admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-16T06:00:35.231234+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-16 06:00:38 +00:00
parent 148a51b6a2
commit 9bed9e3ca3
4 changed files with 189 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
CVE-2023/CVE-2023-261xx/CVE-2023-26140.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-26140",
"sourceIdentifier": "report@snyk.io",
"published": "2023-08-16T05:15:09.810",
"lastModified": "2023-08-16T05:15:09.810",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://github.com/excalidraw/excalidraw/commit/b33fa6d6f64d27adc3a47b25c0aa55711740d0af",
"source": "report@snyk.io"
},
{
"url": "https://github.com/excalidraw/excalidraw/pull/6728",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-EXCALIDRAWEXCALIDRAW-5841658",
"source": "report@snyk.io"
}
]
}

67
CVE-2023/CVE-2023-39xx/CVE-2023-3958.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-3958",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-16T05:15:10.220",
"lastModified": "2023-08-16T05:15:10.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-remote-users-sync/trunk/inc/api/class-wprus-api-abstract.php#L674",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2946667/wp-remote-users-sync#file127",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2953845/wp-remote-users-sync#file0",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e78c759-4a54-4ee4-8eff-df91fe9dad46?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4374.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-4374",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-16T05:15:10.357",
"lastModified": "2023-08-16T05:15:10.357",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber privileges or above, to view logs."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-remote-users-sync/trunk/inc/class-wprus-logger.php#L117",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2946667/wp-remote-users-sync#file130",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e87cfc4-8e7c-47d6-80fc-9c293cdd8acb?source=cve",
"source": "security@wordfence.com"
}
]
}

24
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-16T04:00:30.518548+00:00
2023-08-16T06:00:35.231234+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-16T03:15:29.050000+00:00
2023-08-16T05:15:10.357000+00:00
```
### Last Data Feed Release
@ -29,30 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
222767
222770
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `3`
* [CVE-2023-26140](CVE-2023/CVE-2023-261xx/CVE-2023-26140.json) (`2023-08-16T05:15:09.810`)
* [CVE-2023-3958](CVE-2023/CVE-2023-39xx/CVE-2023-3958.json) (`2023-08-16T05:15:10.220`)
* [CVE-2023-4374](CVE-2023/CVE-2023-43xx/CVE-2023-4374.json) (`2023-08-16T05:15:10.357`)
### CVEs modified in the last Commit
Recently modified CVEs: `11`
Recently modified CVEs: `0`
* [CVE-2019-19921](CVE-2019/CVE-2019-199xx/CVE-2019-19921.json) (`2023-08-16T03:15:09.430`)
* [CVE-2022-40982](CVE-2022/CVE-2022-409xx/CVE-2022-40982.json) (`2023-08-16T03:15:11.310`)
* [CVE-2022-41804](CVE-2022/CVE-2022-418xx/CVE-2022-41804.json) (`2023-08-16T03:15:22.103`)
* [CVE-2023-0871](CVE-2023/CVE-2023-08xx/CVE-2023-0871.json) (`2023-08-16T03:15:25.313`)
* [CVE-2023-20569](CVE-2023/CVE-2023-205xx/CVE-2023-20569.json) (`2023-08-16T03:15:26.010`)
* [CVE-2023-23908](CVE-2023/CVE-2023-239xx/CVE-2023-23908.json) (`2023-08-16T03:15:26.350`)
* [CVE-2023-27561](CVE-2023/CVE-2023-275xx/CVE-2023-27561.json) (`2023-08-16T03:15:26.440`)
* [CVE-2023-32003](CVE-2023/CVE-2023-320xx/CVE-2023-32003.json) (`2023-08-16T03:15:28.467`)
* [CVE-2023-32004](CVE-2023/CVE-2023-320xx/CVE-2023-32004.json) (`2023-08-16T03:15:28.537`)
* [CVE-2023-32006](CVE-2023/CVE-2023-320xx/CVE-2023-32006.json) (`2023-08-16T03:15:28.987`)
* [CVE-2023-38559](CVE-2023/CVE-2023-385xx/CVE-2023-38559.json) (`2023-08-16T03:15:29.050`)
## Download and Usage