Auto-Update: 2023-12-15T09:00:27.889537+00:00

2025-07-09 16:05:11 +00:00 · 2023-12-15 09:00:31 +00:00 · 2023-12-15 09:00:31 +00:00 · 5be406ddc6
commit 5be406ddc6
parent 55b0e23644
8 changed files with 393 additions and 8 deletions
--- a/CVE-2023/CVE-2023-483xx/CVE-2023-48374.json
+++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48374.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48374",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-12-15T08:15:44.563",
+  "lastModified": "2023-12-15T08:15:44.563",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-798"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7593-d3e5b-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-483xx/CVE-2023-48375.json
+++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48375.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48375",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-12-15T08:15:45.000",
+  "lastModified": "2023-12-15T08:15:45.000",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-483xx/CVE-2023-48376.json
+++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48376.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48376",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-12-15T08:15:45.277",
+  "lastModified": "2023-12-15T08:15:45.277",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7595-d58b1-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-483xx/CVE-2023-48378.json
+++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48378.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48378",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-12-15T08:15:45.547",
+  "lastModified": "2023-12-15T08:15:45.547",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7596-648f3-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-483xx/CVE-2023-48379.json
+++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48379.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48379",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-12-15T08:15:45.803",
+  "lastModified": "2023-12-15T08:15:45.803",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7597-fff54-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-68xx/CVE-2023-6826.json
+++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6826.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-6826",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-12-15T08:15:46.120",
+  "lastModified": "2023-12-15T08:15:46.120",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/e2pdf/trunk/classes/controller/e2pdf-templates.php?rev=2993824#L1488",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/e2pdf/trunk/classes/controller/e2pdf-templates.php?rev=2993824#L753",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3009695/e2pdf#file0",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/03faec37-2cce-4e14-92f2-d941ab1b4ce9?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-68xx/CVE-2023-6827.json
+++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6827.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2023-6827",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-12-15T08:15:46.370",
+  "lastModified": "2023-12-15T08:15:46.370",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/essential-real-estate/tags/4.3.5/lib/smart-framework/core/fonts/fonts.class.php#L524",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3009780/essential-real-estate",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bb2ce22-077b-41dd-a2ff-cc1db9d20d38?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-12-15T07:00:24.842302+00:00
+2023-12-15T09:00:27.889537+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-12-15T06:15:43.300000+00:00
+2023-12-15T08:15:46.370000+00:00
 ```

 ### Last Data Feed Release
@ -29,22 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-233247
+233254
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `7`

-* [CVE-2023-48372](CVE-2023/CVE-2023-483xx/CVE-2023-48372.json) (`2023-12-15T05:15:07.897`)
-* [CVE-2023-48373](CVE-2023/CVE-2023-483xx/CVE-2023-48373.json) (`2023-12-15T05:15:08.153`)
+* [CVE-2023-48374](CVE-2023/CVE-2023-483xx/CVE-2023-48374.json) (`2023-12-15T08:15:44.563`)
+* [CVE-2023-48375](CVE-2023/CVE-2023-483xx/CVE-2023-48375.json) (`2023-12-15T08:15:45.000`)
+* [CVE-2023-48376](CVE-2023/CVE-2023-483xx/CVE-2023-48376.json) (`2023-12-15T08:15:45.277`)
+* [CVE-2023-48378](CVE-2023/CVE-2023-483xx/CVE-2023-48378.json) (`2023-12-15T08:15:45.547`)
+* [CVE-2023-48379](CVE-2023/CVE-2023-483xx/CVE-2023-48379.json) (`2023-12-15T08:15:45.803`)
+* [CVE-2023-6826](CVE-2023/CVE-2023-68xx/CVE-2023-6826.json) (`2023-12-15T08:15:46.120`)
+* [CVE-2023-6827](CVE-2023/CVE-2023-68xx/CVE-2023-6827.json) (`2023-12-15T08:15:46.370`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

-* [CVE-2023-6275](CVE-2023/CVE-2023-62xx/CVE-2023-6275.json) (`2023-12-15T06:15:43.300`)


 ## Download and Usage