Auto-Update: 2023-11-18T03:00:18.251028+00:00

2025-05-08 11:37:26 +00:00 · 2023-11-18 03:00:22 +00:00 · 2023-11-18 03:00:22 +00:00 · a1ce2da08b
commit a1ce2da08b
parent c5fb3976ed
8 changed files with 193 additions and 44 deletions
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125085.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125085.json
@ -2,8 +2,8 @@
  "id": "CVE-2014-125085",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-02-06T00:15:08.913",
-  "lastModified": "2023-11-07T02:18:44.300",
-  "vulnStatus": "Undergoing Analysis",
+  "lastModified": "2023-11-18T02:50:01.100",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -33,7 +33,7 @@
        "impactScore": 5.9
      },
      {
-        "source": "1af790b2-7ee1-4545-860a-a788eba489b5",
+        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
@ -55,7 +55,7 @@
    ],
    "cvssMetricV2": [
      {
-        "source": "1af790b2-7ee1-4545-860a-a788eba489b5",
+        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "2.0",
@ -81,7 +81,7 @@
  },
  "weaknesses": [
    {
-      "source": "1af790b2-7ee1-4545-860a-a788eba489b5",
+      "source": "cna@vuldb.com",
      "type": "Primary",
      "description": [
        {
@ -138,6 +138,7 @@
      "url": "https://vuldb.com/?id.220206",
      "source": "cna@vuldb.com",
      "tags": [
+        "Permissions Required",
        "Third Party Advisory"
      ]
    }
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125086.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125086.json
@ -2,8 +2,8 @@
  "id": "CVE-2014-125086",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-02-06T04:15:07.927",
-  "lastModified": "2023-11-07T02:18:44.567",
-  "vulnStatus": "Undergoing Analysis",
+  "lastModified": "2023-11-18T02:50:38.637",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -33,7 +33,7 @@
        "impactScore": 5.9
      },
      {
-        "source": "1af790b2-7ee1-4545-860a-a788eba489b5",
+        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
@ -55,7 +55,7 @@
    ],
    "cvssMetricV2": [
      {
-        "source": "1af790b2-7ee1-4545-860a-a788eba489b5",
+        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "2.0",
@ -81,7 +81,7 @@
  },
  "weaknesses": [
    {
-      "source": "1af790b2-7ee1-4545-860a-a788eba489b5",
+      "source": "cna@vuldb.com",
      "type": "Primary",
      "description": [
        {
@ -138,6 +138,7 @@
      "url": "https://vuldb.com/?id.220207",
      "source": "cna@vuldb.com",
      "tags": [
+        "Permissions Required",
        "Third Party Advisory"
      ]
    }
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20151.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20151.json
@ -2,8 +2,8 @@
  "id": "CVE-2017-20151",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2022-12-30T12:15:08.730",
-  "lastModified": "2023-11-07T02:43:18.980",
-  "vulnStatus": "Undergoing Analysis",
+  "lastModified": "2023-11-18T02:49:16.017",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -33,7 +33,7 @@
        "impactScore": 5.9
      },
      {
-        "source": "1af790b2-7ee1-4545-860a-a788eba489b5",
+        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
@ -55,7 +55,7 @@
    ],
    "cvssMetricV2": [
      {
-        "source": "1af790b2-7ee1-4545-860a-a788eba489b5",
+        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "2.0",
@ -81,7 +81,7 @@
  },
  "weaknesses": [
    {
-      "source": "1af790b2-7ee1-4545-860a-a788eba489b5",
+      "source": "cna@vuldb.com",
      "type": "Primary",
      "description": [
        {
@ -100,8 +100,9 @@
          "cpeMatch": [
            {
              "vulnerable": true,
-              "criteria": "cpe:2.3:a:itextpdf:rups:-:*:*:*:*:*:*:*",
-              "matchCriteriaId": "308CE68A-A7F3-48FD-B0DE-DF71E6343537"
+              "criteria": "cpe:2.3:a:itextpdf:rups:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "2017-08-01",
+              "matchCriteriaId": "2D17FB6C-608B-4B37-96A0-2A56441BBF9E"
            }
          ]
        }
@ -113,8 +114,7 @@
      "url": "https://github.com/itext/rups/commit/ac5590925874ef810018a6b60fec216eee54fb32",
      "source": "cna@vuldb.com",
      "tags": [
-        "Patch",
-        "Third Party Advisory"
+        "Patch"
      ]
    },
    {
--- a/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json
+++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json
@ -2,8 +2,8 @@
  "id": "CVE-2022-30123",
  "sourceIdentifier": "support@hackerone.com",
  "published": "2022-12-05T22:15:10.280",
-  "lastModified": "2023-10-30T12:15:08.847",
-  "vulnStatus": "Undergoing Analysis",
+  "lastModified": "2023-11-18T02:44:55.907",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -86,6 +86,21 @@
          ]
        }
      ]
+    },
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+            }
+          ]
+        }
+      ]
    }
  ],
  "references": [
@ -98,11 +113,17 @@
    },
    {
      "url": "https://security.gentoo.org/glsa/202310-18",
-      "source": "support@hackerone.com"
+      "source": "support@hackerone.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
    },
    {
      "url": "https://www.debian.org/security/2023/dsa-5530",
-      "source": "support@hackerone.com"
+      "source": "support@hackerone.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-42xx/CVE-2023-4214.json
+++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4214.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-4214",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-11-18T02:15:49.040",
+  "lastModified": "2023-11-18T02:15:49.040",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_API_Limit.php?rev=2997182",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_WPAPI_Mods.php#L567",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2997160/apppresser",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-480xx/CVE-2023-48017.json
+++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48017.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-48017",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-18T02:15:47.780",
+  "lastModified": "2023-11-18T02:15:47.780",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/moonsabc123/dreamer_cms/blob/main/Add%20permissions%20to%20CSRF%20in%20Permission%20Management.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-61xx/CVE-2023-6187.json
+++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6187.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-6187",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-11-18T02:15:49.333",
+  "lastModified": "2023-11-18T02:15:49.333",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/tags/2.12.3/includes/fields.php#L564",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/fields.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/functions.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.paidmembershipspro.com/pmpro-update-2-12-4/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5979f2eb-2ca8-4b06-814c-c4236bb81af0?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-11-18T00:55:18.446950+00:00
+2023-11-18T03:00:18.251028+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-11-18T00:43:59.243000+00:00
+2023-11-18T02:50:38.637000+00:00
 ```

 ### Last Data Feed Release
@ -23,40 +23,32 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2023-11-17T01:00:13.542340+00:00
+2023-11-18T01:00:13.564547+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-231075
+231078
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `3`

-* [CVE-2023-43177](CVE-2023/CVE-2023-431xx/CVE-2023-43177.json) (`2023-11-18T00:15:07.073`)
-* [CVE-2023-44796](CVE-2023/CVE-2023-447xx/CVE-2023-44796.json) (`2023-11-18T00:15:07.133`)
-* [CVE-2023-46402](CVE-2023/CVE-2023-464xx/CVE-2023-46402.json) (`2023-11-18T00:15:07.183`)
-* [CVE-2023-48028](CVE-2023/CVE-2023-480xx/CVE-2023-48028.json) (`2023-11-18T00:15:07.233`)
+* [CVE-2023-48017](CVE-2023/CVE-2023-480xx/CVE-2023-48017.json) (`2023-11-18T02:15:47.780`)
+* [CVE-2023-4214](CVE-2023/CVE-2023-42xx/CVE-2023-4214.json) (`2023-11-18T02:15:49.040`)
+* [CVE-2023-6187](CVE-2023/CVE-2023-61xx/CVE-2023-6187.json) (`2023-11-18T02:15:49.333`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `11`
+Recently modified CVEs: `4`

-* [CVE-2019-11069](CVE-2019/CVE-2019-110xx/CVE-2019-11069.json) (`2023-11-17T23:15:07.300`)
-* [CVE-2023-44762](CVE-2023/CVE-2023-447xx/CVE-2023-44762.json) (`2023-11-17T23:15:07.467`)
-* [CVE-2023-25181](CVE-2023/CVE-2023-251xx/CVE-2023-25181.json) (`2023-11-17T23:37:18.410`)
-* [CVE-2023-46854](CVE-2023/CVE-2023-468xx/CVE-2023-46854.json) (`2023-11-17T23:41:07.083`)
-* [CVE-2023-27882](CVE-2023/CVE-2023-278xx/CVE-2023-27882.json) (`2023-11-17T23:41:49.673`)
-* [CVE-2023-28379](CVE-2023/CVE-2023-283xx/CVE-2023-28379.json) (`2023-11-17T23:43:37.683`)
-* [CVE-2023-43503](CVE-2023/CVE-2023-435xx/CVE-2023-43503.json) (`2023-11-17T23:54:12.197`)
-* [CVE-2023-43505](CVE-2023/CVE-2023-435xx/CVE-2023-43505.json) (`2023-11-18T00:02:39.100`)
-* [CVE-2023-43504](CVE-2023/CVE-2023-435xx/CVE-2023-43504.json) (`2023-11-18T00:05:08.397`)
-* [CVE-2023-41137](CVE-2023/CVE-2023-411xx/CVE-2023-41137.json) (`2023-11-18T00:12:58.673`)
-* [CVE-2023-41138](CVE-2023/CVE-2023-411xx/CVE-2023-41138.json) (`2023-11-18T00:43:59.243`)
+* [CVE-2014-125085](CVE-2014/CVE-2014-1250xx/CVE-2014-125085.json) (`2023-11-18T02:50:01.100`)
+* [CVE-2014-125086](CVE-2014/CVE-2014-1250xx/CVE-2014-125086.json) (`2023-11-18T02:50:38.637`)
+* [CVE-2017-20151](CVE-2017/CVE-2017-201xx/CVE-2017-20151.json) (`2023-11-18T02:49:16.017`)
+* [CVE-2022-30123](CVE-2022/CVE-2022-301xx/CVE-2022-30123.json) (`2023-11-18T02:44:55.907`)


 ## Download and Usage