diff --git a/CVE-2005/CVE-2005-100xx/CVE-2005-10002.json b/CVE-2005/CVE-2005-100xx/CVE-2005-10002.json index 64ff410cf5c..28a3f2155a4 100644 --- a/CVE-2005/CVE-2005-100xx/CVE-2005-10002.json +++ b/CVE-2005/CVE-2005-100xx/CVE-2005-10002.json @@ -2,8 +2,8 @@ "id": "CVE-2005-10002", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-29T15:15:42.073", - "lastModified": "2023-10-29T15:15:42.073", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2007/CVE-2007-100xx/CVE-2007-10003.json b/CVE-2007/CVE-2007-100xx/CVE-2007-10003.json index 8306cb233c4..aa3213e4b60 100644 --- a/CVE-2007/CVE-2007-100xx/CVE-2007-10003.json +++ b/CVE-2007/CVE-2007-100xx/CVE-2007-10003.json @@ -2,8 +2,8 @@ "id": "CVE-2007-10003", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-29T18:15:38.687", - "lastModified": "2023-10-29T18:15:38.687", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-257xx/CVE-2021-25736.json b/CVE-2021/CVE-2021-257xx/CVE-2021-25736.json index a590eb2bc61..3c05e2e750e 100644 --- a/CVE-2021/CVE-2021-257xx/CVE-2021-25736.json +++ b/CVE-2021/CVE-2021-257xx/CVE-2021-25736.json @@ -2,8 +2,8 @@ "id": "CVE-2021-25736", "sourceIdentifier": "jordan@liggitt.net", "published": "2023-10-30T03:15:07.653", - "lastModified": "2023-10-30T03:15:07.653", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33634.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33634.json index d1021ba3f25..0f500da3abe 100644 --- a/CVE-2021/CVE-2021-336xx/CVE-2021-33634.json +++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33634.json @@ -2,8 +2,8 @@ "id": "CVE-2021-33634", "sourceIdentifier": "securities@openeuler.org", "published": "2023-10-29T08:15:20.567", - "lastModified": "2023-10-29T08:15:20.567", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33635.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33635.json index 9b7f96b8e44..1919f6ba2be 100644 --- a/CVE-2021/CVE-2021-336xx/CVE-2021-33635.json +++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33635.json @@ -2,8 +2,8 @@ "id": "CVE-2021-33635", "sourceIdentifier": "securities@openeuler.org", "published": "2023-10-29T08:15:20.647", - "lastModified": "2023-10-29T08:15:20.647", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33636.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33636.json index 26fc8bc2f04..ba38e834982 100644 --- a/CVE-2021/CVE-2021-336xx/CVE-2021-33636.json +++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33636.json @@ -2,8 +2,8 @@ "id": "CVE-2021-33636", "sourceIdentifier": "securities@openeuler.org", "published": "2023-10-29T08:15:20.707", - "lastModified": "2023-10-29T08:15:20.707", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33637.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33637.json index a8305964cf2..e098ac36cca 100644 --- a/CVE-2021/CVE-2021-336xx/CVE-2021-33637.json +++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33637.json @@ -2,8 +2,8 @@ "id": "CVE-2021-33637", "sourceIdentifier": "securities@openeuler.org", "published": "2023-10-29T08:15:20.763", - "lastModified": "2023-10-29T08:15:20.763", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33638.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33638.json index f33740e3826..87d5f47ea76 100644 --- a/CVE-2021/CVE-2021-336xx/CVE-2021-33638.json +++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33638.json @@ -2,8 +2,8 @@ "id": "CVE-2021-33638", "sourceIdentifier": "securities@openeuler.org", "published": "2023-10-29T08:15:20.823", - "lastModified": "2023-10-29T08:15:20.823", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-05xx/CVE-2022-0529.json b/CVE-2022/CVE-2022-05xx/CVE-2022-0529.json index d91b59f9cde..e27bac1a7a8 100644 --- a/CVE-2022/CVE-2022-05xx/CVE-2022-0529.json +++ b/CVE-2022/CVE-2022-05xx/CVE-2022-0529.json @@ -2,8 +2,8 @@ "id": "CVE-2022-0529", "sourceIdentifier": "secalert@redhat.com", "published": "2022-02-09T23:15:16.627", - "lastModified": "2022-09-30T14:46:50.750", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-30T11:15:38.993", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -167,6 +167,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202310-17", + "source": "secalert@redhat.com" + }, { "url": "https://www.debian.org/security/2022/dsa-5202", "source": "secalert@redhat.com", diff --git a/CVE-2022/CVE-2022-05xx/CVE-2022-0530.json b/CVE-2022/CVE-2022-05xx/CVE-2022-0530.json index c792d5ff2d0..d8d1a7a73ec 100644 --- a/CVE-2022/CVE-2022-05xx/CVE-2022-0530.json +++ b/CVE-2022/CVE-2022-05xx/CVE-2022-0530.json @@ -2,8 +2,8 @@ "id": "CVE-2022-0530", "sourceIdentifier": "secalert@redhat.com", "published": "2022-02-09T23:15:16.677", - "lastModified": "2022-09-30T14:46:41.227", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-30T11:15:39.153", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -297,6 +297,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202310-17", + "source": "secalert@redhat.com" + }, { "url": "https://support.apple.com/kb/HT213255", "source": "secalert@redhat.com", diff --git a/CVE-2022/CVE-2022-294xx/CVE-2022-29450.json b/CVE-2022/CVE-2022-294xx/CVE-2022-29450.json index bc1481fddab..cd9cdb11087 100644 --- a/CVE-2022/CVE-2022-294xx/CVE-2022-29450.json +++ b/CVE-2022/CVE-2022-294xx/CVE-2022-29450.json @@ -2,12 +2,12 @@ "id": "CVE-2022-29450", "sourceIdentifier": "audit@patchstack.com", "published": "2022-06-15T19:15:11.030", - "lastModified": "2022-06-24T14:24:39.080", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-30T12:15:08.617", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress." + "value": "Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.\n\n" }, { "lang": "es", @@ -85,7 +85,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "audit@patchstack.com", "type": "Primary", "description": [ { @@ -95,7 +95,7 @@ ] }, { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { @@ -125,18 +125,12 @@ ], "references": [ { - "url": "https://patchstack.com/database/vulnerability/admin-management-xtended/wordpress-admin-management-xtended-plugin-2-4-4-multiple-cross-site-request-forgery-csrf-vulnerabilities", - "source": "audit@patchstack.com", - "tags": [ - "Third Party Advisory" - ] + "url": "https://github.com/oliverschloebe/admin-management-xtended/commit/f94732d222414f10ce015e95b5c7c9fba13a8a20", + "source": "audit@patchstack.com" }, { - "url": "https://wordpress.org/plugins/admin-management-xtended/#developers", - "source": "audit@patchstack.com", - "tags": [ - "Product" - ] + "url": "https://patchstack.com/database/vulnerability/admin-management-xtended/wordpress-admin-management-xtended-plugin-2-4-4-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve", + "source": "audit@patchstack.com" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30122.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30122.json index 779c0772991..a7109cb8677 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30122.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30122.json @@ -2,7 +2,7 @@ "id": "CVE-2022-30122", "sourceIdentifier": "support@hackerone.com", "published": "2022-12-05T22:15:10.227", - "lastModified": "2023-10-22T19:15:08.350", + "lastModified": "2023-10-30T12:15:08.747", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -97,6 +97,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202310-18", + "source": "support@hackerone.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5530", "source": "support@hackerone.com" diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json index 8e49a6aa5b7..f8123652455 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json @@ -2,7 +2,7 @@ "id": "CVE-2022-30123", "sourceIdentifier": "support@hackerone.com", "published": "2022-12-05T22:15:10.280", - "lastModified": "2023-10-22T19:15:08.450", + "lastModified": "2023-10-30T12:15:08.847", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -96,6 +96,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202310-18", + "source": "support@hackerone.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5530", "source": "support@hackerone.com" diff --git a/CVE-2022/CVE-2022-305xx/CVE-2022-30550.json b/CVE-2022/CVE-2022-305xx/CVE-2022-30550.json index 66ccc221b46..f78587162e5 100644 --- a/CVE-2022/CVE-2022-305xx/CVE-2022-30550.json +++ b/CVE-2022/CVE-2022-305xx/CVE-2022-30550.json @@ -2,8 +2,8 @@ "id": "CVE-2022-30550", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-17T19:15:18.540", - "lastModified": "2022-10-28T15:17:31.090", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T12:15:08.940", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -105,6 +105,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202310-19", + "source": "cve@mitre.org" + }, { "url": "https://www.dovecot.org/download/", "source": "cve@mitre.org", diff --git a/CVE-2022/CVE-2022-41xx/CVE-2022-4170.json b/CVE-2022/CVE-2022-41xx/CVE-2022-4170.json index b3b9563b200..09f3a582571 100644 --- a/CVE-2022/CVE-2022-41xx/CVE-2022-4170.json +++ b/CVE-2022/CVE-2022-41xx/CVE-2022-4170.json @@ -2,8 +2,8 @@ "id": "CVE-2022-4170", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2022-12-09T18:15:20.327", - "lastModified": "2023-07-10T18:08:36.523", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-30T12:15:09.027", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -107,6 +107,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202310-20", + "source": "patrick@puiterwijk.org" + }, { "url": "https://www.openwall.com/lists/oss-security/2022/12/05/1", "source": "patrick@puiterwijk.org", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3254.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3254.json index 579a866aaf8..8a2ff3af080 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3254.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3254.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3254", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-18T05:15:07.937", - "lastModified": "2023-10-18T12:46:22.630", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T12:11:53.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trustedindex:widgets_for_google_reviews:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "10.9", + "matchCriteriaId": "D23DDBE8-11BB-47F5-A07A-E198E1EBADE6" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2980022%40wp-reviews-plugin-for-google%2Ftrunk&old=2977531%40wp-reviews-plugin-for-google%2Ftrunk&sfp_email=&sfph_mail=#file8", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70968476-b064-477f-999f-4aa2c51d89cc?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37636.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37636.json index b4274b51483..ec43e690a3e 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37636.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37636.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37636", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-23T21:15:08.800", - "lastModified": "2023-10-24T12:45:02.747", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:29:49.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) almacenada en UVDesk Community Skeleton v1.1.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado que se inyecta en el campo Mensaje al crear un ticket." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webkul:uvdesk:1.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "A533D6A4-3FC2-4D1A-B856-3D3DBBD8329B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.esecforte.com/cve-2023-37636-stored-cross-site-scripting/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40685.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40685.json index a12dc4b524a..732a3dbe5fb 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40685.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40685.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40685", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-29T02:15:07.693", - "lastModified": "2023-10-29T02:15:07.693", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42431.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42431.json new file mode 100644 index 00000000000..4faa0fba09b --- /dev/null +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42431.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-42431", + "sourceIdentifier": "security@bluespice.com", + "published": "2023-10-30T11:15:39.267", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@bluespice.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.7, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@bluespice.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2023-02", + "source": "security@bluespice.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-433xx/CVE-2023-43358.json b/CVE-2023/CVE-2023-433xx/CVE-2023-43358.json index 6faf3ae98c3..da75775e6ee 100644 --- a/CVE-2023/CVE-2023-433xx/CVE-2023-43358.json +++ b/CVE-2023/CVE-2023-433xx/CVE-2023-43358.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43358", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-23T22:15:09.210", - "lastModified": "2023-10-24T12:45:02.747", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:28:44.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Una vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el par\u00e1metro T\u00edtulo en el componente Men\u00fa de noticias." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.18:*:*:*:*:*:*:*", + "matchCriteriaId": "AEF989DA-0199-49AE-A793-1CE18C1E045A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sromanhu/CMSmadesimple-Stored-XSS---News", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/sromanhu/CVE-2023-43358-CMSmadesimple-Stored-XSS---News", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-438xx/CVE-2023-43800.json b/CVE-2023/CVE-2023-438xx/CVE-2023-43800.json index 70a569b6036..a521bd183f8 100644 --- a/CVE-2023/CVE-2023-438xx/CVE-2023-43800.json +++ b/CVE-2023/CVE-2023-438xx/CVE-2023-43800.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43800", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-18T22:15:09.173", - "lastModified": "2023-10-19T12:59:35.787", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T12:25:25.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-345" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arduino:create_agent:*:*:*:*:*:go:*:*", + "versionEndExcluding": "1.3.3", + "matchCriteriaId": "EE4124F3-115A-42BA-B29E-24AD19764999" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-4x5q-q7wc-q22p", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-438xx/CVE-2023-43801.json b/CVE-2023/CVE-2023-438xx/CVE-2023-43801.json index 1c6a40f0c7b..bc098ff035e 100644 --- a/CVE-2023/CVE-2023-438xx/CVE-2023-43801.json +++ b/CVE-2023/CVE-2023-438xx/CVE-2023-43801.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43801", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-18T22:15:09.247", - "lastModified": "2023-10-19T12:59:35.787", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T12:38:24.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arduino:create_agent:*:*:*:*:*:go:*:*", + "versionEndExcluding": "1.3.3", + "matchCriteriaId": "EE4124F3-115A-42BA-B29E-24AD19764999" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-mjq6-pv9c-qppq", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-438xx/CVE-2023-43802.json b/CVE-2023/CVE-2023-438xx/CVE-2023-43802.json index e0c8dcd4784..072a3435a23 100644 --- a/CVE-2023/CVE-2023-438xx/CVE-2023-43802.json +++ b/CVE-2023/CVE-2023-438xx/CVE-2023-43802.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43802", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-18T21:15:09.187", - "lastModified": "2023-10-19T12:59:40.337", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T12:58:20.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arduino:create_agent:*:*:*:*:*:go:*:*", + "versionEndExcluding": "1.3.3", + "matchCriteriaId": "EE4124F3-115A-42BA-B29E-24AD19764999" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-75j7-w798-cwwx", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-438xx/CVE-2023-43803.json b/CVE-2023/CVE-2023-438xx/CVE-2023-43803.json index e0274bf1ab6..739e2680d19 100644 --- a/CVE-2023/CVE-2023-438xx/CVE-2023-43803.json +++ b/CVE-2023/CVE-2023-438xx/CVE-2023-43803.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43803", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-18T21:15:09.260", - "lastModified": "2023-10-19T12:59:35.787", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T12:46:57.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arduino:create_agent:*:*:*:*:*:go:*:*", + "versionEndExcluding": "1.3.3", + "matchCriteriaId": "EE4124F3-115A-42BA-B29E-24AD19764999" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-m5jc-r4gf-c6p8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4393.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4393.json index da5e6b05186..2e8c34e7c75 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4393.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4393.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4393", "sourceIdentifier": "vdp@themissinglink.com.au", "published": "2023-10-30T00:15:39.237", - "lastModified": "2023-10-30T00:15:39.237", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44141.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44141.json index 89954c093d3..cbbfadd23f7 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44141.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44141.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44141", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-10-30T04:15:10.340", - "lastModified": "2023-10-30T04:15:10.340", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-447xx/CVE-2023-44760.json b/CVE-2023/CVE-2023-447xx/CVE-2023-44760.json index ccd871c444f..09790138d07 100644 --- a/CVE-2023/CVE-2023-447xx/CVE-2023-44760.json +++ b/CVE-2023/CVE-2023-447xx/CVE-2023-44760.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44760", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-23T22:15:09.257", - "lastModified": "2023-10-24T12:45:02.747", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:36:19.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "M\u00faltiples vulnerabilidades de Cross Site Scripting (XSS) en Concrete CMS v.9.2.1 permiten a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para los c\u00f3digos de seguimiento de encabezado y pie de p\u00e1gina de SEO y estad\u00edsticas." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:concretecms:concrete_cms:9.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C7B776E3-2D7A-4BD9-9800-01AED3141336" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45008.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45008.json index fc7e9f15df8..21048eb7fa2 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45008.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45008.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45008", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-18T08:15:07.947", - "lastModified": "2023-10-18T12:46:22.630", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T12:14:10.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpjohnny:comment_reply_email:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.3", + "matchCriteriaId": "459C5605-AD9D-4260-BF8C-7703A1F9A329" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/comment-reply-email/wordpress-comment-reply-email-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45145.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45145.json index c45d2889e90..6e70e58b34a 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45145.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45145.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45145", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-18T21:15:09.560", - "lastModified": "2023-10-27T03:15:08.193", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T12:50:12.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.6, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.0, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,26 +80,117 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.0", + "versionEndExcluding": "6.2.14", + "matchCriteriaId": "2BC37265-09C9-4A98-A97A-3950F80D2641" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.14", + "matchCriteriaId": "869B9F5D-E5C4-4C43-8F3D-1ECB973A6E71" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndExcluding": "7.2.2", + "matchCriteriaId": "484F4B31-F45C-4AD1-9D19-119E89039777" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redis:redis:2.6.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "988AF66E-727F-4579-9BA8-55B42D534FE0" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00032.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/464JPNBWE433ZGYXO3KN72VR3KJPWHAW/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNEK2K4IE7MPKRD6H36JXZMJKYS6I5GQ/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45746.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45746.json index c0258ed0ca0..e686c917cdb 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45746.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45746.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45746", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-10-30T05:15:09.993", - "lastModified": "2023-10-30T05:15:09.993", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45797.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45797.json index 2efec4474b5..59f3779e0ea 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45797.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45797.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45797", "sourceIdentifier": "vuln@krcert.or.kr", "published": "2023-10-30T07:15:12.677", - "lastModified": "2023-10-30T07:15:12.677", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45798.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45798.json index 5877dd62af7..ab68117a27e 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45798.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45798.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45798", "sourceIdentifier": "vuln@krcert.or.kr", "published": "2023-10-30T07:15:12.887", - "lastModified": "2023-10-30T07:15:12.887", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45799.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45799.json index 79bf99282eb..2832a0ed4e2 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45799.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45799.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45799", "sourceIdentifier": "vuln@krcert.or.kr", "published": "2023-10-30T07:15:12.977", - "lastModified": "2023-10-30T07:15:12.977", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-459xx/CVE-2023-45966.json b/CVE-2023/CVE-2023-459xx/CVE-2023-45966.json index 554bd728832..7e3782dfdd8 100644 --- a/CVE-2023/CVE-2023-459xx/CVE-2023-45966.json +++ b/CVE-2023/CVE-2023-459xx/CVE-2023-45966.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45966", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-23T21:15:08.847", - "lastModified": "2023-10-24T12:45:02.747", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:36:04.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,76 @@ "value": "umputun remark42 versi\u00f3n 1.12.1 y anteriores tiene una vulnerabilidad de Blind Server-Side Request Forgery (SSRF)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:remark42:remark42:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.12.1", + "matchCriteriaId": "22D32364-59CB-4880-AEEA-36CFE60EF9E6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jet-pentest/CVE-2023-45966", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/umputun/remark42/issues/1677", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-459xx/CVE-2023-45998.json b/CVE-2023/CVE-2023-459xx/CVE-2023-45998.json index da70da81ecc..031fa25c149 100644 --- a/CVE-2023/CVE-2023-459xx/CVE-2023-45998.json +++ b/CVE-2023/CVE-2023-459xx/CVE-2023-45998.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45998", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-23T22:15:09.300", - "lastModified": "2023-10-24T12:45:02.747", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:36:31.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "kodbox 1.44 es vulnerable a Cross Site Scripting (XSS). La personalizaci\u00f3n de HTML global da como resultado el almacenamiento de XSS." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kodcloud:kodbox:1.44:*:*:*:*:*:*:*", + "matchCriteriaId": "B9980E0B-F79B-4640-B9D8-C1D07B51BB05" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/fangjiuye/703fdb643db558640f23e4e7c9532348", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46058.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46058.json index c2b5501e51d..507f3b2921b 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46058.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46058.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46058", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-24T00:15:08.773", - "lastModified": "2023-10-24T12:45:02.747", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:37:02.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Vulnerabilidad de Cross Site Scripting (XSS) en Geeklog-Core geeklog v.2.2.2 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el par\u00e1metro grp_desc del componente admin/group.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:geeklog:geeklog:2.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "AB2BD897-EEF2-4806-8DCE-E1F3E11F3C39" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/CrownZTX/vulnerabilities/blob/main/geeklog/Stored_XSS_in_group.php.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46059.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46059.json index 43152d0e151..82326d4939f 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46059.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46059.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46059", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-24T00:15:08.823", - "lastModified": "2023-10-24T12:45:02.747", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:37:14.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Vulnerabilidad de Cross Site Scripting (XSS) en Geeklog-Core geeklog v.2.2.2 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado para el Servicio y la URL del sitio web para los par\u00e1metros de Ping del componente admin/trackback.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:geeklog:geeklog:2.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "AB2BD897-EEF2-4806-8DCE-E1F3E11F3C39" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/CrownZTX/vulnerabilities/blob/main/geeklog/reflected_XSS_in_editservice.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46862.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46862.json index aee9cafeffd..2d3665f7616 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46862.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46862.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46862", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-29T04:15:11.363", - "lastModified": "2023-10-29T04:15:11.363", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46863.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46863.json index 69420cb3084..e9e13de7a3e 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46863.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46863.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46863", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-30T00:15:39.157", - "lastModified": "2023-10-30T00:15:39.157", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46864.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46864.json index 2a543f5a7a4..100308bc349 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46864.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46864.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46864", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-30T00:15:39.200", - "lastModified": "2023-10-30T00:15:39.200", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46865.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46865.json index 610bc30cb5c..24d6b933efc 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46865.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46865.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46865", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-30T01:15:21.967", - "lastModified": "2023-10-30T01:15:21.967", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46866.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46866.json index c7683bce7ff..ac123c2ed3e 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46866.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46866.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46866", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-30T03:15:07.783", - "lastModified": "2023-10-30T03:15:07.783", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46867.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46867.json index 441e305d4ca..e560f451e21 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46867.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46867.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46867", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-30T03:15:07.830", - "lastModified": "2023-10-30T03:15:07.830", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5121.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5121.json index b5eca51e512..49c397111f7 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5121.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5121.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5121", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-20T08:15:13.187", - "lastModified": "2023-10-20T11:27:04.140", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:37:47.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpvivid:migration\\,_backup\\,_staging:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.9.89", + "matchCriteriaId": "34D10B34-6A2E-43C0-8D0A-CEF6DDC345D6" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdcac5f9-a744-4853-8a80-ed38fec81dbb?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5231.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5231.json index 14398cd7d27..9f2fa49df00 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5231.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5231.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5231", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-20T08:15:13.250", - "lastModified": "2023-10-20T11:27:04.140", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:12:11.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pogidude:magic_action_box:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.17.2", + "matchCriteriaId": "4B636A80-AEE1-4562-9D0C-1AB0DC7259B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/magic-action-box/tags/2.17.2/lib/functions.php#L287", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ce9b908b-1388-41fb-915c-e4e29eaf57ed?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5292.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5292.json index 185f11f7b7d..7a805453852 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5292.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5292.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5292", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-20T08:15:13.317", - "lastModified": "2023-10-20T11:27:04.140", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:12:36.500", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,22 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acfextended:advanced_custom_fields_extended:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.8.9.3", + "matchCriteriaId": "E70BA0F4-B8B5-49B7-800C-064834ADE245" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/acf-extended/tags/0.8.9.3/includes/modules/form/module-form-front.php#L669", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/acf-extended/tags/0.8.9.4/includes/modules/form/module-form-front.php#L669", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2972880/acf-extended#file4", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dcbe0c72-d518-45d3-a220-896a51071b26?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5337.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5337.json index f0046fd6795..92b0cc5aced 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5337.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5337.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5337", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-20T08:15:13.383", - "lastModified": "2023-10-20T11:27:04.140", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:15:11.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:formforall:formforall:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2", + "matchCriteriaId": "367B244C-45FC-4E4C-A3A8-8F9977F6B16F" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/formforall/trunk/formforall_common.php#L21", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abe2f596-b2c3-49d3-b646-0f4b64f15674?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5533.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5533.json index 4c5a4d40fea..d1cdf407857 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5533.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5533.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5533", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-20T08:15:13.450", - "lastModified": "2023-10-23T13:15:09.177", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:17:01.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,14 +80,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.8.9", + "matchCriteriaId": "725153FA-A9CC-493C-A8FE-275434AAF09F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:4.9.2:*:*:*:*:wordpress:*:*", + "matchCriteriaId": "C54E19C0-77EE-4C3A-9DCD-4740E77D6D89" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9db002f-ff41-493a-87b1-5f0b4b07cfc2?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5534.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5534.json index 259727f25ee..1e8ae8d85c5 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5534.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5534.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5534", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-20T08:15:13.513", - "lastModified": "2023-10-23T13:15:09.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:17:24.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,14 +80,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.8.9", + "matchCriteriaId": "725153FA-A9CC-493C-A8FE-275434AAF09F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:4.9.2:*:*:*:*:wordpress:*:*", + "matchCriteriaId": "C54E19C0-77EE-4C3A-9DCD-4740E77D6D89" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/846bd929-45cd-4e91-b232-ae16dd2b12a0?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5602.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5602.json index 7e11d57fc5f..4fd358a6c32 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5602.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5602.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5602", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-20T08:15:13.577", - "lastModified": "2023-10-20T11:27:04.140", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-30T11:18:03.813", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ultimatelysocial:social_media_share_buttons_\\&_social_sharing_icons:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.8.5", + "matchCriteriaId": "2C87C087-81E3-46EB-BB3C-CDE9E6D87F6F" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2975574/ultimate-social-media-icons/tags/2.8.6/libs/controllers/sfsi_buttons_controller.php?old=2956446&old_path=ultimate-social-media-icons%2Ftags%2F2.8.5%2Flibs%2Fcontrollers%2Fsfsi_buttons_controller.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d44a45fb-3bff-4a1f-8319-a58a47a9d76b?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5842.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5842.json index 1cd9b8d4957..83908db2f24 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5842.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5842.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5842", "sourceIdentifier": "security@huntr.dev", "published": "2023-10-30T01:15:22.013", - "lastModified": "2023-10-30T01:15:22.013", - "vulnStatus": "Received", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5844.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5844.json new file mode 100644 index 00000000000..fd72def3dea --- /dev/null +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5844.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5844", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-30T11:15:39.347", + "lastModified": "2023-10-30T11:54:30.703", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-620" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a7f8a4151a8..8ae6365c163 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-30T09:00:24.386241+00:00 +2023-10-30T13:00:25.728456+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-30T07:15:12.977000+00:00 +2023-10-30T12:58:20.887000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -229132 +229134 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -* [CVE-2023-45797](CVE-2023/CVE-2023-457xx/CVE-2023-45797.json) (`2023-10-30T07:15:12.677`) -* [CVE-2023-45798](CVE-2023/CVE-2023-457xx/CVE-2023-45798.json) (`2023-10-30T07:15:12.887`) -* [CVE-2023-45799](CVE-2023/CVE-2023-457xx/CVE-2023-45799.json) (`2023-10-30T07:15:12.977`) +* [CVE-2023-42431](CVE-2023/CVE-2023-424xx/CVE-2023-42431.json) (`2023-10-30T11:15:39.267`) +* [CVE-2023-5844](CVE-2023/CVE-2023-58xx/CVE-2023-5844.json) (`2023-10-30T11:15:39.347`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `50` +* [CVE-2023-45998](CVE-2023/CVE-2023-459xx/CVE-2023-45998.json) (`2023-10-30T11:36:31.693`) +* [CVE-2023-46058](CVE-2023/CVE-2023-460xx/CVE-2023-46058.json) (`2023-10-30T11:37:02.710`) +* [CVE-2023-46059](CVE-2023/CVE-2023-460xx/CVE-2023-46059.json) (`2023-10-30T11:37:14.247`) +* [CVE-2023-5121](CVE-2023/CVE-2023-51xx/CVE-2023-5121.json) (`2023-10-30T11:37:47.037`) +* [CVE-2023-40685](CVE-2023/CVE-2023-406xx/CVE-2023-40685.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-46862](CVE-2023/CVE-2023-468xx/CVE-2023-46862.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-46863](CVE-2023/CVE-2023-468xx/CVE-2023-46863.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-46864](CVE-2023/CVE-2023-468xx/CVE-2023-46864.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-4393](CVE-2023/CVE-2023-43xx/CVE-2023-4393.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-46865](CVE-2023/CVE-2023-468xx/CVE-2023-46865.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-5842](CVE-2023/CVE-2023-58xx/CVE-2023-5842.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-46866](CVE-2023/CVE-2023-468xx/CVE-2023-46866.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-46867](CVE-2023/CVE-2023-468xx/CVE-2023-46867.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-44141](CVE-2023/CVE-2023-441xx/CVE-2023-44141.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-45746](CVE-2023/CVE-2023-457xx/CVE-2023-45746.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-45797](CVE-2023/CVE-2023-457xx/CVE-2023-45797.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-45798](CVE-2023/CVE-2023-457xx/CVE-2023-45798.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-45799](CVE-2023/CVE-2023-457xx/CVE-2023-45799.json) (`2023-10-30T11:54:30.703`) +* [CVE-2023-3254](CVE-2023/CVE-2023-32xx/CVE-2023-3254.json) (`2023-10-30T12:11:53.503`) +* [CVE-2023-45008](CVE-2023/CVE-2023-450xx/CVE-2023-45008.json) (`2023-10-30T12:14:10.967`) +* [CVE-2023-43800](CVE-2023/CVE-2023-438xx/CVE-2023-43800.json) (`2023-10-30T12:25:25.967`) +* [CVE-2023-43801](CVE-2023/CVE-2023-438xx/CVE-2023-43801.json) (`2023-10-30T12:38:24.330`) +* [CVE-2023-43803](CVE-2023/CVE-2023-438xx/CVE-2023-43803.json) (`2023-10-30T12:46:57.553`) +* [CVE-2023-45145](CVE-2023/CVE-2023-451xx/CVE-2023-45145.json) (`2023-10-30T12:50:12.313`) +* [CVE-2023-43802](CVE-2023/CVE-2023-438xx/CVE-2023-43802.json) (`2023-10-30T12:58:20.887`) ## Download and Usage