diff --git a/CVE-2022/CVE-2022-00xx/CVE-2022-0010.json b/CVE-2022/CVE-2022-00xx/CVE-2022-0010.json new file mode 100644 index 00000000000..937ef68636c --- /dev/null +++ b/CVE-2022/CVE-2022-00xx/CVE-2022-0010.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-0010", + "sourceIdentifier": "cybersecurity@ch.abb.com", + "published": "2023-05-22T08:15:08.920", + "lastModified": "2023-05-22T08:15:08.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.\n\n\nAn attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. \n\nThis issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cybersecurity@ch.abb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=3BUS221709&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.108646530.1437951308.1684739395-1142547495.1678209228", + "source": "cybersecurity@ch.abb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47142.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47142.json new file mode 100644 index 00000000000..9ce6e6d03c9 --- /dev/null +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47142.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47142", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-22T09:15:09.830", + "lastModified": "2023-05-22T09:15:09.830", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic \u2013 Media Library Folders plugin <=\u00a02.8.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mediamatic/wordpress-mediamatic-media-library-folders-plugin-2-8-1-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-476xx/CVE-2022-47609.json b/CVE-2022/CVE-2022-476xx/CVE-2022-47609.json new file mode 100644 index 00000000000..144522a7c7e --- /dev/null +++ b/CVE-2022/CVE-2022-476xx/CVE-2022-47609.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47609", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-22T09:15:10.457", + "lastModified": "2023-05-22T09:15:10.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <=\u00a02.8.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/dnui-delete-not-used-image-wordpress/wordpress-dnui-plugin-2-8-1-multiple-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22688.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22688.json new file mode 100644 index 00000000000..cc794e3f5d3 --- /dev/null +++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22688.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22688", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-22T09:15:10.540", + "lastModified": "2023-05-22T09:15:10.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <=\u00a02.0.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wordpress-tabs-slides/wordpress-wp-tabs-slides-plugin-2-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22692.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22692.json new file mode 100644 index 00000000000..2b112ca5a0d --- /dev/null +++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22692.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22692", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-22T09:15:10.623", + "lastModified": "2023-05-22T09:15:10.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <=\u00a01.27.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/name-directory/wordpress-name-directory-plugin-1-27-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-227xx/CVE-2023-22709.json b/CVE-2023/CVE-2023-227xx/CVE-2023-22709.json new file mode 100644 index 00000000000..0ab735fc1b2 --- /dev/null +++ b/CVE-2023/CVE-2023-227xx/CVE-2023-22709.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22709", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-22T09:15:10.693", + "lastModified": "2023-05-22T09:15:10.693", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin <=\u00a01.1.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/srs-simple-hits-counter/wordpress-srs-simple-hits-counter-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-227xx/CVE-2023-22714.json b/CVE-2023/CVE-2023-227xx/CVE-2023-22714.json new file mode 100644 index 00000000000..0be6c777f7c --- /dev/null +++ b/CVE-2023/CVE-2023-227xx/CVE-2023-22714.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22714", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-22T09:15:10.767", + "lastModified": "2023-05-22T09:15:10.767", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <=\u00a01.7.10 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/coming-soon-by-supsystic/wordpress-coming-soon-by-supsystic-plugin-1-7-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23680.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23680.json new file mode 100644 index 00000000000..08ea012130e --- /dev/null +++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23680.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23680", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-22T09:15:10.837", + "lastModified": "2023-05-22T09:15:10.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar plugin <=\u00a05.36 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-topbar/wordpress-wp-topbar-plugin-5-36-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23712.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23712.json new file mode 100644 index 00000000000..65530e90033 --- /dev/null +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23712.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23712", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-22T09:15:10.903", + "lastModified": "2023-05-22T09:15:10.903", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <=\u00a03.4.9 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/user-meta-manager/wordpress-user-meta-manager-plugin-3-4-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23813.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23813.json new file mode 100644 index 00000000000..c233527e4a5 --- /dev/null +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23813.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23813", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-22T09:15:10.973", + "lastModified": "2023-05-22T09:15:10.973", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <=\u00a03.4.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/my-calendar/wordpress-my-calendar-plugin-3-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ef16b0d0fd4..3ad29fe2ea1 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-22T08:00:28.191696+00:00 +2023-05-22T10:00:32.773486+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-22T07:15:09.257000+00:00 +2023-05-22T09:15:10.973000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -215712 +215722 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `10` -* [CVE-2023-33235](CVE-2023/CVE-2023-332xx/CVE-2023-33235.json) (`2023-05-22T06:15:11.020`) -* [CVE-2023-33236](CVE-2023/CVE-2023-332xx/CVE-2023-33236.json) (`2023-05-22T07:15:09.257`) +* [CVE-2022-0010](CVE-2022/CVE-2022-00xx/CVE-2022-0010.json) (`2023-05-22T08:15:08.920`) +* [CVE-2022-47142](CVE-2022/CVE-2022-471xx/CVE-2022-47142.json) (`2023-05-22T09:15:09.830`) +* [CVE-2022-47609](CVE-2022/CVE-2022-476xx/CVE-2022-47609.json) (`2023-05-22T09:15:10.457`) +* [CVE-2023-22688](CVE-2023/CVE-2023-226xx/CVE-2023-22688.json) (`2023-05-22T09:15:10.540`) +* [CVE-2023-22692](CVE-2023/CVE-2023-226xx/CVE-2023-22692.json) (`2023-05-22T09:15:10.623`) +* [CVE-2023-22709](CVE-2023/CVE-2023-227xx/CVE-2023-22709.json) (`2023-05-22T09:15:10.693`) +* [CVE-2023-22714](CVE-2023/CVE-2023-227xx/CVE-2023-22714.json) (`2023-05-22T09:15:10.767`) +* [CVE-2023-23680](CVE-2023/CVE-2023-236xx/CVE-2023-23680.json) (`2023-05-22T09:15:10.837`) +* [CVE-2023-23712](CVE-2023/CVE-2023-237xx/CVE-2023-23712.json) (`2023-05-22T09:15:10.903`) +* [CVE-2023-23813](CVE-2023/CVE-2023-238xx/CVE-2023-23813.json) (`2023-05-22T09:15:10.973`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -* [CVE-2019-25137](CVE-2019/CVE-2019-251xx/CVE-2019-25137.json) (`2023-05-22T06:15:09.520`) ## Download and Usage