admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-15T16:00:33.662693+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-15 16:00:37 +00:00
parent 464c42dfcc
commit 52ddd7a8d0
54 changed files with 1988 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-223xx/CVE-2022-22307.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-22307",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-15T01:15:09.920",
"lastModified": "2023-06-15T01:15:09.920",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753."
},
{
"lang": "es",
"value": "IBM Security Guardium v11.3, v11.4 y v11.5 podr\u00eda permitir a un usuario local obtener privilegios elevados debido a comprobaciones de autorizaci\u00f3n incorrectas. ID de IBM X-Force: 216753. "
}
],
"metrics": {

8
CVE-2022/CVE-2022-327xx/CVE-2022-32752.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-32752",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-15T03:15:09.873",
"lastModified": "2023-06-15T03:15:09.873",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439."
},
{
"lang": "es",
"value": "IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 podr\u00eda permitir a un atacante remoto autenticado ejecutar comandos arbitrarios en el sistema enviando una solicitud especialmente manipulada. ID de IBM X-Force: 228439. "
}
],
"metrics": {

8
CVE-2022/CVE-2022-327xx/CVE-2022-32757.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-32757",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-15T03:15:09.950",
"lastModified": "2023-06-15T03:15:09.950",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510."
},
{
"lang": "es",
"value": "IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 utiliza una configuraci\u00f3n de bloqueo de cuentas inadecuada que podr\u00eda permitir a un atacante remoto forzar las credenciales de las cuentas. ID de IBM X-Force: 228510."
}
],
"metrics": {

8
CVE-2022/CVE-2022-331xx/CVE-2022-33159.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-33159",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-15T02:15:09.240",
"lastModified": "2023-06-15T02:15:09.240",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567."
},
{
"lang": "es",
"value": "IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 almacena las credenciales de usuario en texto sin formato que puede leer un usuario autenticado. ID de IBM X-Force: 228567. "
}
],
"metrics": {

8
CVE-2022/CVE-2022-331xx/CVE-2022-33163.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-33163",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-15T02:15:09.313",
"lastModified": "2023-06-15T02:15:09.313",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571."
},
{
"lang": "es",
"value": "IBM Security Directory Suite VA v8.0.1 especifica permisos para un recurso cr\u00edtico para la seguridad de una forma que permite que dicho recurso sea le\u00eddo o modificado por actores no deseados. ID de IBM X-Force: 228571. "
}
],
"metrics": {

8
CVE-2022/CVE-2022-331xx/CVE-2022-33166.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-33166",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-15T03:15:10.020",
"lastModified": "2023-06-15T03:15:10.020",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586."
},
{
"lang": "es",
"value": "IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 podr\u00eda permitir a un usuario con privilegios cargar archivos maliciosos con formatos peligrosos que pueden procesarse autom\u00e1ticamente en el entorno del producto. ID de IBM X-Force: 228586."
}
],
"metrics": {

8
CVE-2022/CVE-2022-331xx/CVE-2022-33168.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-33168",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-15T02:15:09.377",
"lastModified": "2023-06-15T02:15:09.377",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588."
},
{
"lang": "es",
"value": "IBM Security Directory Suite VA v8.0.1 podr\u00eda permitir a un atacante provocar una denegaci\u00f3n de servicio debido al consumo incontrolado de recursos. ID de IBM X-Force: 228588. "
}
],
"metrics": {

4
CVE-2022/CVE-2022-41xx/CVE-2022-4149.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4149",
"sourceIdentifier": "psirt@netskope.com",
"published": "2023-06-15T07:15:08.710",
"lastModified": "2023-06-15T07:15:08.710",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

34
CVE-2023/CVE-2023-09xx/CVE-2023-0985.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0985",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-06-06T11:15:09.093",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T12:04:52.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.13.3",
"matchCriteriaId": "6CC21EC6-52DA-47D9-AC27-9D1707B71467"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.13.3",
"matchCriteriaId": "70123597-DE04-4807-952D-F9CFC9805A34"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-002/",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Mitigation",
"Third Party Advisory"
]
}
]
}

45
CVE-2023/CVE-2023-17xx/CVE-2023-1779.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1779",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-06-06T11:15:09.913",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T12:36:44.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -36,8 +36,18 @@
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +56,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.13.3",
"matchCriteriaId": "6CC21EC6-52DA-47D9-AC27-9D1707B71467"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.13.3",
"matchCriteriaId": "70123597-DE04-4807-952D-F9CFC9805A34"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-008/",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-22xx/CVE-2023-2270.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2270",
"sourceIdentifier": "psirt@netskope.com",
"published": "2023-06-15T05:15:09.773",
"lastModified": "2023-06-15T05:15:09.773",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

67
CVE-2023/CVE-2023-22xx/CVE-2023-2275.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2275",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:16:05.777",
"lastModified": "2023-06-09T13:03:29.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T15:31:10.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,26 +66,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wclovers:woocommerce_multivendor_marketplace:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.3",
"matchCriteriaId": "76BF6CD7-9595-4594-A941-745FE709A0A7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wcfm-marketplace-rest-api/tags/1.5.3/includes/api/class-api-order-controller.php#L151",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/wcfm-marketplace-rest-api/tags/1.5.3/includes/api/class-api-order-controller.php#L167",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/wcfm-marketplace-rest-api/tags/1.5.3/includes/api/class-api-order-controller.php#L175",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2904331/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0520601-7e5c-412d-a8da-df1bf8ce28df?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-22xx/CVE-2023-2280.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2280",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:16:06.027",
"lastModified": "2023-06-09T13:03:29.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T15:25:15.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +66,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdirectorykit:wp_directory_kit:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.3",
"matchCriteriaId": "3C1C339B-ED01-4916-AAEF-A121228EC160"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.1.8/public/class-wpdirectorykit-public.php#L249",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2907164/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abb1a758-5c16-4841-b1c7-0705ab16b328?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-238xx/CVE-2023-23802.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23802",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-15T13:15:09.440",
"lastModified": "2023-06-15T14:00:53.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <=\u00a01.0.6 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ht-easy-google-analytics/wordpress-ht-easy-ga4-google-analytics-4-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-244xx/CVE-2023-24420.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24420",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-15T14:15:09.427",
"lastModified": "2023-06-15T14:15:09.427",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <=\u00a01.1.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/admin-side-data-storage-for-contact-form-7/wordpress-admin-side-data-storage-for-contact-form-7-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

57
CVE-2023/CVE-2023-24xx/CVE-2023-2414.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2414",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:16:07.127",
"lastModified": "2023-06-09T13:03:29.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T14:58:16.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +66,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vcita:online_booking_\\&_scheduling_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.2.10",
"matchCriteriaId": "94EABBCE-A9C4-4AC5-BE90-C55E524F0D15"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php#L88",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c99aab5-a995-44ae-bc14-09f73e6b22c5?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-24xx/CVE-2023-2450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2450",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:16:07.427",
"lastModified": "2023-06-09T13:03:29.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T14:57:08.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +66,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fibosearch:fibosearch:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.23.0",
"matchCriteriaId": "BDB84F7E-E824-46B4-9473-AA7CED23F00B"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ajax-search-for-woocommerce/tags/1.23.0/includes/Helpers.php#L1229",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fajax-search-for-woocommerce%2Ftags%2F1.23.0&old=2917453&new_path=%2Fajax-search-for-woocommerce%2Ftags%2F1.24.0&new=2917453&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/880573d8-6dad-4a1b-a5db-33e1dc243062?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-24xx/CVE-2023-2452.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2452",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:16:07.850",
"lastModified": "2023-06-09T13:03:29.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T14:56:14.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,20 +64,57 @@
"value": "CWE-79"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:advanced-woo-search:advanced_woo_search:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.77",
"matchCriteriaId": "C1622ABC-F249-4475-BD13-F3B067E20BB7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.77/includes/admin/class-aws-admin-options.php#L473",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.77/includes/admin/class-aws-admin-options.php#L481",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4278e9d7-aa1e-47a5-b715-09dae5156303?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-24xx/CVE-2023-2484.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2484",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:16:08.247",
"lastModified": "2023-06-09T13:03:29.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T13:25:32.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +66,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:miniorange:active_directory_integration_\\/_ldap_integration:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.1.4",
"matchCriteriaId": "1091C145-C140-4D4F-8889-B3DBBE1A4E18"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ldap-login-for-intranet-sites/trunk/class-mo-ldap-user-auth-reports.php?rev=2859403#L64",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2910898%40ldap-login-for-intranet-sites%2Ftrunk&old=2903294%40ldap-login-for-intranet-sites%2Ftrunk&sfp_email=&sfph_mail=#file5",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3eedc57b-79cc-4569-b6d6-676a22aa1e06?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25055.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25055",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-15T14:15:09.497",
"lastModified": "2023-06-15T14:15:09.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <=\u00a02.6.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/xml-sitemaps-for-videos/wordpress-google-xml-sitemap-for-videos-plugin-2-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25449.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25449",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-15T12:15:09.457",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <=\u00a015.0.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cforms2/wordpress-cformsii-plugin-15-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25450.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25450",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-15T13:15:09.513",
"lastModified": "2023-06-15T14:00:53.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform plugin <=\u00a02.25.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-cross-site-request-forgery-csrf-via-give-cache-flush-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-256xx/CVE-2023-25683.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25683",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-15T01:15:10.010",
"lastModified": "2023-06-15T01:15:10.010",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-259xx/CVE-2023-25972.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25972",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-15T13:15:09.577",
"lastModified": "2023-06-15T14:00:53.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress ????? plugin <=\u00a03.7 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/iksweb/wordpress-start-plugin-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

62
CVE-2023/CVE-2023-25xx/CVE-2023-2526.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2526",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:16:08.387",
"lastModified": "2023-06-09T13:03:29.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T13:39:10.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,22 +66,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:supsystic:easy_google_maps:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.11.7",
"matchCriteriaId": "66FD47B5-27B2-4549-A4A7-9C1C236E798C"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/google-maps-easy/trunk/classes/frame.php?rev=2777743#L246",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2916430/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2916430/google-maps-easy/trunk/classes/frame.php?contextall=1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ea4ca00-185b-4f5d-9c5c-f81ba4edad05?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-276xx/CVE-2023-27634.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27634",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-15T14:15:09.563",
"lastModified": "2023-06-15T14:15:09.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload\u00a0in Shingo Intrepidity plugin <=\u00a01.5.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/intrepidity/wordpress-intrepidity-theme-1-5-1-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-281xx/CVE-2023-28175.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28175",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-06-15T11:15:09.227",
"lastModified": "2023-06-15T11:15:09.227",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-28xx/CVE-2023-2819.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2819",
"sourceIdentifier": "security@proofpoint.com",
"published": "2023-06-14T22:15:09.203",
"lastModified": "2023-06-14T22:15:09.203",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:22.420",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-28xx/CVE-2023-2820.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2820",
"sourceIdentifier": "security@proofpoint.com",
"published": "2023-06-14T22:15:09.273",
"lastModified": "2023-06-14T22:15:09.273",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:22.420",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-28xx/CVE-2023-2847.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2847",
"sourceIdentifier": "security@eset.com",
"published": "2023-06-15T08:15:09.150",
"lastModified": "2023-06-15T08:15:09.150",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-31xx/CVE-2023-3193.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3193",
"sourceIdentifier": "security@liferay.com",
"published": "2023-06-15T04:15:34.727",
"lastModified": "2023-06-15T04:15:34.727",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-322xx/CVE-2023-32229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32229",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-06-15T11:15:09.347",
"lastModified": "2023-06-15T11:15:09.347",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-325xx/CVE-2023-32550.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32550",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-06-06T16:15:10.687",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T12:17:00.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
},
{
"source": "security@ubuntu.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{
"source": "security@ubuntu.com",
"type": "Secondary",
@ -46,10 +76,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:canonical:landscape:*:*:*:*:*:*:*:*",
"versionEndExcluding": "19.10.5",
"matchCriteriaId": "4E6417F0-0BD2-493C-A7DF-929B95D2D124"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.launchpad.net/landscape/+bug/1929037",
"source": "security@ubuntu.com"
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-32xx/CVE-2023-3274.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-3274",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-15T13:15:09.647",
"lastModified": "2023-06-15T14:00:53.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btn_functions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231624."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/wuyangzihan/SUPPLIER-MANAGEMENT-SYSTEM/blob/main/SUPPLIER%20MANAGEMENT%20SYSTEM%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.231624",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.231624",
"source": "cna@vuldb.com"
}
]
}

84
CVE-2023/CVE-2023-32xx/CVE-2023-3275.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-3275",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-15T13:15:09.713",
"lastModified": "2023-06-15T14:00:53.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view-pass-detail.php of the component POST Request Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The identifier VDB-231625 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.231625",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.231625",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-32xx/CVE-2023-3276.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-3276",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-15T13:15:09.773",
"lastModified": "2023-06-15T14:00:53.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://fbdhhhh47.github.io/2023/06/06/hutool-XXE/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.231626",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.231626",
"source": "cna@vuldb.com"
}
]
}

86
CVE-2023/CVE-2023-333xx/CVE-2023-33381.json
View File

@ -2,27 +2,101 @@
"id": "CVE-2023-33381",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-06T12:15:09.250",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T14:04:54.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mitrastar:gpt-2741gnac_firmware:ar_g5.8_110wvn0b7_2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFB4C77-B721-4BF1-8CD5-147DE6C0B065"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mitrastar:gpt-2741gnac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D33BCB-6C48-4B5D-BD06-A0F0344A9C2D"
}
]
}
]
}
],
"references": [
{
"url": "http://gpt-2741gnac.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://mitrastar.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-335xx/CVE-2023-33530.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-33530",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-06T13:15:15.900",
"lastModified": "2023-06-06T13:36:46.723",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T12:09:13.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:g103_firmware:1.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20B50B9D-605D-4DE4-9785-FAA62019C25E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:g103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1530E06E-43D9-44DE-9569-D5A6B1647378"
}
]
}
]
}
],
"references": [
{
"url": "http://tenda.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/tenda/CVE-2023-33530/RCE2/tenda_G103_RCE_2.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

81
CVE-2023/CVE-2023-335xx/CVE-2023-33553.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-33553",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T15:15:09.480",
"lastModified": "2023-06-07T16:18:07.597",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T15:19:16.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:planet:wdrt-1800ax_firmware:1.01-cp21:*:*:*:*:*:*:*",
"matchCriteriaId": "28E52AEF-AEF2-4A88-9EA1-11366FB49AC1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:planet:wdrt-1800ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E0CDD2-B139-4235-A31E-C230349B71E4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/0xfml/poc/blob/main/PLANET/WDRT-1800AX.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.planet.com.tw/en/product/wdrt-1800ax",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-335xx/CVE-2023-33568.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-33568",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T15:15:14.147",
"lastModified": "2023-06-13T16:54:51.953",
"lastModified": "2023-06-15T14:15:09.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists."
"value": "An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists."
}
],
"metrics": {},

69
CVE-2023/CVE-2023-335xx/CVE-2023-33595.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-33595",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T20:15:09.920",
"lastModified": "2023-06-07T20:24:12.193",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T14:58:42.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:cpython:3.12.0:alpha_7:*:*:*:*:*:*",
"matchCriteriaId": "9B61BE28-33F3-425C-9788-867DF50D9AC9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/python/cpython/issues/103824",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/python/cpython/pull/103993/commits/c120bc2d354ca3d27d0c7a53bf65574ddaabaf3a",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

75
CVE-2023/CVE-2023-336xx/CVE-2023-33659.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2023-33659",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-06T12:15:09.503",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T12:21:25.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emqx:nanomq:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0898CABA-5930-437A-8300-4D91648091F1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/emqx/nanomq",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/emqx/nanomq/issues/1154",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/nanomq/NanoNNG/pull/509/commits/6815c4036a2344865da393803ecdb7af27d8bde1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

168
CVE-2023/CVE-2023-338xx/CVE-2023-33848.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33848",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-07T21:15:13.617",
"lastModified": "2023-06-07T21:36:36.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T15:08:53.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,22 +76,148 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "A9D7FDA3-EE60-453B-8651-686B9D28071F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "66EEC046-128D-4555-8C9A-3C02300145B5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:txseries_for_multiplatforms:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "498DF94F-3427-4F7C-80CB-F9526C4D47AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:txseries_for_multiplatforms:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF0F0BC-8964-4812-A5E6-0D1C1317E8D2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:txseries_for_multiplatforms:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B27A342F-6BF8-45E7-9711-7C329DE8FC9C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257104",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7001647",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7001681",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7001683",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-341xx/CVE-2023-34108.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34108",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-07T18:15:09.817",
"lastModified": "2023-06-07T20:24:12.193",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T15:31:29.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +76,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mailcow:mailcow\\:_dockerized:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-05",
"matchCriteriaId": "8736D463-F179-4128-9AD2-A4CE6F4A0ACA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/VladimirBorisov/CVE_proposal/blob/main/MailcowUserPassword.md",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/mailcow/mailcow-dockerized/commit/f80940efdccd393bf5fccec2886795372a38c445",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-mhh4-qchc-pv22",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-341xx/CVE-2023-34109.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34109",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-07T18:15:09.903",
"lastModified": "2023-06-07T20:24:12.193",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T15:41:44.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zxcvbn-ts_project:zxcvbn-ts:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "3.0.2",
"matchCriteriaId": "E2A6456F-CD46-4253-895D-095361029F3A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zxcvbn-ts/zxcvbn/commit/3f9bed21b5d01f6f6863476822ca857355fba22f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/zxcvbn-ts/zxcvbn/security/advisories/GHSA-38hx-x5hq-5fg4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-342xx/CVE-2023-34234.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34234",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-07T18:15:09.977",
"lastModified": "2023-06-07T20:24:12.193",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T12:58:03.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openzeppelin:contracts:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "4.3.0",
"versionEndExcluding": "4.9.1",
"matchCriteriaId": "735DB5E8-F1C9-46AC-BB0A-45BB23B05198"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openzeppelin:contracts_upgradeable:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "4.3.0",
"versionEndExcluding": "4.9.1",
"matchCriteriaId": "47DB67B3-94A7-4FD2-BD3B-86DD3B84C7C5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/d9474327a492f9f310f31bc53f38dbea56ed9a57",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-5h3x-9wvq-w4m2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-342xx/CVE-2023-34251.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34251",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-14T22:15:09.333",
"lastModified": "2023-06-14T23:15:10.910",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:22.420",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-342xx/CVE-2023-34252.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34252",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-14T22:15:09.397",
"lastModified": "2023-06-14T23:15:10.977",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:22.420",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-342xx/CVE-2023-34253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34253",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-14T23:15:11.037",
"lastModified": "2023-06-14T23:15:11.037",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-344xx/CVE-2023-34448.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-34448",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-14T23:15:11.107",
"lastModified": "2023-06-15T00:15:10.480",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`."
},
{
"lang": "es",
"value": "Grav es un sistema de gesti\u00f3n de contenidos de archivos planos. Antes de la versi\u00f3n 1.7.42, el parche para CVE-2022-2073, una vulnerabilidad de inyecci\u00f3n de plantillas del lado del servidor en Gray aprovechando la funci\u00f3n predeterminada \"filter()\", no bloqueaba otras funciones integradas expuestas por la extensi\u00f3n principal de Twig que pod\u00edan utilizarse para invocar funciones no seguras arbitrarias, permitiendo as\u00ed la ejecuci\u00f3n remota de c\u00f3digo. Un parche en la versi\u00f3n 1.74.2 anula las funciones de filtro incorporadas de Twig \"map()\" y \"reduce()\" en \"system/src/Grav/Common/Twig/Extension/GravExtension.php\" para validar el argumento pasado al filtro en \"$arrow\". "
}
],
"metrics": {

8
CVE-2023/CVE-2023-344xx/CVE-2023-34452.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-34452",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-14T23:15:11.183",
"lastModified": "2023-06-14T23:15:11.183",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Grav is a flat-file content management system. In versions 1.7.42 and prior, the \"/forgot_password\" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the \"email\" parameter of the request. While this vulnerability can potentially allow an attacker to execute arbitrary code on the user's browser, the impact is limited as it requires user interaction to trigger the vulnerability. As of time of publication, a patch is not available. Server-side validation should be implemented to prevent this vulnerability."
},
{
"lang": "es",
"value": "Grav es un sistema de gesti\u00f3n de contenidos de archivos planos. En las versiones 1.7.42 y anteriores, la p\u00e1gina \"/forgot_password\" tiene una vulnerabilidad de Cross-Site Scripting auto reflejada que puede ser explotada inyectando un script en el par\u00e1metro \"email\" de la petici\u00f3n. Aunque esta vulnerabilidad puede permitir potencialmente a un atacante ejecutar c\u00f3digo arbitrario en el navegador del usuario, el impacto es limitado, ya que requiere la interacci\u00f3n del usuario para desencadenar la vulnerabilidad. EN el momento de la publicaci\u00f3n, no se dispon\u00eda de un parche. Se debe implementar la validaci\u00f3n del lado del servidor para evitar esta vulnerabilidad. "
}
],
"metrics": {

4
CVE-2023/CVE-2023-350xx/CVE-2023-35029.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35029",
"sourceIdentifier": "security@liferay.com",
"published": "2023-06-15T04:15:34.513",
"lastModified": "2023-06-15T04:15:34.513",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-350xx/CVE-2023-35030.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35030",
"sourceIdentifier": "security@liferay.com",
"published": "2023-06-15T05:15:09.857",
"lastModified": "2023-06-15T05:15:09.857",
"vulnStatus": "Received",
"lastModified": "2023-06-15T12:39:17.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

47
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-15T12:00:26.231765+00:00
2023-06-15T16:00:33.662693+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-15T11:15:09.347000+00:00
2023-06-15T15:41:44.587000+00:00
```
### Last Data Feed Release
@ -29,21 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
217811
217821
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `10`
* [CVE-2023-28175](CVE-2023/CVE-2023-281xx/CVE-2023-28175.json) (`2023-06-15T11:15:09.227`)
* [CVE-2023-32229](CVE-2023/CVE-2023-322xx/CVE-2023-32229.json) (`2023-06-15T11:15:09.347`)
* [CVE-2023-25449](CVE-2023/CVE-2023-254xx/CVE-2023-25449.json) (`2023-06-15T12:15:09.457`)
* [CVE-2023-23802](CVE-2023/CVE-2023-238xx/CVE-2023-23802.json) (`2023-06-15T13:15:09.440`)
* [CVE-2023-25450](CVE-2023/CVE-2023-254xx/CVE-2023-25450.json) (`2023-06-15T13:15:09.513`)
* [CVE-2023-25972](CVE-2023/CVE-2023-259xx/CVE-2023-25972.json) (`2023-06-15T13:15:09.577`)
* [CVE-2023-3274](CVE-2023/CVE-2023-32xx/CVE-2023-3274.json) (`2023-06-15T13:15:09.647`)
* [CVE-2023-3275](CVE-2023/CVE-2023-32xx/CVE-2023-3275.json) (`2023-06-15T13:15:09.713`)
* [CVE-2023-3276](CVE-2023/CVE-2023-32xx/CVE-2023-3276.json) (`2023-06-15T13:15:09.773`)
* [CVE-2023-24420](CVE-2023/CVE-2023-244xx/CVE-2023-24420.json) (`2023-06-15T14:15:09.427`)
* [CVE-2023-25055](CVE-2023/CVE-2023-250xx/CVE-2023-25055.json) (`2023-06-15T14:15:09.497`)
* [CVE-2023-27634](CVE-2023/CVE-2023-276xx/CVE-2023-27634.json) (`2023-06-15T14:15:09.563`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `43`
* [CVE-2023-3193](CVE-2023/CVE-2023-31xx/CVE-2023-3193.json) (`2023-06-15T12:39:17.910`)
* [CVE-2023-2270](CVE-2023/CVE-2023-22xx/CVE-2023-2270.json) (`2023-06-15T12:39:17.910`)
* [CVE-2023-35030](CVE-2023/CVE-2023-350xx/CVE-2023-35030.json) (`2023-06-15T12:39:17.910`)
* [CVE-2023-2847](CVE-2023/CVE-2023-28xx/CVE-2023-2847.json) (`2023-06-15T12:39:17.910`)
* [CVE-2023-28175](CVE-2023/CVE-2023-281xx/CVE-2023-28175.json) (`2023-06-15T12:39:17.910`)
* [CVE-2023-32229](CVE-2023/CVE-2023-322xx/CVE-2023-32229.json) (`2023-06-15T12:39:17.910`)
* [CVE-2023-2819](CVE-2023/CVE-2023-28xx/CVE-2023-2819.json) (`2023-06-15T12:39:22.420`)
* [CVE-2023-2820](CVE-2023/CVE-2023-28xx/CVE-2023-2820.json) (`2023-06-15T12:39:22.420`)
* [CVE-2023-34251](CVE-2023/CVE-2023-342xx/CVE-2023-34251.json) (`2023-06-15T12:39:22.420`)
* [CVE-2023-34252](CVE-2023/CVE-2023-342xx/CVE-2023-34252.json) (`2023-06-15T12:39:22.420`)
* [CVE-2023-34234](CVE-2023/CVE-2023-342xx/CVE-2023-34234.json) (`2023-06-15T12:58:03.520`)
* [CVE-2023-2484](CVE-2023/CVE-2023-24xx/CVE-2023-2484.json) (`2023-06-15T13:25:32.130`)
* [CVE-2023-2526](CVE-2023/CVE-2023-25xx/CVE-2023-2526.json) (`2023-06-15T13:39:10.030`)
* [CVE-2023-33381](CVE-2023/CVE-2023-333xx/CVE-2023-33381.json) (`2023-06-15T14:04:54.837`)
* [CVE-2023-33568](CVE-2023/CVE-2023-335xx/CVE-2023-33568.json) (`2023-06-15T14:15:09.630`)
* [CVE-2023-2452](CVE-2023/CVE-2023-24xx/CVE-2023-2452.json) (`2023-06-15T14:56:14.693`)
* [CVE-2023-2450](CVE-2023/CVE-2023-24xx/CVE-2023-2450.json) (`2023-06-15T14:57:08.207`)
* [CVE-2023-2414](CVE-2023/CVE-2023-24xx/CVE-2023-2414.json) (`2023-06-15T14:58:16.963`)
* [CVE-2023-33595](CVE-2023/CVE-2023-335xx/CVE-2023-33595.json) (`2023-06-15T14:58:42.833`)
* [CVE-2023-33848](CVE-2023/CVE-2023-338xx/CVE-2023-33848.json) (`2023-06-15T15:08:53.457`)
* [CVE-2023-33553](CVE-2023/CVE-2023-335xx/CVE-2023-33553.json) (`2023-06-15T15:19:16.400`)
* [CVE-2023-2280](CVE-2023/CVE-2023-22xx/CVE-2023-2280.json) (`2023-06-15T15:25:15.017`)
* [CVE-2023-2275](CVE-2023/CVE-2023-22xx/CVE-2023-2275.json) (`2023-06-15T15:31:10.277`)
* [CVE-2023-34108](CVE-2023/CVE-2023-341xx/CVE-2023-34108.json) (`2023-06-15T15:31:29.460`)
* [CVE-2023-34109](CVE-2023/CVE-2023-341xx/CVE-2023-34109.json) (`2023-06-15T15:41:44.587`)
## Download and Usage