admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-18T03:00:18.251028+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-18 03:00:22 +00:00
parent c5fb3976ed
commit a1ce2da08b
8 changed files with 193 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
CVE-2014/CVE-2014-1250xx/CVE-2014-125085.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-125085",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-06T00:15:08.913",
"lastModified": "2023-11-07T02:18:44.300",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-18T02:50:01.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -138,6 +138,7 @@
"url": "https://vuldb.com/?id.220206",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}

11
CVE-2014/CVE-2014-1250xx/CVE-2014-125086.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-125086",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-06T04:15:07.927",
"lastModified": "2023-11-07T02:18:44.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-18T02:50:38.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -138,6 +138,7 @@
"url": "https://vuldb.com/?id.220207",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}

18
CVE-2017/CVE-2017-201xx/CVE-2017-20151.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-20151",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-30T12:15:08.730",
"lastModified": "2023-11-07T02:43:18.980",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-18T02:49:16.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -100,8 +100,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:itextpdf:rups:-:*:*:*:*:*:*:*",
"matchCriteriaId": "308CE68A-A7F3-48FD-B0DE-DF71E6343537"
"criteria": "cpe:2.3:a:itextpdf:rups:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2017-08-01",
"matchCriteriaId": "2D17FB6C-608B-4B37-96A0-2A56441BBF9E"
}
]
}
@ -113,8 +114,7 @@
"url": "https://github.com/itext/rups/commit/ac5590925874ef810018a6b60fec216eee54fb32",
"source": "cna@vuldb.com",
"tags": [
"Patch",
"Third Party Advisory"
"Patch"
]
},
{

29
CVE-2022/CVE-2022-301xx/CVE-2022-30123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-30123",
"sourceIdentifier": "support@hackerone.com",
"published": "2022-12-05T22:15:10.280",
"lastModified": "2023-10-30T12:15:08.847",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-11-18T02:44:55.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -86,6 +86,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
@ -98,11 +113,17 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-18",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5530",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-42xx/CVE-2023-4214.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4214",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-18T02:15:49.040",
"lastModified": "2023-11-18T02:15:49.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_API_Limit.php?rev=2997182",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_WPAPI_Mods.php#L567",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2997160/apppresser",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=cve",
"source": "security@wordfence.com"
}
]
}

20
CVE-2023/CVE-2023-480xx/CVE-2023-48017.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48017",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-18T02:15:47.780",
"lastModified": "2023-11-18T02:15:47.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/moonsabc123/dreamer_cms/blob/main/Add%20permissions%20to%20CSRF%20in%20Permission%20Management.md",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-61xx/CVE-2023-6187.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6187",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-18T02:15:49.333",
"lastModified": "2023-11-18T02:15:49.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/tags/2.12.3/includes/fields.php#L564",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/fields.php",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/functions.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.paidmembershipspro.com/pmpro-update-2-12-4/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5979f2eb-2ca8-4b06-814c-c4236bb81af0?source=cve",
"source": "security@wordfence.com"
}
]
}

34
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-18T00:55:18.446950+00:00
2023-11-18T03:00:18.251028+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-18T00:43:59.243000+00:00
2023-11-18T02:50:38.637000+00:00
```
### Last Data Feed Release
@ -23,40 +23,32 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-11-17T01:00:13.542340+00:00
2023-11-18T01:00:13.564547+00:00
```
### Total Number of included CVEs
```plain
231075
231078
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `3`
* [CVE-2023-43177](CVE-2023/CVE-2023-431xx/CVE-2023-43177.json) (`2023-11-18T00:15:07.073`)
* [CVE-2023-44796](CVE-2023/CVE-2023-447xx/CVE-2023-44796.json) (`2023-11-18T00:15:07.133`)
* [CVE-2023-46402](CVE-2023/CVE-2023-464xx/CVE-2023-46402.json) (`2023-11-18T00:15:07.183`)
* [CVE-2023-48028](CVE-2023/CVE-2023-480xx/CVE-2023-48028.json) (`2023-11-18T00:15:07.233`)
* [CVE-2023-48017](CVE-2023/CVE-2023-480xx/CVE-2023-48017.json) (`2023-11-18T02:15:47.780`)
* [CVE-2023-4214](CVE-2023/CVE-2023-42xx/CVE-2023-4214.json) (`2023-11-18T02:15:49.040`)
* [CVE-2023-6187](CVE-2023/CVE-2023-61xx/CVE-2023-6187.json) (`2023-11-18T02:15:49.333`)
### CVEs modified in the last Commit
Recently modified CVEs: `11`
Recently modified CVEs: `4`
* [CVE-2019-11069](CVE-2019/CVE-2019-110xx/CVE-2019-11069.json) (`2023-11-17T23:15:07.300`)
* [CVE-2023-44762](CVE-2023/CVE-2023-447xx/CVE-2023-44762.json) (`2023-11-17T23:15:07.467`)
* [CVE-2023-25181](CVE-2023/CVE-2023-251xx/CVE-2023-25181.json) (`2023-11-17T23:37:18.410`)
* [CVE-2023-46854](CVE-2023/CVE-2023-468xx/CVE-2023-46854.json) (`2023-11-17T23:41:07.083`)
* [CVE-2023-27882](CVE-2023/CVE-2023-278xx/CVE-2023-27882.json) (`2023-11-17T23:41:49.673`)
* [CVE-2023-28379](CVE-2023/CVE-2023-283xx/CVE-2023-28379.json) (`2023-11-17T23:43:37.683`)
* [CVE-2023-43503](CVE-2023/CVE-2023-435xx/CVE-2023-43503.json) (`2023-11-17T23:54:12.197`)
* [CVE-2023-43505](CVE-2023/CVE-2023-435xx/CVE-2023-43505.json) (`2023-11-18T00:02:39.100`)
* [CVE-2023-43504](CVE-2023/CVE-2023-435xx/CVE-2023-43504.json) (`2023-11-18T00:05:08.397`)
* [CVE-2023-41137](CVE-2023/CVE-2023-411xx/CVE-2023-41137.json) (`2023-11-18T00:12:58.673`)
* [CVE-2023-41138](CVE-2023/CVE-2023-411xx/CVE-2023-41138.json) (`2023-11-18T00:43:59.243`)
* [CVE-2014-125085](CVE-2014/CVE-2014-1250xx/CVE-2014-125085.json) (`2023-11-18T02:50:01.100`)
* [CVE-2014-125086](CVE-2014/CVE-2014-1250xx/CVE-2014-125086.json) (`2023-11-18T02:50:38.637`)
* [CVE-2017-20151](CVE-2017/CVE-2017-201xx/CVE-2017-20151.json) (`2023-11-18T02:49:16.017`)
* [CVE-2022-30123](CVE-2022/CVE-2022-301xx/CVE-2022-30123.json) (`2023-11-18T02:44:55.907`)
## Download and Usage