44257](CVE-2023/CVE-2023-442xx/CVE-2023-44257.json) (`2023-10-10T09:15:10.337`) +* [CVE-2023-44259](CVE-2023/CVE-2023-442xx/CVE-2023-44259.json) (`2023-10-10T09:15:10.417`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `14` +* [CVE-2022-46663](CVE-2022/CVE-2022-466xx/CVE-2022-46663.json) (`2023-10-10T08:15:09.527`) +* [CVE-2023-0028](CVE-2023/CVE-2023-00xx/CVE-2023-0028.json) (`2023-10-10T08:15:09.673`) +* [CVE-2023-0493](CVE-2023/CVE-2023-04xx/CVE-2023-0493.json) (`2023-10-10T08:15:09.813`) +* [CVE-2023-0747](CVE-2023/CVE-2023-07xx/CVE-2023-0747.json) (`2023-10-10T08:15:09.930`) +* [CVE-2023-0748](CVE-2023/CVE-2023-07xx/CVE-2023-0748.json) (`2023-10-10T08:15:10.033`) +* [CVE-2023-0879](CVE-2023/CVE-2023-08xx/CVE-2023-0879.json) (`2023-10-10T08:15:10.137`) +* [CVE-2023-0919](CVE-2023/CVE-2023-09xx/CVE-2023-0919.json) (`2023-10-10T08:15:10.243`) +* [CVE-2023-1177](CVE-2023/CVE-2023-11xx/CVE-2023-1177.json) (`2023-10-10T08:15:10.367`) +* [CVE-2023-1283](CVE-2023/CVE-2023-12xx/CVE-2023-1283.json) (`2023-10-10T08:15:10.477`) +* [CVE-2023-1647](CVE-2023/CVE-2023-16xx/CVE-2023-1647.json) (`2023-10-10T08:15:10.580`) +* [CVE-2023-2307](CVE-2023/CVE-2023-23xx/CVE-2023-2307.json) (`2023-10-10T08:15:10.687`) +* [CVE-2023-2564](CVE-2023/CVE-2023-25xx/CVE-2023-2564.json) (`2023-10-10T08:15:10.790`) +* [CVE-2023-43641](CVE-2023/CVE-2023-436xx/CVE-2023-43641.json) (`2023-10-10T08:15:11.137`) +* [CVE-2023-5084](CVE-2023/CVE-2023-50xx/CVE-2023-5084.json) (`2023-10-10T08:15:11.257`) ## Download and Usage