admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-29T11:00:25.168811+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-29 11:00:28 +00:00
parent 2824b46364
commit 88dabe56ad
28 changed files with 1799 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2022/CVE-2022-445xx/CVE-2022-44589.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-44589",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:08.613",
"lastModified": "2023-12-29T10:15:08.613",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/miniorange-2-factor-authentication/wordpress-miniorange-two-factor-authentication-plugin-5-6-1-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-226xx/CVE-2023-22676.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22676",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.057",
"lastModified": "2023-12-29T09:15:08.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Anders Thorborg.This issue affects Anders Thorborg: from n/a through 1.4.12.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/acf-image-crop-add-on/wordpress-advanced-custom-fields-image-crop-add-on-plugin-1-4-12-broken-access-control?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-226xx/CVE-2023-22677.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22677",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.300",
"lastModified": "2023-12-29T09:15:08.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-booklet/wordpress-wp-booklet-plugin-2-1-8-remote-code-execution-rce?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25054.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25054",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.523",
"lastModified": "2023-12-29T09:15:08.523",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-6-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28786.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28786",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:08.973",
"lastModified": "2023-12-29T10:15:08.973",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security \u2013 Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/better-wp-security/wordpress-ithemes-security-plugin-8-1-4-open-redirection-via-host-header-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31095.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31095",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:09.260",
"lastModified": "2023-12-29T10:15:09.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cf7-hubspot/wordpress-integration-for-contact-form-7-hubspot-plugin-1-2-8-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-312xx/CVE-2023-31229.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31229",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:09.490",
"lastModified": "2023-12-29T10:15:09.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpdirectorykit/wordpress-wp-directory-kit-plugin-1-1-9-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-312xx/CVE-2023-31237.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31237",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:09.813",
"lastModified": "2023-12-29T10:15:09.813",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/zephyr-project-manager/wordpress-zephyr-project-manager-plugin-3-3-9-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-320xx/CVE-2023-32095.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32095",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.750",
"lastModified": "2023-12-29T09:15:08.750",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dini\u0107 Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rename-media-files/wordpress-rename-media-files-plugin-1-0-1-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-321xx/CVE-2023-32101.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32101",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:10.080",
"lastModified": "2023-12-29T10:15:10.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.This issue affects Library Viewer: from n/a through 2.0.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/library-viewer/wordpress-library-viewer-plugin-2-0-6-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-325xx/CVE-2023-32517.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32517",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:10.390",
"lastModified": "2023-12-29T10:15:10.390",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mailchimp-subscribe-sm/wordpress-mailchimp-subscribe-forms-plugin-4-0-9-1-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-406xx/CVE-2023-40606.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40606",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:08.977",
"lastModified": "2023-12-29T09:15:08.977",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kanban/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-arbitrary-code-execution-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

92
CVE-2023/CVE-2023-44xx/CVE-2023-4462.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-4462",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:11.100",
"lastModified": "2023-12-29T10:15:11.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6
},
"baseSeverity": "LOW",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"references": [
{
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html",
"source": "cna@vuldb.com"
},
{
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249255",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249255",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2023/CVE-2023-44xx/CVE-2023-4463.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-4463",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:11.413",
"lastModified": "2023-12-29T10:15:11.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html",
"source": "cna@vuldb.com"
},
{
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249256",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249256",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2023/CVE-2023-44xx/CVE-2023-4464.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-4464",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:11.750",
"lastModified": "2023-12-29T10:15:11.750",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html",
"source": "cna@vuldb.com"
},
{
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249257",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249257",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2023/CVE-2023-44xx/CVE-2023-4465.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-4465",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:12.133",
"lastModified": "2023-12-29T10:15:12.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-620"
}
]
}
],
"references": [
{
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html",
"source": "cna@vuldb.com"
},
{
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249258",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249258",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2023/CVE-2023-44xx/CVE-2023-4466.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-4466",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:12.470",
"lastModified": "2023-12-29T10:15:12.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html",
"source": "cna@vuldb.com"
},
{
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249259",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249259",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2023/CVE-2023-44xx/CVE-2023-4467.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-4467",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:12.783",
"lastModified": "2023-12-29T10:15:12.783",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 2.5,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-912"
}
]
}
],
"references": [
{
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html",
"source": "cna@vuldb.com"
},
{
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249260",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249260",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2023/CVE-2023-44xx/CVE-2023-4468.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-4468",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:13.140",
"lastModified": "2023-12-29T10:15:13.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Poly Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html",
"source": "cna@vuldb.com"
},
{
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249261",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249261",
"source": "cna@vuldb.com"
}
]
}

55
CVE-2023/CVE-2023-457xx/CVE-2023-45751.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45751",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:09.197",
"lastModified": "2023-12-29T09:15:09.197",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-466xx/CVE-2023-46623.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46623",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:09.410",
"lastModified": "2023-12-29T09:15:09.410",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-2-remote-code-execution-rce-via-htaccess-modification-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-478xx/CVE-2023-47840.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-47840",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T09:15:09.637",
"lastModified": "2023-12-29T09:15:09.637",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/qode-essential-addons/wordpress-qode-essential-addons-plugin-1-5-2-arbitrary-plugin-installation-and-activation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-498xx/CVE-2023-49830.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-49830",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:10.783",
"lastModified": "2023-12-29T10:15:10.783",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/astra-addon/wordpress-astra-pro-plugin-4-3-1-contributor-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51420.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51420",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-29T10:15:13.527",
"lastModified": "2023-12-29T10:15:13.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

92
CVE-2023/CVE-2023-71xx/CVE-2023-7104.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-7104",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:13.890",
"lastModified": "2023-12-29T10:15:13.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://sqlite.org/forum/forumpost/5bcbf4571c",
"source": "cna@vuldb.com"
},
{
"url": "https://sqlite.org/src/info/0e4e7a05c4204b47",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.248999",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.248999",
"source": "cna@vuldb.com"
}
]
}

6
CVE-2023/CVE-2023-71xx/CVE-2023-7152.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7152",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T05:15:09.473",
"lastModified": "2023-12-29T05:15:09.473",
"lastModified": "2023-12-29T09:15:09.873",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en MicroPython 1.21.0/1.22.0-preview y clasificada como cr\u00edtica. La funci\u00f3n poll_set_add_fd del archivo extmod/modselect.c es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a use after free. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El parche se identifica como 8b24aa36ba978eafc6114b6798b47b7bfecdca26. Se recomienda aplicar un parche para solucionar este problema. VDB-249158 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

92
CVE-2023/CVE-2023-71xx/CVE-2023-7166.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-7166",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T09:15:09.973",
"lastModified": "2023-12-29T09:15:09.973",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c62da9bb3a9b3603014d0edb436146512631100d. It is recommended to apply a patch to fix this issue. The identifier VDB-249201 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/201206030/novel-plus/commit/c62da9bb3a9b3603014d0edb436146512631100d",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS/en-us.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249201",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249201",
"source": "cna@vuldb.com"
}
]
}

47
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-29T09:00:25.645149+00:00
2023-12-29T11:00:25.168811+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-29T08:15:37.260000+00:00
2023-12-29T10:15:13.890000+00:00
```
### Last Data Feed Release
@ -29,30 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234439
234465
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `26`
* [CVE-2023-23634](CVE-2023/CVE-2023-236xx/CVE-2023-23634.json) (`2023-12-29T07:15:10.430`)
* [CVE-2023-7158](CVE-2023/CVE-2023-71xx/CVE-2023-7158.json) (`2023-12-29T07:15:11.060`)
* [CVE-2023-7159](CVE-2023/CVE-2023-71xx/CVE-2023-7159.json) (`2023-12-29T07:15:11.420`)
* [CVE-2023-7160](CVE-2023/CVE-2023-71xx/CVE-2023-7160.json) (`2023-12-29T08:15:36.850`)
* [CVE-2023-7161](CVE-2023/CVE-2023-71xx/CVE-2023-7161.json) (`2023-12-29T08:15:37.260`)
* [CVE-2023-22676](CVE-2023/CVE-2023-226xx/CVE-2023-22676.json) (`2023-12-29T09:15:08.057`)
* [CVE-2023-22677](CVE-2023/CVE-2023-226xx/CVE-2023-22677.json) (`2023-12-29T09:15:08.300`)
* [CVE-2023-25054](CVE-2023/CVE-2023-250xx/CVE-2023-25054.json) (`2023-12-29T09:15:08.523`)
* [CVE-2023-32095](CVE-2023/CVE-2023-320xx/CVE-2023-32095.json) (`2023-12-29T09:15:08.750`)
* [CVE-2023-40606](CVE-2023/CVE-2023-406xx/CVE-2023-40606.json) (`2023-12-29T09:15:08.977`)
* [CVE-2023-45751](CVE-2023/CVE-2023-457xx/CVE-2023-45751.json) (`2023-12-29T09:15:09.197`)
* [CVE-2023-46623](CVE-2023/CVE-2023-466xx/CVE-2023-46623.json) (`2023-12-29T09:15:09.410`)
* [CVE-2023-47840](CVE-2023/CVE-2023-478xx/CVE-2023-47840.json) (`2023-12-29T09:15:09.637`)
* [CVE-2023-7166](CVE-2023/CVE-2023-71xx/CVE-2023-7166.json) (`2023-12-29T09:15:09.973`)
* [CVE-2023-28786](CVE-2023/CVE-2023-287xx/CVE-2023-28786.json) (`2023-12-29T10:15:08.973`)
* [CVE-2023-31095](CVE-2023/CVE-2023-310xx/CVE-2023-31095.json) (`2023-12-29T10:15:09.260`)
* [CVE-2023-31229](CVE-2023/CVE-2023-312xx/CVE-2023-31229.json) (`2023-12-29T10:15:09.490`)
* [CVE-2023-31237](CVE-2023/CVE-2023-312xx/CVE-2023-31237.json) (`2023-12-29T10:15:09.813`)
* [CVE-2023-32101](CVE-2023/CVE-2023-321xx/CVE-2023-32101.json) (`2023-12-29T10:15:10.080`)
* [CVE-2023-32517](CVE-2023/CVE-2023-325xx/CVE-2023-32517.json) (`2023-12-29T10:15:10.390`)
* [CVE-2023-49830](CVE-2023/CVE-2023-498xx/CVE-2023-49830.json) (`2023-12-29T10:15:10.783`)
* [CVE-2023-4462](CVE-2023/CVE-2023-44xx/CVE-2023-4462.json) (`2023-12-29T10:15:11.100`)
* [CVE-2023-4463](CVE-2023/CVE-2023-44xx/CVE-2023-4463.json) (`2023-12-29T10:15:11.413`)
* [CVE-2023-4464](CVE-2023/CVE-2023-44xx/CVE-2023-4464.json) (`2023-12-29T10:15:11.750`)
* [CVE-2023-4465](CVE-2023/CVE-2023-44xx/CVE-2023-4465.json) (`2023-12-29T10:15:12.133`)
* [CVE-2023-4466](CVE-2023/CVE-2023-44xx/CVE-2023-4466.json) (`2023-12-29T10:15:12.470`)
* [CVE-2023-4467](CVE-2023/CVE-2023-44xx/CVE-2023-4467.json) (`2023-12-29T10:15:12.783`)
* [CVE-2023-4468](CVE-2023/CVE-2023-44xx/CVE-2023-4468.json) (`2023-12-29T10:15:13.140`)
* [CVE-2023-51420](CVE-2023/CVE-2023-514xx/CVE-2023-51420.json) (`2023-12-29T10:15:13.527`)
* [CVE-2023-7104](CVE-2023/CVE-2023-71xx/CVE-2023-7104.json) (`2023-12-29T10:15:13.890`)
### CVEs modified in the last Commit
Recently modified CVEs: `6`
Recently modified CVEs: `1`
* [CVE-2022-43391](CVE-2022/CVE-2022-433xx/CVE-2022-43391.json) (`2023-12-29T07:15:08.013`)
* [CVE-2022-43392](CVE-2022/CVE-2022-433xx/CVE-2022-43392.json) (`2023-12-29T07:15:09.660`)
* [CVE-2022-45854](CVE-2022/CVE-2022-458xx/CVE-2022-45854.json) (`2023-12-29T07:15:10.010`)
* [CVE-2023-27990](CVE-2023/CVE-2023-279xx/CVE-2023-27990.json) (`2023-12-29T07:15:10.510`)
* [CVE-2023-6228](CVE-2023/CVE-2023-62xx/CVE-2023-6228.json) (`2023-12-29T07:15:10.897`)
* [CVE-2023-43314](CVE-2023/CVE-2023-433xx/CVE-2023-43314.json) (`2023-12-29T08:15:36.570`)
* [CVE-2023-7152](CVE-2023/CVE-2023-71xx/CVE-2023-7152.json) (`2023-12-29T09:15:09.873`)
## Download and Usage