admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-02 03:31:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-14T06:00:29.143983+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-14 06:00:32 +00:00
parent 719d27a7c9
commit a667b6cebf
5 changed files with 210 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
CVE-2023/CVE-2023-20xx/CVE-2023-2082.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-2082",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-14T05:15:09.397",
"lastModified": "2023-07-14T05:15:09.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The \"Buy Me a Coffee \u2013 Button and Widget Plugin\" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the 'text value set via the bmc_post_reception action. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to inject arbitrary web scripts into pages that execute whenever a victim accesses a page with the injected scripts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/buymeacoffee/trunk/admin/class-buy-me-a-coffee-admin.php?rev=2816542",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/buymeacoffee/trunk/includes/class-buy-me-a-coffee.php?rev=2319979#L162",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fbuymeacoffee%2Ftags%2F3.6&old=2922493&new_path=%2Fbuymeacoffee%2Ftags%2F3.7&new=2922493&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed9f8948-085b-4ac5-befd-c70085aa23cd?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-35xx/CVE-2023-3513.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3513",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-07-14T05:15:09.683",
"lastModified": "2023-07-14T05:15:09.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to\u00a0gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
},
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://starlabs.sg/advisories/23/23-3513/",
"source": "info@starlabs.sg"
}
]
}

55
CVE-2023/CVE-2023-35xx/CVE-2023-3514.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3514",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-07-14T05:15:09.763",
"lastModified": "2023-07-14T05:15:09.763",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling \"AddModule\" or \"UninstallModules\" command to execute arbitrary executable file.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@starlabs.sg",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://starlabs.sg/advisories/23/23-3514/",
"source": "info@starlabs.sg"
}
]
}

20
CVE-2023/CVE-2023-382xx/CVE-2023-38286.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38286",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-14T05:15:09.627",
"lastModified": "2023-07-14T05:15:09.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/p1n93r/SpringBootAdmin-thymeleaf-SSTI",
"source": "cve@mitre.org"
}
]
}

16
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-14T04:00:45.425861+00:00
2023-07-14T06:00:29.143983+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-14T03:15:08.927000+00:00
2023-07-14T05:15:09.763000+00:00
```
### Last Data Feed Release
@ -29,21 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
220292
220296
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `4`
* [CVE-2023-2082](CVE-2023/CVE-2023-20xx/CVE-2023-2082.json) (`2023-07-14T05:15:09.397`)
* [CVE-2023-38286](CVE-2023/CVE-2023-382xx/CVE-2023-38286.json) (`2023-07-14T05:15:09.627`)
* [CVE-2023-3513](CVE-2023/CVE-2023-35xx/CVE-2023-3513.json) (`2023-07-14T05:15:09.683`)
* [CVE-2023-3514](CVE-2023/CVE-2023-35xx/CVE-2023-3514.json) (`2023-07-14T05:15:09.763`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `0`
* [CVE-2022-33324](CVE-2022/CVE-2022-333xx/CVE-2022-33324.json) (`2023-07-14T03:15:08.740`)
* [CVE-2023-34241](CVE-2023/CVE-2023-342xx/CVE-2023-34241.json) (`2023-07-14T03:15:08.927`)
## Download and Usage