From 85311d1faec1632fe82874547905f518423b277a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 25 Aug 2023 10:00:27 +0000 Subject: [PATCH] Auto-Update: 2023-08-25T10:00:24.534288+00:00 --- CVE-2023/CVE-2023-325xx/CVE-2023-32518.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-325xx/CVE-2023-32576.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-325xx/CVE-2023-32577.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-325xx/CVE-2023-32584.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-325xx/CVE-2023-32591.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-327xx/CVE-2023-32756.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-327xx/CVE-2023-32757.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-34xx/CVE-2023-3406.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-34xx/CVE-2023-3425.json | 55 +++++++++++++++++++++ README.md | 29 ++++++----- 10 files changed, 509 insertions(+), 15 deletions(-) create mode 100644 CVE-2023/CVE-2023-325xx/CVE-2023-32518.json create mode 100644 CVE-2023/CVE-2023-325xx/CVE-2023-32576.json create mode 100644 CVE-2023/CVE-2023-325xx/CVE-2023-32577.json create mode 100644 CVE-2023/CVE-2023-325xx/CVE-2023-32584.json create mode 100644 CVE-2023/CVE-2023-325xx/CVE-2023-32591.json create mode 100644 CVE-2023/CVE-2023-327xx/CVE-2023-32756.json create mode 100644 CVE-2023/CVE-2023-327xx/CVE-2023-32757.json create mode 100644 CVE-2023/CVE-2023-34xx/CVE-2023-3406.json create mode 100644 CVE-2023/CVE-2023-34xx/CVE-2023-3425.json diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32518.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32518.json new file mode 100644 index 00000000000..ac7d3065437 --- /dev/null +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32518.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32518", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-25T09:15:07.840", + "lastModified": "2023-08-25T09:15:07.840", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <=\u00a01.1.16 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-chinese-conversion/wordpress-wp-chinese-conversion-plugin-1-1-16-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32576.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32576.json new file mode 100644 index 00000000000..df6505bd0b9 --- /dev/null +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32576.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32576", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-25T09:15:08.477", + "lastModified": "2023-08-25T09:15:08.477", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Plainware Locatoraid Store Locator plugin <=\u00a03.9.18 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/locatoraid/wordpress-locatoraid-store-locator-plugin-3-9-18-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32577.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32577.json new file mode 100644 index 00000000000..e9f5dc1de2d --- /dev/null +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32577.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32577", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-25T09:15:08.573", + "lastModified": "2023-08-25T09:15:08.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <=\u00a04.0.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/devbuddy-twitter-feed/wordpress-devbuddy-twitter-feed-plugin-4-0-0-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32584.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32584.json new file mode 100644 index 00000000000..9e0c39f1b88 --- /dev/null +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32584.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32584", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-25T09:15:08.670", + "lastModified": "2023-08-25T09:15:08.670", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <=\u00a03.1.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ebecas/wordpress-ebecas-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32591.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32591.json new file mode 100644 index 00000000000..da096e2cda1 --- /dev/null +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32591.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32591", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-25T09:15:08.757", + "lastModified": "2023-08-25T09:15:08.757", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <=\u00a03.0.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/d-bargain/wordpress-dbargain-plugin-3-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32756.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32756.json new file mode 100644 index 00000000000..ec4502b25d6 --- /dev/null +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32756.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32756", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-08-25T08:15:07.747", + "lastModified": "2023-08-25T08:15:07.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\ne-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can\u2019t control system or disrupt service.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7329-d8e4c-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32757.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32757.json new file mode 100644 index 00000000000..54382e0a7e8 --- /dev/null +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32757.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32757", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-08-25T08:15:07.850", + "lastModified": "2023-08-25T08:15:07.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\ne-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7330-94442-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3406.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3406.json new file mode 100644 index 00000000000..f109dd0e2eb --- /dev/null +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3406.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3406", + "sourceIdentifier": "security@m-files.com", + "published": "2023-08-25T09:15:08.850", + "lastModified": "2023-08-25T09:15:08.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@m-files.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@m-files.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3406", + "source": "security@m-files.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3425.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3425.json new file mode 100644 index 00000000000..584d9d928a5 --- /dev/null +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3425.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3425", + "sourceIdentifier": "security@m-files.com", + "published": "2023-08-25T09:15:08.937", + "lastModified": "2023-08-25T09:15:08.937", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@m-files.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@m-files.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3425", + "source": "security@m-files.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index df76a1c02c7..69b1ab2f5a2 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-25T08:00:26.388259+00:00 +2023-08-25T10:00:24.534288+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-25T07:15:09.140000+00:00 +2023-08-25T09:15:08.937000+00:00 ``` ### Last Data Feed Release @@ -29,29 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223419 +223428 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `9` -* [CVE-2023-32755](CVE-2023/CVE-2023-327xx/CVE-2023-32755.json) (`2023-08-25T07:15:08.273`) -* [CVE-2023-41173](CVE-2023/CVE-2023-411xx/CVE-2023-41173.json) (`2023-08-25T07:15:09.140`) +* [CVE-2023-32756](CVE-2023/CVE-2023-327xx/CVE-2023-32756.json) (`2023-08-25T08:15:07.747`) +* [CVE-2023-32757](CVE-2023/CVE-2023-327xx/CVE-2023-32757.json) (`2023-08-25T08:15:07.850`) +* [CVE-2023-32518](CVE-2023/CVE-2023-325xx/CVE-2023-32518.json) (`2023-08-25T09:15:07.840`) +* [CVE-2023-32576](CVE-2023/CVE-2023-325xx/CVE-2023-32576.json) (`2023-08-25T09:15:08.477`) +* [CVE-2023-32577](CVE-2023/CVE-2023-325xx/CVE-2023-32577.json) (`2023-08-25T09:15:08.573`) +* [CVE-2023-32584](CVE-2023/CVE-2023-325xx/CVE-2023-32584.json) (`2023-08-25T09:15:08.670`) +* [CVE-2023-32591](CVE-2023/CVE-2023-325xx/CVE-2023-32591.json) (`2023-08-25T09:15:08.757`) +* [CVE-2023-3406](CVE-2023/CVE-2023-34xx/CVE-2023-3406.json) (`2023-08-25T09:15:08.850`) +* [CVE-2023-3425](CVE-2023/CVE-2023-34xx/CVE-2023-3425.json) (`2023-08-25T09:15:08.937`) ### CVEs modified in the last Commit -Recently modified CVEs: `8` +Recently modified CVEs: `0` -* [CVE-2023-2673](CVE-2023/CVE-2023-26xx/CVE-2023-2673.json) (`2023-08-25T06:15:07.657`) -* [CVE-2023-3261](CVE-2023/CVE-2023-32xx/CVE-2023-3261.json) (`2023-08-25T06:15:08.990`) -* [CVE-2023-3262](CVE-2023/CVE-2023-32xx/CVE-2023-3262.json) (`2023-08-25T06:15:09.797`) -* [CVE-2023-3264](CVE-2023/CVE-2023-32xx/CVE-2023-3264.json) (`2023-08-25T06:15:10.350`) -* [CVE-2023-37860](CVE-2023/CVE-2023-378xx/CVE-2023-37860.json) (`2023-08-25T07:15:08.483`) -* [CVE-2023-3570](CVE-2023/CVE-2023-35xx/CVE-2023-3570.json) (`2023-08-25T07:15:08.680`) -* [CVE-2023-3571](CVE-2023/CVE-2023-35xx/CVE-2023-3571.json) (`2023-08-25T07:15:08.840`) -* [CVE-2023-3573](CVE-2023/CVE-2023-35xx/CVE-2023-3573.json) (`2023-08-25T07:15:08.990`) ## Download and Usage