Auto-Update: 2023-08-25T10:00:24.534288+00:00

2025-05-08 11:37:26 +00:00 · 2023-08-25 10:00:27 +00:00 · 2023-08-25 10:00:27 +00:00 · 85311d1fae
commit 85311d1fae
parent 66da99bc4f
10 changed files with 509 additions and 15 deletions
--- a/CVE-2023/CVE-2023-325xx/CVE-2023-32518.json
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32518.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32518",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-08-25T09:15:07.840",
+  "lastModified": "2023-08-25T09:15:07.840",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <=\u00a01.1.16 versions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/wp-chinese-conversion/wordpress-wp-chinese-conversion-plugin-1-1-16-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-325xx/CVE-2023-32576.json
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32576.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32576",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-08-25T09:15:08.477",
+  "lastModified": "2023-08-25T09:15:08.477",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Plainware Locatoraid Store Locator plugin <=\u00a03.9.18 versions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/locatoraid/wordpress-locatoraid-store-locator-plugin-3-9-18-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-325xx/CVE-2023-32577.json
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32577.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32577",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-08-25T09:15:08.573",
+  "lastModified": "2023-08-25T09:15:08.573",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <=\u00a04.0.0 versions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/devbuddy-twitter-feed/wordpress-devbuddy-twitter-feed-plugin-4-0-0-cross-site-scripting-xss?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-325xx/CVE-2023-32584.json
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32584.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32584",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-08-25T09:15:08.670",
+  "lastModified": "2023-08-25T09:15:08.670",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <=\u00a03.1.3 versions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/ebecas/wordpress-ebecas-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-325xx/CVE-2023-32591.json
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32591.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32591",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-08-25T09:15:08.757",
+  "lastModified": "2023-08-25T09:15:08.757",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <=\u00a03.0.0 versions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/d-bargain/wordpress-dbargain-plugin-3-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32756.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32756.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32756",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-08-25T08:15:07.747",
+  "lastModified": "2023-08-25T08:15:07.747",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\ne-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can\u2019t control system or disrupt service.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7329-d8e4c-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32757.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32757.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32757",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-08-25T08:15:07.850",
+  "lastModified": "2023-08-25T08:15:07.850",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\ne-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7330-94442-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-34xx/CVE-2023-3406.json
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3406.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3406",
+  "sourceIdentifier": "security@m-files.com",
+  "published": "2023-08-25T09:15:08.850",
+  "lastModified": "2023-08-25T09:15:08.850",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@m-files.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.7,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@m-files.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3406",
+      "source": "security@m-files.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-34xx/CVE-2023-3425.json
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3425.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3425",
+  "sourceIdentifier": "security@m-files.com",
+  "published": "2023-08-25T09:15:08.937",
+  "lastModified": "2023-08-25T09:15:08.937",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@m-files.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 4.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@m-files.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3425",
+      "source": "security@m-files.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-08-25T08:00:26.388259+00:00
+2023-08-25T10:00:24.534288+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-08-25T07:15:09.140000+00:00
+2023-08-25T09:15:08.937000+00:00
 ```

 ### Last Data Feed Release
@ -29,29 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-223419
+223428
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `9`

-* [CVE-2023-32755](CVE-2023/CVE-2023-327xx/CVE-2023-32755.json) (`2023-08-25T07:15:08.273`)
-* [CVE-2023-41173](CVE-2023/CVE-2023-411xx/CVE-2023-41173.json) (`2023-08-25T07:15:09.140`)
+* [CVE-2023-32756](CVE-2023/CVE-2023-327xx/CVE-2023-32756.json) (`2023-08-25T08:15:07.747`)
+* [CVE-2023-32757](CVE-2023/CVE-2023-327xx/CVE-2023-32757.json) (`2023-08-25T08:15:07.850`)
+* [CVE-2023-32518](CVE-2023/CVE-2023-325xx/CVE-2023-32518.json) (`2023-08-25T09:15:07.840`)
+* [CVE-2023-32576](CVE-2023/CVE-2023-325xx/CVE-2023-32576.json) (`2023-08-25T09:15:08.477`)
+* [CVE-2023-32577](CVE-2023/CVE-2023-325xx/CVE-2023-32577.json) (`2023-08-25T09:15:08.573`)
+* [CVE-2023-32584](CVE-2023/CVE-2023-325xx/CVE-2023-32584.json) (`2023-08-25T09:15:08.670`)
+* [CVE-2023-32591](CVE-2023/CVE-2023-325xx/CVE-2023-32591.json) (`2023-08-25T09:15:08.757`)
+* [CVE-2023-3406](CVE-2023/CVE-2023-34xx/CVE-2023-3406.json) (`2023-08-25T09:15:08.850`)
+* [CVE-2023-3425](CVE-2023/CVE-2023-34xx/CVE-2023-3425.json) (`2023-08-25T09:15:08.937`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `8`
+Recently modified CVEs: `0`

-* [CVE-2023-2673](CVE-2023/CVE-2023-26xx/CVE-2023-2673.json) (`2023-08-25T06:15:07.657`)
-* [CVE-2023-3261](CVE-2023/CVE-2023-32xx/CVE-2023-3261.json) (`2023-08-25T06:15:08.990`)
-* [CVE-2023-3262](CVE-2023/CVE-2023-32xx/CVE-2023-3262.json) (`2023-08-25T06:15:09.797`)
-* [CVE-2023-3264](CVE-2023/CVE-2023-32xx/CVE-2023-3264.json) (`2023-08-25T06:15:10.350`)
-* [CVE-2023-37860](CVE-2023/CVE-2023-378xx/CVE-2023-37860.json) (`2023-08-25T07:15:08.483`)
-* [CVE-2023-3570](CVE-2023/CVE-2023-35xx/CVE-2023-3570.json) (`2023-08-25T07:15:08.680`)
-* [CVE-2023-3571](CVE-2023/CVE-2023-35xx/CVE-2023-3571.json) (`2023-08-25T07:15:08.840`)
-* [CVE-2023-3573](CVE-2023/CVE-2023-35xx/CVE-2023-3573.json) (`2023-08-25T07:15:08.990`)


 ## Download and Usage