Auto-Update: 2023-08-30T22:00:25.530491+00:00

2025-05-08 19:47:09 +00:00 · 2023-08-30 22:00:28 +00:00 · 2023-08-30 22:00:28 +00:00 · 9ded29afbb
commit 9ded29afbb
parent 82269187cb
5 changed files with 243 additions and 32 deletions
--- a/CVE-2023/CVE-2023-314xx/CVE-2023-31447.json
+++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31447.json
@ -2,23 +2,121 @@
  "id": "CVE-2023-31447",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-08-21T17:15:46.847",
-  "lastModified": "2023-08-21T18:35:09.707",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-08-30T20:50:40.443",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code."
    }
  ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "NVD-CWE-noinfo"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "operator": "AND",
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "3.9.8.4",
+              "matchCriteriaId": "D18E724C-1F47-4EAD-81DB-EF77A5062CBD"
+            }
+          ]
+        },
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": false,
+              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
+              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "operator": "AND",
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:draytek:vigor2625_firmware:*:*:*:*:*:*:*:*",
+              "matchCriteriaId": "7266D30A-F72B-417F-A9FC-AA13568F5BE3"
+            }
+          ]
+        },
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": false,
+              "criteria": "cpe:2.3:h:draytek:vigor2625:-:*:*:*:*:*:*:*",
+              "matchCriteriaId": "4847017B-E2E6-428E-BB7E-B73563C89F3D"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://draytek.com",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Product"
+      ]
    },
    {
      "url": "https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-325xx/CVE-2023-32576.json
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32576.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-32576",
  "sourceIdentifier": "audit@patchstack.com",
  "published": "2023-08-25T09:15:08.477",
-  "lastModified": "2023-08-25T12:47:00.750",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-08-30T20:13:14.280",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -12,6 +12,26 @@
  ],
  "metrics": {
    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
+      },
      {
        "source": "audit@patchstack.com",
        "type": "Secondary",
@ -46,10 +66,31 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:plainwaire:locatoraid_store_locator:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "3.9.18",
+              "matchCriteriaId": "945CC7D3-F26E-4DFB-952E-674CE799D35D"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://patchstack.com/database/vulnerability/locatoraid/wordpress-locatoraid-store-locator-plugin-3-9-18-cross-site-scripting-xss-vulnerability?_s_id=cve",
-      "source": "audit@patchstack.com"
+      "source": "audit@patchstack.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-325xx/CVE-2023-32577.json
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32577.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-32577",
  "sourceIdentifier": "audit@patchstack.com",
  "published": "2023-08-25T09:15:08.573",
-  "lastModified": "2023-08-25T12:47:00.750",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-08-30T20:26:42.030",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -12,6 +12,26 @@
  ],
  "metrics": {
    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 2.7
+      },
      {
        "source": "audit@patchstack.com",
        "type": "Secondary",
@ -46,10 +66,31 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:devbuddy:twitter_feed:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "4.0.0",
+              "matchCriteriaId": "55D5FF81-399A-4E88-AA7A-2C3671D2A343"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://patchstack.com/database/vulnerability/devbuddy-twitter-feed/wordpress-devbuddy-twitter-feed-plugin-4-0-0-cross-site-scripting-xss?_s_id=cve",
-      "source": "audit@patchstack.com"
+      "source": "audit@patchstack.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32755.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32755.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-32755",
  "sourceIdentifier": "twcert@cert.org.tw",
  "published": "2023-08-25T07:15:08.273",
-  "lastModified": "2023-08-25T12:47:05.410",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-08-30T20:10:09.263",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -13,7 +13,7 @@
  "metrics": {
    "cvssMetricV31": [
      {
-        "source": "twcert@cert.org.tw",
+        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
@ -31,6 +31,26 @@
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
+      },
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
      }
    ]
  },
@ -46,10 +66,30 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:edetw:u-office_force:20.0.7668d:*:*:*:*:*:*:*",
+              "matchCriteriaId": "E126F0A9-0B99-408C-84B9-9326613FF6FF"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://www.twcert.org.tw/tw/cp-132-7328-d4112-1.html",
-      "source": "twcert@cert.org.tw"
+      "source": "twcert@cert.org.tw",
+      "tags": [
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-08-30T20:00:24.280143+00:00
+2023-08-30T22:00:25.530491+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-08-30T19:50:45.640000+00:00
+2023-08-30T20:50:40.443000+00:00
 ```

 ### Last Data Feed Release
@ -34,27 +34,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `0`

-* [CVE-2023-36811](CVE-2023/CVE-2023-368xx/CVE-2023-36811.json) (`2023-08-30T18:15:09.487`)
-* [CVE-2023-40184](CVE-2023/CVE-2023-401xx/CVE-2023-40184.json) (`2023-08-30T18:15:09.690`)
-* [CVE-2023-40582](CVE-2023/CVE-2023-405xx/CVE-2023-40582.json) (`2023-08-30T18:15:09.783`)
-* [CVE-2023-41039](CVE-2023/CVE-2023-410xx/CVE-2023-41039.json) (`2023-08-30T18:15:09.880`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `9`
+Recently modified CVEs: `4`

-* [CVE-2022-43358](CVE-2022/CVE-2022-433xx/CVE-2022-43358.json) (`2023-08-30T19:34:51.023`)
-* [CVE-2023-32077](CVE-2023/CVE-2023-320xx/CVE-2023-32077.json) (`2023-08-30T18:18:07.060`)
-* [CVE-2023-38508](CVE-2023/CVE-2023-385xx/CVE-2023-38508.json) (`2023-08-30T18:23:27.400`)
-* [CVE-2023-32079](CVE-2023/CVE-2023-320xx/CVE-2023-32079.json) (`2023-08-30T18:34:12.660`)
-* [CVE-2023-40179](CVE-2023/CVE-2023-401xx/CVE-2023-40179.json) (`2023-08-30T18:41:19.897`)
-* [CVE-2023-39700](CVE-2023/CVE-2023-397xx/CVE-2023-39700.json) (`2023-08-30T19:08:43.877`)
-* [CVE-2023-39699](CVE-2023/CVE-2023-396xx/CVE-2023-39699.json) (`2023-08-30T19:18:36.570`)
-* [CVE-2023-4520](CVE-2023/CVE-2023-45xx/CVE-2023-4520.json) (`2023-08-30T19:46:28.673`)
-* [CVE-2023-40022](CVE-2023/CVE-2023-400xx/CVE-2023-40022.json) (`2023-08-30T19:50:45.640`)
+* [CVE-2023-32755](CVE-2023/CVE-2023-327xx/CVE-2023-32755.json) (`2023-08-30T20:10:09.263`)
+* [CVE-2023-32576](CVE-2023/CVE-2023-325xx/CVE-2023-32576.json) (`2023-08-30T20:13:14.280`)
+* [CVE-2023-32577](CVE-2023/CVE-2023-325xx/CVE-2023-32577.json) (`2023-08-30T20:26:42.030`)
+* [CVE-2023-31447](CVE-2023/CVE-2023-314xx/CVE-2023-31447.json) (`2023-08-30T20:50:40.443`)


 ## Download and Usage