admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-26T02:00:26.865078+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-26 02:00:30 +00:00
parent 74fb1f3e47
commit 75919c2ed6
37 changed files with 1994 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
CVE-2021/CVE-2021-312xx/CVE-2021-31294.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2021-31294",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-15T23:15:09.203",
"lastModified": "2023-07-17T13:02:42.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:12:08.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.0",
"matchCriteriaId": "28E377D7-3E6B-40DE-B628-CABF8CFF59AB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/redis/redis/issues/8712",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2022/CVE-2022-364xx/CVE-2022-36424.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36424",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-17T16:15:09.583",
"lastModified": "2023-07-17T17:31:42.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:36:43.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easy_appointments_project:easy_appointments:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.11.9",
"matchCriteriaId": "6C1BF2EB-FC96-4F73-99FD-62964E49E895"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/easy-appointments/wordpress-easy-appointments-plugin-3-11-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2022/CVE-2022-380xx/CVE-2022-38062.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-38062",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-17T16:15:09.673",
"lastModified": "2023-07-17T17:31:42.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:35:11.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +64,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:download_theme:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.9",
"matchCriteriaId": "9B499A36-56AB-4FCF-AAA3-89F04A651AA7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/download-theme/wordpress-download-theme-plugin-1-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2022/CVE-2022-40xx/CVE-2022-4023.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2022-4023",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-17T14:15:09.477",
"lastModified": "2023-07-17T14:22:59.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:23:32.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into submitting a form. Furthermore the created archive has a predictable location and name, allowing the attacker to download the file if they know the time at which the form was submitted, making it possible to leak sensitive files like the WordPress configuration containing database credentials and secrets."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,14 +46,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:3dprint_project:3dprint:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.5.6.9",
"matchCriteriaId": "4BD26B4C-B1A4-4B9E-9977-FCD70F940C6B"
}
]
}
]
}
],
"references": [
{
"url": "https://jetpack.com/blog/vulnerabilities-found-in-the-3dprint-premium-plugin/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
},
{
"url": "https://wpscan.com/vulnerability/859c6e7e-2381-4d93-a526-2000b4fb8fee",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2022/CVE-2022-471xx/CVE-2022-47169.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47169",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-18T13:15:11.613",
"lastModified": "2023-07-18T14:11:49.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:32:21.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:staxwp:visibility_logic_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.4",
"matchCriteriaId": "DD5B5F74-8D42-4ACA-B2B4-84735AB28A23"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/visibility-logic-elementor/wordpress-visibility-logic-for-elementor-plugin-2-3-4-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2022/CVE-2022-471xx/CVE-2022-47172.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47172",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-17T15:15:09.530",
"lastModified": "2023-07-17T17:31:42.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:10:52.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:woolentor_-_woocommerce_elementor_addons_\\+_builder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6.2",
"matchCriteriaId": "A5C2E373-BEEF-41E0-A868-2B599EAA696C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woolentor-addons/wordpress-shoplentor-plugin-2-6-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-04xx/CVE-2023-0439.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-0439",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-17T14:15:09.553",
"lastModified": "2023-07-17T14:22:59.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:22:41.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feature."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:basixonline:nex-forms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "8.4.4",
"matchCriteriaId": "5135FFE3-255D-493D-930C-72FD5D6A16D3"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/04cea9aa-b21c-49f8-836b-2d312253e09a",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-226xx/CVE-2023-22672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22672",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-17T11:15:09.063",
"lastModified": "2023-07-17T13:02:37.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:22:09.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vibethemes:vslider:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.1.2",
"matchCriteriaId": "50A90350-7A6A-43E9-AF16-D272C199C896"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/vslider/wordpress-vslider-multi-image-slider-for-wordpress-plugin-4-1-2-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-22xx/CVE-2023-2268.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2268",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-07-15T19:15:09.450",
"lastModified": "2023-07-17T13:02:42.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:15:37.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plane:plane:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34694F35-B3F5-4743-AD9F-AEFB361C62D5"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/giardino/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/makeplane/plane",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

47
CVE-2023/CVE-2023-236xx/CVE-2023-23646.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23646",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-17T11:15:09.183",
"lastModified": "2023-07-17T13:02:37.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:11:44.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:awplife:album_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.5.0",
"matchCriteriaId": "24787510-5F9D-4359-8023-FD2641400BE6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/new-album-gallery/wordpress-album-gallery-wordpress-gallery-plugin-1-4-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-236xx/CVE-2023-23660.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23660",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-18T13:15:11.713",
"lastModified": "2023-07-18T14:11:49.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:32:07.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mainwp:mainwp_maintenance_extension:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.1.1",
"matchCriteriaId": "0F44B43B-0999-4FF1-AE31-229476ABEDB6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/articles/multiple-vulnerabilities-affecting-mainwp-extensions?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/mainwp-maintenance-extension/wordpress-mainwp-maintenance-extension-plugin-4-1-1-subscriber-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-237xx/CVE-2023-23719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23719",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-17T11:15:09.250",
"lastModified": "2023-07-17T13:02:37.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:19:00.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:premmerce:premmerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.17",
"matchCriteriaId": "C73B04CA-B9B1-4AC3-B4A0-804FBDA808F0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/premmerce/wordpress-premmerce-plugin-1-3-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-250xx/CVE-2023-25036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25036",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-18T13:15:11.810",
"lastModified": "2023-07-18T14:11:49.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:31:35.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:social_media_icons_widget_project:social_media_icons_widget:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6",
"matchCriteriaId": "11E99F08-B728-4CD8-AEC3-FA7BDD2EAAD7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/spoontalk-social-media-icons-widget/wordpress-social-media-icons-widget-plugin-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-25xx/CVE-2023-2507.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2507",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-07-15T19:15:09.527",
"lastModified": "2023-07-17T13:02:42.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:15:28.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clevertap:clevertap:2.6.2:*:*:*:*:cordova:*:*",
"matchCriteriaId": "2EEC3FB3-3FF2-40BB-B1E0-BC257CAE38D6"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/maiden/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/CleverTap/clevertap-cordova",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

47
CVE-2023/CVE-2023-274xx/CVE-2023-27424.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27424",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-17T13:15:10.240",
"lastModified": "2023-07-17T14:22:59.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:18:42.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inactive_user_deleter_project:inactive_user_deleter:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.60",
"matchCriteriaId": "E105AA71-1C79-4DB4-BB4C-D6D99E755CC7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/inactive-user-deleter/wordpress-inactive-user-deleter-plugin-1-58-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-276xx/CVE-2023-27606.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27606",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-17T11:15:09.323",
"lastModified": "2023-07-17T13:02:37.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:18:52.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp_reroute_email_project:wp_reroute_email:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.6",
"matchCriteriaId": "442B2DD7-E143-41EE-9FDE-82578E4D830C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-reroute-email/wordpress-wp-reroute-email-plugin-1-4-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-29xx/CVE-2023-2912.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2912",
"sourceIdentifier": "VulnerabilityReporting@secomea.com",
"published": "2023-07-17T13:15:10.323",
"lastModified": "2023-07-17T14:22:59.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:24:28.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary",
@ -46,10 +76,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:secomea:sitemanager_embedded:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.0",
"matchCriteriaId": "10DED568-0660-49EF-868C-16FB67043EBE"
}
]
}
]
}
],
"references": [
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/",
"source": "VulnerabilityReporting@secomea.com"
"source": "VulnerabilityReporting@secomea.com",
"tags": [
"Vendor Advisory"
]
}
]
}

49
CVE-2023/CVE-2023-29xx/CVE-2023-2958.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2958",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-07-17T15:15:09.610",
"lastModified": "2023-07-17T17:31:42.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:39:09.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:orjinyazilim:ats_pro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230714",
"matchCriteriaId": "A69F0298-13A0-4145-9C86-00C68B70E36E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0410",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-30xx/CVE-2023-3041.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3041",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-17T14:15:10.783",
"lastModified": "2023-07-17T14:22:52.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:11:27.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autochat:automatic_conversation:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.7",
"matchCriteriaId": "D222661A-79B7-42FC-A911-175623E440D6"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/93cad990-b6be-4ee1-9cdf-0211a7fe6c96",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-318xx/CVE-2023-31851.json
View File

@ -2,23 +2,104 @@
"id": "CVE-2023-31851",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-17T15:15:09.683",
"lastModified": "2023-07-17T17:31:42.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:38:11.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cudy:lt400_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2759B9C5-DCE0-4072-9C18-B9048593A184"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cudy:lt400_firmware:1.15.18:*:*:*:*:*:*:*",
"matchCriteriaId": "875825A7-D2F1-4AA7-885E-EBD3306EA1F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cudy:lt400_firmware:1.15.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2528C721-BB61-4825-AE3A-7629331D2D72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cudy:lt400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11844C8A-99FE-4715-8F47-68BE1603D007"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/CalfCrusher/CVE-2023-31851",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.cudy.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

80
CVE-2023/CVE-2023-318xx/CVE-2023-31852.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-31852",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-17T14:15:10.450",
"lastModified": "2023-07-17T14:22:52.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:22:23.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless/config via the iface parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cuby:lt400_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "325FA8D2-65B3-471C-A19A-5C8DB365BBA2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cuby:lt400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DB32F-7CD6-4659-B5BE-963E3EA74959"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/CalfCrusher/CVE-2023-31852",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.cudy.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

81
CVE-2023/CVE-2023-318xx/CVE-2023-31853.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-31853",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-17T15:15:09.727",
"lastModified": "2023-07-17T17:31:42.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:38:02.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cudy:lt400_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2759B9C5-DCE0-4072-9C18-B9048593A184"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cudy:lt400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11844C8A-99FE-4715-8F47-68BE1603D007"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/CalfCrusher/CVE-2023-31853",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.cudy.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

53
CVE-2023/CVE-2023-31xx/CVE-2023-3179.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3179",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-17T14:15:10.843",
"lastModified": "2023-07-17T14:22:52.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:28:20.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpexperts:post_smtp_mailer:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5.7",
"matchCriteriaId": "BEDAD609-58E9-4841-A9C9-2CF8935580CA"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/542caa40-b199-4397-90bb-4fdb693ebb24",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-31xx/CVE-2023-3182.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3182",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-17T14:15:10.900",
"lastModified": "2023-07-17T14:22:52.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:27:47.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liquidweb:restrict_content:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.3",
"matchCriteriaId": "0004FC71-D9AC-4336-8A0B-15A918CDA56A"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/655a68ee-9447-41ca-899e-986a419fb7ed",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

27
CVE-2023/CVE-2023-33xx/CVE-2023-3376.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3376",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-07-17T14:15:11.083",
"lastModified": "2023-07-17T14:22:52.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:11:04.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dijital:zekiweb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"matchCriteriaId": "B7F5DC71-4D38-4051-9181-EEE7E3997EC7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0408",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-340xx/CVE-2023-34005.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34005",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-17T15:15:09.770",
"lastModified": "2023-07-17T17:31:42.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:37:17.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:etoilewebdesign:front_end_users:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.24",
"matchCriteriaId": "5C8A4125-AD98-44E4-87DB-9A29426C454C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/front-end-only-users/wordpress-front-end-users-plugin-3-2-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-346xx/CVE-2023-34669.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-34669",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-17T17:15:09.993",
"lastModified": "2023-07-17T17:31:42.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:33:37.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:cp300\\+_firmware:5.2cu.7594:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA08C79-663B-4C09-976E-60D5ED73D341"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:cp300\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B07884CE-EB34-46ED-9361-F0228D3EB758"
}
]
}
]
}
],
"references": [
{
"url": "https://w3b5h3ll.notion.site/w3b5h3ll/TOTOLINK-CP300-c96d775881f0476b9ef465dba9c6d9b8",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-34xx/CVE-2023-3418.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3418",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-17T14:15:11.153",
"lastModified": "2023-07-17T14:22:52.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:52:04.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Querlo Chatbot WordPress plugin through 1.2.4 does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:querlo:chatbot:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.4",
"matchCriteriaId": "16D0E557-3504-43F4-8DE0-CF4A6ECC171C"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/407edb21-8fcb-484a-babb-fce96a6aede7",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-350xx/CVE-2023-35038.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35038",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-17T14:15:10.500",
"lastModified": "2023-07-17T14:22:52.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:11:36.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpexperts:wp_pdf_generator:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.3",
"matchCriteriaId": "742776C6-1506-4C53-A969-F00FB94850D4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-pdf-generator/wordpress-wp-pdf-generator-plugin-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-350xx/CVE-2023-35089.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35089",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-17T14:15:10.570",
"lastModified": "2023-07-17T14:22:52.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:53:17.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +64,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:really-simple-plugins:recipe_maker_for_your_food_blog_from_zip_recipes:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "8.0.8",
"matchCriteriaId": "CE1904F5-CD3F-43D1-8E47-6CF9025F8712"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/zip-recipes/wordpress-recipe-maker-for-your-food-blog-from-zip-recipes-plugin-8-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-350xx/CVE-2023-35096.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35096",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-17T14:15:10.640",
"lastModified": "2023-07-17T14:22:52.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:52:51.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mycred:mycred:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.1",
"matchCriteriaId": "97C2EE2A-11E6-471F-8674-0E7DCEA66BBD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-5-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-358xx/CVE-2023-35880.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35880",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-17T14:15:10.707",
"lastModified": "2023-07-17T14:22:52.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T00:52:36.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woocommerce:brands:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6.50",
"matchCriteriaId": "5945817C-EA3C-41D4-9CBF-3C090A3B82FD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-brands/wordpress-woocommerce-brands-plugin-1-6-49-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

161
CVE-2023/CVE-2023-36xx/CVE-2023-3691.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3691",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-16T17:15:09.387",
"lastModified": "2023-07-17T13:02:37.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:25:57.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,22 +97,149 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8.0",
"matchCriteriaId": "0B3256B4-B32D-4237-BDD9-DF8D90A93AEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "400D3377-F7A4-4136-B0CC-2796FD688FA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F1268077-DCB9-4F3D-9D0F-6C5AF8E782BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CAD0CAC3-C2E8-48AB-B5A1-D0A3C2B9CDF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "72A61981-2E97-4578-AEEF-921AFE14B346"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc10:*:*:*:*:*:*",
"matchCriteriaId": "AC973BDB-6524-4FBF-8432-4E4B408DFE99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc11:*:*:*:*:*:*",
"matchCriteriaId": "35E86BDC-C874-4F39-B144-8E7AD4D7F817"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc12:*:*:*:*:*:*",
"matchCriteriaId": "5E5916DB-FAF7-4724-A7B3-4AE2FE1DCC87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc13:*:*:*:*:*:*",
"matchCriteriaId": "9E738227-E1D8-43C8-8865-872A48F48E14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc14:*:*:*:*:*:*",
"matchCriteriaId": "F06FE1CE-39B7-44F2-A81C-7A7B2FFA2BC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc15:*:*:*:*:*:*",
"matchCriteriaId": "A7984341-C4C4-4D37-8329-3A68FB380DF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc16:*:*:*:*:*:*",
"matchCriteriaId": "E9CF7538-117A-4739-9FF9-752A1B6155AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "359734D1-CA04-4F18-93AC-8B2B9DA97D36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C2B5A5B3-14F4-42DE-AA54-39A2EEE1E73B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8EE63500-485B-4338-BDB3-FC0C01ABC80E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E939550B-FF22-4809-A8F5-147A23002269"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "59F5C3EC-93B3-468B-BCDA-CE539D4E0200"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "702165A3-073F-4DBC-A996-4888BDBD676D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "13E7D692-D7BD-4E4F-81A4-1E2B04B4C3C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layui:layui:2.8.0:rc9:*:*:*:*:*:*",
"matchCriteriaId": "D04EB7C7-CD39-48E0-9872-84CDF89A89B6"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/layui/layui/issues/I7HDXZ",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://gitee.com/layui/layui/tree/v2.8.0",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.234237",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.234237",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-373xx/CVE-2023-37386.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37386",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-18T13:15:12.013",
"lastModified": "2023-07-18T14:11:49.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:10:16.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codexin:media_library_helper:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.0",
"matchCriteriaId": "8BB0CD68-3958-4FB8-8CF2-9B6B99B99C23"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/media-library-helper/wordpress-media-library-helper-by-codexin-plugin-1-2-0-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-373xx/CVE-2023-37387.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37387",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-18T13:15:12.103",
"lastModified": "2023-07-18T14:11:49.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:09:59.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radiustheme:classified_listing_pro_-_classified_ads_\\&_business_directory:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.4.5",
"matchCriteriaId": "CD0F849B-6122-49F0-BC99-A7F688EDE1B9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/classified-listing/wordpress-classified-listing-plugin-2-4-5-cross-site-request-forgery-csrf-leading-to-thumbnail-removal-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-383xx/CVE-2023-38378.json
View File

@ -2,23 +2,95 @@
"id": "CVE-2023-38378",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-16T17:15:09.277",
"lastModified": "2023-07-17T13:02:42.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-26T01:11:51.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rigol:mso5000_firmware:00.01.03.00.03:*:*:*:*:*:*:*",
"matchCriteriaId": "920405F8-02DD-4F7C-B54F-CF5FBB0CE92A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rigol:mso5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAEEF5D1-DEE7-45BB-B048-725BDD8E6B51"
}
]
}
]
}
],
"references": [
{
"url": "https://news.ycombinator.com/item?id=36745664",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://tortel.li/post/insecure-scope/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

42
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-25T23:55:25.534260+00:00
2023-07-26T02:00:26.865078+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-25T23:15:10.183000+00:00
2023-07-26T01:28:20.900000+00:00
```
### Last Data Feed Release
@ -23,7 +23,7 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-07-25T00:00:13.559776+00:00
2023-07-26T00:00:13.564517+00:00
```
### Total Number of included CVEs
@ -34,21 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `0`
* [CVE-2022-31457](CVE-2022/CVE-2022-314xx/CVE-2022-31457.json) (`2023-07-25T22:15:10.410`)
* [CVE-2023-38496](CVE-2023/CVE-2023-384xx/CVE-2023-38496.json) (`2023-07-25T22:15:10.503`)
* [CVE-2023-38501](CVE-2023/CVE-2023-385xx/CVE-2023-38501.json) (`2023-07-25T22:15:10.600`)
* [CVE-2023-38502](CVE-2023/CVE-2023-385xx/CVE-2023-38502.json) (`2023-07-25T22:15:10.693`)
* [CVE-2023-3945](CVE-2023/CVE-2023-39xx/CVE-2023-3945.json) (`2023-07-25T22:15:10.780`)
* [CVE-2023-38503](CVE-2023/CVE-2023-385xx/CVE-2023-38503.json) (`2023-07-25T23:15:10.183`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `36`
* [CVE-2022-41906](CVE-2022/CVE-2022-419xx/CVE-2022-41906.json) (`2023-07-25T23:15:10.037`)
* [CVE-2023-31851](CVE-2023/CVE-2023-318xx/CVE-2023-31851.json) (`2023-07-26T00:38:11.730`)
* [CVE-2023-2958](CVE-2023/CVE-2023-29xx/CVE-2023-2958.json) (`2023-07-26T00:39:09.300`)
* [CVE-2023-3418](CVE-2023/CVE-2023-34xx/CVE-2023-3418.json) (`2023-07-26T00:52:04.647`)
* [CVE-2023-35880](CVE-2023/CVE-2023-358xx/CVE-2023-35880.json) (`2023-07-26T00:52:36.047`)
* [CVE-2023-35096](CVE-2023/CVE-2023-350xx/CVE-2023-35096.json) (`2023-07-26T00:52:51.873`)
* [CVE-2023-35089](CVE-2023/CVE-2023-350xx/CVE-2023-35089.json) (`2023-07-26T00:53:17.233`)
* [CVE-2023-37387](CVE-2023/CVE-2023-373xx/CVE-2023-37387.json) (`2023-07-26T01:09:59.490`)
* [CVE-2023-37386](CVE-2023/CVE-2023-373xx/CVE-2023-37386.json) (`2023-07-26T01:10:16.190`)
* [CVE-2023-3376](CVE-2023/CVE-2023-33xx/CVE-2023-3376.json) (`2023-07-26T01:11:04.367`)
* [CVE-2023-3041](CVE-2023/CVE-2023-30xx/CVE-2023-3041.json) (`2023-07-26T01:11:27.043`)
* [CVE-2023-35038](CVE-2023/CVE-2023-350xx/CVE-2023-35038.json) (`2023-07-26T01:11:36.390`)
* [CVE-2023-23646](CVE-2023/CVE-2023-236xx/CVE-2023-23646.json) (`2023-07-26T01:11:44.107`)
* [CVE-2023-38378](CVE-2023/CVE-2023-383xx/CVE-2023-38378.json) (`2023-07-26T01:11:51.500`)
* [CVE-2023-2507](CVE-2023/CVE-2023-25xx/CVE-2023-2507.json) (`2023-07-26T01:15:28.117`)
* [CVE-2023-2268](CVE-2023/CVE-2023-22xx/CVE-2023-2268.json) (`2023-07-26T01:15:37.700`)
* [CVE-2023-27424](CVE-2023/CVE-2023-274xx/CVE-2023-27424.json) (`2023-07-26T01:18:42.467`)
* [CVE-2023-27606](CVE-2023/CVE-2023-276xx/CVE-2023-27606.json) (`2023-07-26T01:18:52.087`)
* [CVE-2023-23719](CVE-2023/CVE-2023-237xx/CVE-2023-23719.json) (`2023-07-26T01:19:00.190`)
* [CVE-2023-22672](CVE-2023/CVE-2023-226xx/CVE-2023-22672.json) (`2023-07-26T01:22:09.480`)
* [CVE-2023-31852](CVE-2023/CVE-2023-318xx/CVE-2023-31852.json) (`2023-07-26T01:22:23.670`)
* [CVE-2023-0439](CVE-2023/CVE-2023-04xx/CVE-2023-0439.json) (`2023-07-26T01:22:41.733`)
* [CVE-2023-2912](CVE-2023/CVE-2023-29xx/CVE-2023-2912.json) (`2023-07-26T01:24:28.907`)
* [CVE-2023-3691](CVE-2023/CVE-2023-36xx/CVE-2023-3691.json) (`2023-07-26T01:25:57.313`)
* [CVE-2023-3182](CVE-2023/CVE-2023-31xx/CVE-2023-3182.json) (`2023-07-26T01:27:47.130`)
* [CVE-2023-3179](CVE-2023/CVE-2023-31xx/CVE-2023-3179.json) (`2023-07-26T01:28:20.900`)
## Download and Usage