admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-25T12:00:25.091616+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-25 12:00:28 +00:00
parent 85311d1fae
commit 582579afbe
8 changed files with 396 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-243xx/CVE-2023-24394.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24394",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-25T11:15:07.363",
"lastModified": "2023-08-25T11:15:07.363",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <=\u00a03.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/iframe-popup/wordpress-iframe-popup-plugin-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-256xx/CVE-2023-25649.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25649",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-08-25T10:15:08.247",
"lastModified": "2023-08-25T10:15:08.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nThere is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032544",
"source": "psirt@zte.com.cn"
}
]
}

55
CVE-2023/CVE-2023-259xx/CVE-2023-25981.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25981",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-25T10:15:09.350",
"lastModified": "2023-08-25T10:15:09.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <=\u00a02.8.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-325xx/CVE-2023-32575.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32575",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-25T11:15:08.177",
"lastModified": "2023-08-25T11:15:08.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <=\u00a01.3.25 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/product-page-shipping-calculator-for-woocommerce/wordpress-product-page-shipping-calculator-for-woocommerce-plugin-1-3-25-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-325xx/CVE-2023-32595.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32595",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-25T11:15:08.333",
"lastModified": "2023-08-25T11:15:08.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <=\u00a01.0.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/fast-search-powered-by-solr/wordpress-sunny-search-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-325xx/CVE-2023-32596.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32596",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-25T11:15:08.497",
"lastModified": "2023-08-25T11:15:08.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <=\u00a01.0.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/weebotlite/wordpress-weebotlite-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-44xx/CVE-2023-4478.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4478",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-08-25T10:15:09.687",
"lastModified": "2023-08-25T10:15:09.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

24
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-25T10:00:24.534288+00:00
2023-08-25T12:00:25.091616+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-25T09:15:08.937000+00:00
2023-08-25T11:15:08.497000+00:00
```
### Last Data Feed Release
@ -29,22 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223428
223435
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `7`
* [CVE-2023-32756](CVE-2023/CVE-2023-327xx/CVE-2023-32756.json) (`2023-08-25T08:15:07.747`)
* [CVE-2023-32757](CVE-2023/CVE-2023-327xx/CVE-2023-32757.json) (`2023-08-25T08:15:07.850`)
* [CVE-2023-32518](CVE-2023/CVE-2023-325xx/CVE-2023-32518.json) (`2023-08-25T09:15:07.840`)
* [CVE-2023-32576](CVE-2023/CVE-2023-325xx/CVE-2023-32576.json) (`2023-08-25T09:15:08.477`)
* [CVE-2023-32577](CVE-2023/CVE-2023-325xx/CVE-2023-32577.json) (`2023-08-25T09:15:08.573`)
* [CVE-2023-32584](CVE-2023/CVE-2023-325xx/CVE-2023-32584.json) (`2023-08-25T09:15:08.670`)
* [CVE-2023-32591](CVE-2023/CVE-2023-325xx/CVE-2023-32591.json) (`2023-08-25T09:15:08.757`)
* [CVE-2023-3406](CVE-2023/CVE-2023-34xx/CVE-2023-3406.json) (`2023-08-25T09:15:08.850`)
* [CVE-2023-3425](CVE-2023/CVE-2023-34xx/CVE-2023-3425.json) (`2023-08-25T09:15:08.937`)
* [CVE-2023-25649](CVE-2023/CVE-2023-256xx/CVE-2023-25649.json) (`2023-08-25T10:15:08.247`)
* [CVE-2023-25981](CVE-2023/CVE-2023-259xx/CVE-2023-25981.json) (`2023-08-25T10:15:09.350`)
* [CVE-2023-4478](CVE-2023/CVE-2023-44xx/CVE-2023-4478.json) (`2023-08-25T10:15:09.687`)
* [CVE-2023-24394](CVE-2023/CVE-2023-243xx/CVE-2023-24394.json) (`2023-08-25T11:15:07.363`)
* [CVE-2023-32575](CVE-2023/CVE-2023-325xx/CVE-2023-32575.json) (`2023-08-25T11:15:08.177`)
* [CVE-2023-32595](CVE-2023/CVE-2023-325xx/CVE-2023-32595.json) (`2023-08-25T11:15:08.333`)
* [CVE-2023-32596](CVE-2023/CVE-2023-325xx/CVE-2023-32596.json) (`2023-08-25T11:15:08.497`)
### CVEs modified in the last Commit