Auto-Update: 2023-06-22T04:00:26.856689+00:00

2025-07-09 16:05:11 +00:00 · 2023-06-22 04:00:30 +00:00 · 2023-06-22 04:00:30 +00:00 · 59a158f304
commit 59a158f304
parent e362d714dc
5 changed files with 176 additions and 26 deletions
--- a/CVE-2019/CVE-2019-251xx/CVE-2019-25152.json
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25152.json
@ -0,0 +1,67 @@
+{
+  "id": "CVE-2019-25152",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-06-22T02:15:47.730",
+  "lastModified": "2023-06-22T02:15:47.730",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2033212",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/9229",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2021/CVE-2021-34xx/CVE-2021-3468.json
+++ b/CVE-2021/CVE-2021-34xx/CVE-2021-3468.json
@ -2,8 +2,8 @@
  "id": "CVE-2021-3468",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2021-06-02T16:15:08.960",
-  "lastModified": "2023-01-20T02:24:25.213",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-06-22T02:15:48.393",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -134,6 +134,10 @@
        "Mailing List",
        "Third Party Advisory"
      ]
+    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html",
+      "source": "secalert@redhat.com"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-289xx/CVE-2023-28956.json
+++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28956.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-28956",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2023-06-22T02:15:48.717",
+  "lastModified": "2023-06-22T02:15:48.717",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls.  IBM X-Force ID:  251767."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.4,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251767",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/7005519",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-338xx/CVE-2023-33842.json
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33842.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-33842",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2023-06-22T02:15:48.857",
+  "lastModified": "2023-06-22T02:15:48.857",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information.  IBM X-Force ID:  256117."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.2,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/256117",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://https://www.ibm.com/support/pages/node/7004299",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-06-22T02:00:28.536874+00:00
+2023-06-22T04:00:26.856689+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-06-22T00:57:14.267000+00:00
+2023-06-22T02:15:48.857000+00:00
 ```

 ### Last Data Feed Release
@ -29,38 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-218201
+218204
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `3`

+* [CVE-2019-25152](CVE-2019/CVE-2019-251xx/CVE-2019-25152.json) (`2023-06-22T02:15:47.730`)
+* [CVE-2023-28956](CVE-2023/CVE-2023-289xx/CVE-2023-28956.json) (`2023-06-22T02:15:48.717`)
+* [CVE-2023-33842](CVE-2023/CVE-2023-338xx/CVE-2023-33842.json) (`2023-06-22T02:15:48.857`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `19`
+Recently modified CVEs: `1`

-* [CVE-2023-34237](CVE-2023/CVE-2023-342xx/CVE-2023-34237.json) (`2023-06-22T00:05:35.827`)
-* [CVE-2023-33122](CVE-2023/CVE-2023-331xx/CVE-2023-33122.json) (`2023-06-22T00:05:51.170`)
-* [CVE-2023-34238](CVE-2023/CVE-2023-342xx/CVE-2023-34238.json) (`2023-06-22T00:11:42.943`)
-* [CVE-2023-26427](CVE-2023/CVE-2023-264xx/CVE-2023-26427.json) (`2023-06-22T00:15:46.907`)
-* [CVE-2023-26428](CVE-2023/CVE-2023-264xx/CVE-2023-26428.json) (`2023-06-22T00:15:47.120`)
-* [CVE-2023-26429](CVE-2023/CVE-2023-264xx/CVE-2023-26429.json) (`2023-06-22T00:15:47.190`)
-* [CVE-2023-26431](CVE-2023/CVE-2023-264xx/CVE-2023-26431.json) (`2023-06-22T00:15:47.260`)
-* [CVE-2023-26432](CVE-2023/CVE-2023-264xx/CVE-2023-26432.json) (`2023-06-22T00:15:47.337`)
-* [CVE-2023-26433](CVE-2023/CVE-2023-264xx/CVE-2023-26433.json) (`2023-06-22T00:15:47.413`)
-* [CVE-2023-26434](CVE-2023/CVE-2023-264xx/CVE-2023-26434.json) (`2023-06-22T00:15:47.480`)
-* [CVE-2023-26435](CVE-2023/CVE-2023-264xx/CVE-2023-26435.json) (`2023-06-22T00:15:47.550`)
-* [CVE-2023-26436](CVE-2023/CVE-2023-264xx/CVE-2023-26436.json) (`2023-06-22T00:15:47.627`)
-* [CVE-2023-31975](CVE-2023/CVE-2023-319xx/CVE-2023-31975.json) (`2023-06-22T00:15:47.717`)
-* [CVE-2023-33476](CVE-2023/CVE-2023-334xx/CVE-2023-33476.json) (`2023-06-22T00:15:47.853`)
-* [CVE-2023-3161](CVE-2023/CVE-2023-31xx/CVE-2023-3161.json) (`2023-06-22T00:17:17.553`)
-* [CVE-2023-34940](CVE-2023/CVE-2023-349xx/CVE-2023-34940.json) (`2023-06-22T00:25:59.467`)
-* [CVE-2023-31196](CVE-2023/CVE-2023-311xx/CVE-2023-31196.json) (`2023-06-22T00:39:39.483`)
-* [CVE-2023-31198](CVE-2023/CVE-2023-311xx/CVE-2023-31198.json) (`2023-06-22T00:46:57.240`)
-* [CVE-2023-1049](CVE-2023/CVE-2023-10xx/CVE-2023-1049.json) (`2023-06-22T00:57:14.267`)
+* [CVE-2021-3468](CVE-2021/CVE-2021-34xx/CVE-2021-3468.json) (`2023-06-22T02:15:48.393`)


 ## Download and Usage