Auto-Update: 2023-08-25T12:00:25.091616+00:00

This commit is contained in:
cad-safe-bot 2023-08-25 12:00:28 +00:00
parent 85311d1fae
commit 582579afbe
8 changed files with 396 additions and 13 deletions

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24394",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-25T11:15:07.363",
"lastModified": "2023-08-25T11:15:07.363",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <=\u00a03.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/iframe-popup/wordpress-iframe-popup-plugin-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25649",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-08-25T10:15:08.247",
"lastModified": "2023-08-25T10:15:08.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nThere is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032544",
"source": "psirt@zte.com.cn"
}
]
}

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25981",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-25T10:15:09.350",
"lastModified": "2023-08-25T10:15:09.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <=\u00a02.8.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32575",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-25T11:15:08.177",
"lastModified": "2023-08-25T11:15:08.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <=\u00a01.3.25 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/product-page-shipping-calculator-for-woocommerce/wordpress-product-page-shipping-calculator-for-woocommerce-plugin-1-3-25-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32595",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-25T11:15:08.333",
"lastModified": "2023-08-25T11:15:08.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <=\u00a01.0.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/fast-search-powered-by-solr/wordpress-sunny-search-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32596",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-25T11:15:08.497",
"lastModified": "2023-08-25T11:15:08.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <=\u00a01.0.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/weebotlite/wordpress-weebotlite-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4478",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-08-25T10:15:09.687",
"lastModified": "2023-08-25T10:15:09.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-25T10:00:24.534288+00:00
2023-08-25T12:00:25.091616+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-25T09:15:08.937000+00:00
2023-08-25T11:15:08.497000+00:00
```
### Last Data Feed Release
@ -29,22 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223428
223435
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `7`
* [CVE-2023-32756](CVE-2023/CVE-2023-327xx/CVE-2023-32756.json) (`2023-08-25T08:15:07.747`)
* [CVE-2023-32757](CVE-2023/CVE-2023-327xx/CVE-2023-32757.json) (`2023-08-25T08:15:07.850`)
* [CVE-2023-32518](CVE-2023/CVE-2023-325xx/CVE-2023-32518.json) (`2023-08-25T09:15:07.840`)
* [CVE-2023-32576](CVE-2023/CVE-2023-325xx/CVE-2023-32576.json) (`2023-08-25T09:15:08.477`)
* [CVE-2023-32577](CVE-2023/CVE-2023-325xx/CVE-2023-32577.json) (`2023-08-25T09:15:08.573`)
* [CVE-2023-32584](CVE-2023/CVE-2023-325xx/CVE-2023-32584.json) (`2023-08-25T09:15:08.670`)
* [CVE-2023-32591](CVE-2023/CVE-2023-325xx/CVE-2023-32591.json) (`2023-08-25T09:15:08.757`)
* [CVE-2023-3406](CVE-2023/CVE-2023-34xx/CVE-2023-3406.json) (`2023-08-25T09:15:08.850`)
* [CVE-2023-3425](CVE-2023/CVE-2023-34xx/CVE-2023-3425.json) (`2023-08-25T09:15:08.937`)
* [CVE-2023-25649](CVE-2023/CVE-2023-256xx/CVE-2023-25649.json) (`2023-08-25T10:15:08.247`)
* [CVE-2023-25981](CVE-2023/CVE-2023-259xx/CVE-2023-25981.json) (`2023-08-25T10:15:09.350`)
* [CVE-2023-4478](CVE-2023/CVE-2023-44xx/CVE-2023-4478.json) (`2023-08-25T10:15:09.687`)
* [CVE-2023-24394](CVE-2023/CVE-2023-243xx/CVE-2023-24394.json) (`2023-08-25T11:15:07.363`)
* [CVE-2023-32575](CVE-2023/CVE-2023-325xx/CVE-2023-32575.json) (`2023-08-25T11:15:08.177`)
* [CVE-2023-32595](CVE-2023/CVE-2023-325xx/CVE-2023-32595.json) (`2023-08-25T11:15:08.333`)
* [CVE-2023-32596](CVE-2023/CVE-2023-325xx/CVE-2023-32596.json) (`2023-08-25T11:15:08.497`)
### CVEs modified in the last Commit