From a80f2166452489b23cf25f45aa9f260bdcbe04a1 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 22 Aug 2023 02:00:33 +0000 Subject: [PATCH] Auto-Update: 2023-08-22T02:00:29.579652+00:00 --- CVE-2022/CVE-2022-428xx/CVE-2022-42828.json | 72 +++++++++++++++- CVE-2023/CVE-2023-232xx/CVE-2023-23208.json | 81 ++++++++++++++++- CVE-2023/CVE-2023-265xx/CVE-2023-26530.json | 47 +++++++++- CVE-2023/CVE-2023-285xx/CVE-2023-28533.json | 47 +++++++++- CVE-2023/CVE-2023-286xx/CVE-2023-28622.json | 47 +++++++++- CVE-2023/CVE-2023-286xx/CVE-2023-28693.json | 47 +++++++++- CVE-2023/CVE-2023-287xx/CVE-2023-28783.json | 47 +++++++++- CVE-2023/CVE-2023-304xx/CVE-2023-30498.json | 47 +++++++++- CVE-2023/CVE-2023-307xx/CVE-2023-30747.json | 47 +++++++++- CVE-2023/CVE-2023-307xx/CVE-2023-30778.json | 47 +++++++++- CVE-2023/CVE-2023-308xx/CVE-2023-30874.json | 59 ++++++++++++- CVE-2023/CVE-2023-308xx/CVE-2023-30876.json | 47 +++++++++- CVE-2023/CVE-2023-308xx/CVE-2023-30877.json | 47 +++++++++- CVE-2023/CVE-2023-310xx/CVE-2023-31071.json | 47 +++++++++- CVE-2023/CVE-2023-310xx/CVE-2023-31074.json | 47 +++++++++- CVE-2023/CVE-2023-310xx/CVE-2023-31076.json | 59 ++++++++++++- CVE-2023/CVE-2023-310xx/CVE-2023-31079.json | 59 ++++++++++++- CVE-2023/CVE-2023-310xx/CVE-2023-31091.json | 47 +++++++++- CVE-2023/CVE-2023-320xx/CVE-2023-32003.json | 96 +++++++++++++++++++-- CVE-2023/CVE-2023-356xx/CVE-2023-35689.json | 68 ++++++++++++++- CVE-2023/CVE-2023-388xx/CVE-2023-38838.json | 77 +++++++++++++++-- CVE-2023/CVE-2023-388xx/CVE-2023-38890.json | 64 +++++++++++++- CVE-2023/CVE-2023-389xx/CVE-2023-38906.json | 24 ++++++ CVE-2023/CVE-2023-389xx/CVE-2023-38908.json | 28 ++++++ CVE-2023/CVE-2023-389xx/CVE-2023-38909.json | 28 ++++++ CVE-2023/CVE-2023-389xx/CVE-2023-38910.json | 64 +++++++++++++- CVE-2023/CVE-2023-389xx/CVE-2023-38911.json | 64 +++++++++++++- CVE-2023/CVE-2023-398xx/CVE-2023-39846.json | 64 +++++++++++++- CVE-2023/CVE-2023-405xx/CVE-2023-40518.json | 69 +++++++++++++-- CVE-2023/CVE-2023-42xx/CVE-2023-4293.json | 60 +++++++++++-- CVE-2023/CVE-2023-43xx/CVE-2023-4347.json | 55 +++++++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4395.json | 56 +++++++++++- CVE-2023/CVE-2023-44xx/CVE-2023-4422.json | 54 +++++++++++- README.md | 43 ++++++--- 34 files changed, 1731 insertions(+), 124 deletions(-) create mode 100644 CVE-2023/CVE-2023-389xx/CVE-2023-38906.json create mode 100644 CVE-2023/CVE-2023-389xx/CVE-2023-38908.json create mode 100644 CVE-2023/CVE-2023-389xx/CVE-2023-38909.json diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42828.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42828.json index 9341690cd08..2633cba2d72 100644 --- a/CVE-2022/CVE-2022-428xx/CVE-2022-42828.json +++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42828.json @@ -2,19 +2,83 @@ "id": "CVE-2022-42828", "sourceIdentifier": "product-security@apple.com", "published": "2023-08-14T23:15:10.170", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T01:46:32.393", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndIncluding": "9.0", + "matchCriteriaId": "0A960726-1CF4-4E71-A1F7-2EA775D02DAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0", + "versionEndExcluding": "13.0", + "matchCriteriaId": "2A54F5E4-E3E1-4F25-BDD8-64E0BDA06BE9" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213488", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-232xx/CVE-2023-23208.json b/CVE-2023/CVE-2023-232xx/CVE-2023-23208.json index 63200e030c2..a865ddf5741 100644 --- a/CVE-2023/CVE-2023-232xx/CVE-2023-23208.json +++ b/CVE-2023/CVE-2023-232xx/CVE-2023-23208.json @@ -2,19 +2,92 @@ "id": "CVE-2023-23208", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-13T21:15:09.067", - "lastModified": "2023-08-14T00:36:52.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T01:00:04.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:genesys:administrator_extension:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.0.105.15", + "matchCriteriaId": "3F260119-DC45-4226-9A49-97C708A83492" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.genesys.com/Documentation/RN/9.0.x/gax90rn/gax9010515", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26530.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26530.json index 34557d58aa3..9929026e639 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26530.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26530.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26530", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-17T11:15:21.150", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:56:35.657", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:updraftplus:updraft:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.6.1", + "matchCriteriaId": "69C5C269-C38A-44B6-9813-4BE0098ED606" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/updraft/wordpress-updraft-plugin-0-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28533.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28533.json index 52ebe7397ef..251b5f9ccde 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28533.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28533.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28533", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-17T09:15:10.287", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:55:00.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nimbus:cab_grid:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.15", + "matchCriteriaId": "842E3366-6A0E-4E6A-A549-E4EBE3D1BF3B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cab-grid/wordpress-cab-grid-plugin-1-5-15-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28622.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28622.json index 7dbfc0c7698..91a0bae1732 100644 --- a/CVE-2023/CVE-2023-286xx/CVE-2023-28622.json +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28622.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28622", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-17T09:15:11.520", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:55:23.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tridenttechnolabs:easy_slider_revolution:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.0", + "matchCriteriaId": "7E02BC83-B51A-44B4-BD77-4972A6610807" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/easy-slider-revolution/wordpress-easy-slider-revolution-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28693.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28693.json index f6916daf564..c00cd8c1d43 100644 --- a/CVE-2023/CVE-2023-286xx/CVE-2023-28693.json +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28693.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28693", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-17T15:15:09.253", - "lastModified": "2023-08-17T16:20:42.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:57:12.023", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:balasahebbhise:advanced_youtube_channel_pagination:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0", + "matchCriteriaId": "89995659-C23B-43D8-90C8-1B4FC1C1C210" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/advanced-youtube-channel-pagination/wordpress-advanced-youtube-channel-pagination-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28783.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28783.json index 90b17643d48..03f3eb00a09 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28783.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28783.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28783", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-17T15:15:09.437", - "lastModified": "2023-08-17T16:20:42.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:57:19.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpradar:woocommerce_tip\\/donation:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2", + "matchCriteriaId": "1C52ADE2-1683-43A1-9FD4-28E8E09C9659" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woo-tipdonation/wordpress-woocommerce-tip-donation-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30498.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30498.json index 96b9aec041a..3976b9144b9 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30498.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30498.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30498", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-15T13:15:09.637", - "lastModified": "2023-08-15T16:06:01.557", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T01:42:12.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeflavors:vimeotheque:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.2.1", + "matchCriteriaId": "DA1BA212-DFE8-49D1-8D20-A5AD433F734A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/codeflavors-vimeo-video-post-lite/wordpress-vimeotheque-plugin-2-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30747.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30747.json index 67b70e1ab45..5fc798d8e7b 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30747.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30747.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30747", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-15T13:15:09.740", - "lastModified": "2023-08-15T16:06:01.557", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T01:47:46.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpgem:woocommerce_easy_duplicate_product:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.3.0.0", + "matchCriteriaId": "E374F1F4-846D-4A50-8835-486226E429D2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woo-easy-duplicate-product/wordpress-woocommerce-easy-duplicate-product-plugin-0-3-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30778.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30778.json index 1656c5625b5..101014ecc02 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30778.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30778.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30778", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-15T13:15:09.847", - "lastModified": "2023-08-15T16:06:01.557", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T01:58:46.843", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "10.0.1", + "matchCriteriaId": "ACF95F15-E5FB-4622-8BC8-4CAB1E1495E9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-10-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30874.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30874.json index c3a82c973eb..700739da3c5 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30874.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30874.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30874", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-17T09:15:11.790", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:55:37.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stpetedesign:gps_plotter:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.1.4", + "matchCriteriaId": "C1A28B3C-6316-4188-A9EA-EF690CA6F1CA" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/gps-plotter/wordpress-gps-plotter-plugin-5-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30876.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30876.json index c60377ac537..a4d62bab6c8 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30876.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30876.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30876", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-17T09:15:12.050", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:55:49.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:davidmichaelross:dave\\'s_wordpress_live_search:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.8.1", + "matchCriteriaId": "3CCB76D3-37FE-460D-A81B-5E5993F731CC" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/daves-wordpress-live-search/wordpress-dave-s-wordpress-live-search-plugin-4-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30877.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30877.json index a3bdea82e90..86ee54ed9fa 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30877.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30877.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30877", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-17T09:15:12.267", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:56:01.303", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:icopydoc:xml_for_google_merchant_center:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.0.1", + "matchCriteriaId": "3C9E6AFE-3DC3-4F26-AEEC-E2A224826962" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/xml-for-google-merchant-center/wordpress-xml-for-google-merchant-center-plugin-3-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31071.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31071.json index ffe47185a94..a2869e4f11a 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31071.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31071.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31071", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-17T09:15:12.430", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:56:09.750", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ylefebvre:modal_dialog:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.5.14", + "matchCriteriaId": "0DA3E225-4666-4668-837F-8430C6D7DCD8" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/modal-dialog/wordpress-modal-dialog-plugin-3-5-14-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31074.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31074.json index 552464112ec..381cb0d829a 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31074.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31074.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31074", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-17T11:15:23.510", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:56:44.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hupe13:extensions_for_leaflet_map:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.4.1", + "matchCriteriaId": "E85B8B6C-4274-4D86-BE20-75A043FDE773" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/extensions-leaflet-map/wordpress-extensions-for-leaflet-map-plugin-3-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31076.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31076.json index 439a5e2d580..c9c3d7ba47f 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31076.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31076.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31076", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-17T09:15:12.617", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:56:19.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:really-simple-plugins:recipe_maker_for_your_food_blog_from_zip_recipes:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "8.0.6", + "matchCriteriaId": "C2F301FE-27E8-4059-9404-7EFED5E66D8C" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/zip-recipes/wordpress-recipe-maker-for-your-food-blog-from-zip-recipes-plugin-8-0-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31079.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31079.json index b9a729c3c6c..da7e0da14ad 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31079.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31079.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31079", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-17T15:15:09.623", - "lastModified": "2023-08-17T16:20:42.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:57:29.870", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:thechrisroberts:tippy:*:*:*:*:*:jquery:*:*", + "versionEndIncluding": "6.2.1", + "matchCriteriaId": "0FC50441-16A5-4732-9E48-FE6FB1C822A5" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/tippy/wordpress-tippy-plugin-6-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31091.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31091.json index 6fcff416c2b..a880722d9fe 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31091.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31091.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31091", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-17T11:15:23.607", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:56:52.430", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pradeepsinghweb:dynamically_register_sidebars:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.1", + "matchCriteriaId": "A01612B0-23BE-4F13-9DA3-97D12139714B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/dynamically-register-sidebars/wordpress-dynamically-register-sidebars-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32003.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32003.json index 5b4819b9b96..d21fa85e1fe 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32003.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32003.json @@ -2,27 +2,111 @@ "id": "CVE-2023-32003", "sourceIdentifier": "support@hackerone.com", "published": "2023-08-15T16:15:10.970", - "lastModified": "2023-08-19T03:15:21.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T01:55:13.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", + "versionEndIncluding": "20.5.0", + "matchCriteriaId": "C643F785-3B58-442C-802A-5ED5D5D6566A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://hackerone.com/reports/2037887", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35689.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35689.json index 70dbe3f8e24..6ecb075bb65 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35689.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35689.json @@ -2,19 +2,79 @@ "id": "CVE-2023-35689", "sourceIdentifier": "security@android.com", "published": "2023-08-14T22:15:14.007", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T01:10:41.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1188" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*", + "matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/wear/2023-08-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38838.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38838.json index 7ecaf255971..def1f6e891c 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38838.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38838.json @@ -2,27 +2,92 @@ "id": "CVE-2023-38838", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-17T12:15:09.430", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:57:04.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via the edit.php component." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kiduswb:minimati:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A575DAD7-D7E3-4AEE-A923-00E3A1645E0E" + } + ] + } + ] + } + ], "references": [ { "url": "http://kidus.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Not Applicable" + ] }, { "url": "http://minimati.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Not Applicable" + ] }, { "url": "https://github.com/kiduswb/minimati/issues/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38890.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38890.json index ab5d41f4fee..30bcf5b0cad 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38890.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38890.json @@ -2,19 +2,75 @@ "id": "CVE-2023-38890", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-18T19:15:12.690", - "lastModified": "2023-08-18T20:11:33.760", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:57:39.623", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FB1E6D97-0FC4-4C44-B15C-B75096D2D52A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/akshadjoshi/CVE-2023-38890", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38906.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38906.json new file mode 100644 index 00000000000..c595af7f714 --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38906.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38906", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-22T00:15:07.920", + "lastModified": "2023-08-22T00:15:07.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://arxiv.org/abs/2308.09019", + "source": "cve@mitre.org" + }, + { + "url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38908.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38908.json new file mode 100644 index 00000000000..3b10df6fafa --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38908.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-38908", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-22T01:15:08.153", + "lastModified": "2023-08-22T01:15:08.153", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://arxiv.org/abs/2308.09019", + "source": "cve@mitre.org" + }, + { + "url": "https://arxiv.org/pdf/2308.09019.pdf", + "source": "cve@mitre.org" + }, + { + "url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38909.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38909.json new file mode 100644 index 00000000000..9181cdff857 --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38909.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-38909", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-22T01:15:08.537", + "lastModified": "2023-08-22T01:15:08.537", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://arxiv.org/abs/2308.09019", + "source": "cve@mitre.org" + }, + { + "url": "https://arxiv.org/pdf/2308.09019.pdf", + "source": "cve@mitre.org" + }, + { + "url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38910.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38910.json index 964b6623486..d558f1222a5 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38910.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38910.json @@ -2,19 +2,75 @@ "id": "CVE-2023-38910", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-18T19:15:13.023", - "lastModified": "2023-08-21T12:15:08.657", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-22T00:58:18.610", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cszcms:csz_cms:1.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B83DE2F9-E5FF-4A78-A40C-AB8CFF373992" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/desencrypt/CVE/blob/main/CVE-2023-38910/Readme.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38911.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38911.json index ec7295e9e03..aea135e6c8a 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38911.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38911.json @@ -2,19 +2,75 @@ "id": "CVE-2023-38911", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-18T19:15:13.113", - "lastModified": "2023-08-21T12:15:09.120", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-22T00:58:46.030", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cszcms:csz_cms:1.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B83DE2F9-E5FF-4A78-A40C-AB8CFF373992" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/desencrypt/CVE/blob/main/CVE-2023-38911/Readme.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-398xx/CVE-2023-39846.json b/CVE-2023/CVE-2023-398xx/CVE-2023-39846.json index 6af9d6be664..e3202e21988 100644 --- a/CVE-2023/CVE-2023-398xx/CVE-2023-39846.json +++ b/CVE-2023/CVE-2023-398xx/CVE-2023-39846.json @@ -2,19 +2,75 @@ "id": "CVE-2023-39846", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-16T22:15:13.450", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:54:50.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pantsel:konga:0.14.9:*:*:*:*:*:*:*", + "matchCriteriaId": "015DA2E8-EF52-40A2-A12B-5331CD93A2A5" + } + ] + } + ] + } + ], "references": [ { "url": "https://abyssaler.github.io/post/konga%20Unauthorized%20access", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40518.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40518.json index 69ee728de66..11cab4db41a 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40518.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40518.json @@ -2,23 +2,82 @@ "id": "CVE-2023-40518", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-14T22:15:14.327", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T01:16:07.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.7.18", + "matchCriteriaId": "167DAFC3-54C7-448A-A205-86FA8EB0EE09" + } + ] + } + ] + } + ], "references": [ { "url": "https://openlitespeed.org/release-log/version-1-7-x/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.litespeedtech.com/products/litespeed-web-server/release-log", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4293.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4293.json index c96668094fd..8b20c003929 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4293.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4293.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4293", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-12T08:15:09.240", - "lastModified": "2023-08-14T00:36:59.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:54:08.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -46,18 +66,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdownloadmanager:premium_packages_-_sell_digital_products_securely:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.7.5", + "matchCriteriaId": "7ED175DB-E630-40A7-9B3A-1634AEDD090F" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/tags/5.7.4/wpdm-premium-packages.php#L1158", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2951917/wpdm-premium-packages#file5", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/82137302-60ca-44d5-b087-dc96e2815fca?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4347.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4347.json index df9a9fc2d44..3af1f24b840 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4347.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4347.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4347", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-15T02:15:48.093", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T01:22:29.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.8.0", + "matchCriteriaId": "0D4BC1C6-7A0C-4201-AF67-2EDBD8038606" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/librenms/librenms/commit/91c57a1ee54631e071b6b0c952d99c8ee892e824", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/1f78c6e1-2923-46c5-9376-4cc5a8f1152f", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4395.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4395.json index 9148f977424..d910046c7d1 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4395.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4395.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4395", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-17T04:15:10.687", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:55:09.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.4", + "matchCriteriaId": "20AD25FB-82CB-49B5-B01C-BF45CC9CE803" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cbbab028342ba10cc493e5c119172c", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/60e38563-7ac8-4a13-ac04-2980cc48b0da", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4422.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4422.json index 1d78b77f7b7..528aebe7b79 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4422.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4422.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4422", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-18T19:15:13.250", - "lastModified": "2023-08-18T20:11:33.760", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T00:58:55.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.3", + "matchCriteriaId": "01BAF7D9-ECB6-4E46-B1A5-DD318BBE9C8D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cockpit-hq/cockpit/commit/b8dad5e070608bb5e4ec58fabbee101b5af737cf", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/2e12b773-b6a2-48da-a4bb-55d5d1307d2e", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 5c8df8b4274..5aaabae3193 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-21T23:55:26.495519+00:00 +2023-08-22T02:00:29.579652+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-21T23:15:09.337000+00:00 +2023-08-22T01:58:46.843000+00:00 ``` ### Last Data Feed Release @@ -23,30 +23,53 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-08-21T00:00:13.547021+00:00 +2023-08-22T00:00:13.564184+00:00 ``` ### Total Number of included CVEs ```plain -223086 +223089 ``` ### CVEs added in the last Commit Recently added CVEs: `3` -* [CVE-2023-4301](CVE-2023/CVE-2023-43xx/CVE-2023-4301.json) (`2023-08-21T23:15:09.107`) -* [CVE-2023-4302](CVE-2023/CVE-2023-43xx/CVE-2023-4302.json) (`2023-08-21T23:15:09.247`) -* [CVE-2023-4303](CVE-2023/CVE-2023-43xx/CVE-2023-4303.json) (`2023-08-21T23:15:09.337`) +* [CVE-2023-38906](CVE-2023/CVE-2023-389xx/CVE-2023-38906.json) (`2023-08-22T00:15:07.920`) +* [CVE-2023-38908](CVE-2023/CVE-2023-389xx/CVE-2023-38908.json) (`2023-08-22T01:15:08.153`) +* [CVE-2023-38909](CVE-2023/CVE-2023-389xx/CVE-2023-38909.json) (`2023-08-22T01:15:08.537`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `30` -* [CVE-2022-34671](CVE-2022/CVE-2022-346xx/CVE-2022-34671.json) (`2023-08-21T23:15:08.253`) -* [CVE-2022-47952](CVE-2022/CVE-2022-479xx/CVE-2022-47952.json) (`2023-08-21T23:15:08.937`) +* [CVE-2023-28622](CVE-2023/CVE-2023-286xx/CVE-2023-28622.json) (`2023-08-22T00:55:23.717`) +* [CVE-2023-30874](CVE-2023/CVE-2023-308xx/CVE-2023-30874.json) (`2023-08-22T00:55:37.513`) +* [CVE-2023-30876](CVE-2023/CVE-2023-308xx/CVE-2023-30876.json) (`2023-08-22T00:55:49.987`) +* [CVE-2023-30877](CVE-2023/CVE-2023-308xx/CVE-2023-30877.json) (`2023-08-22T00:56:01.303`) +* [CVE-2023-31071](CVE-2023/CVE-2023-310xx/CVE-2023-31071.json) (`2023-08-22T00:56:09.750`) +* [CVE-2023-31076](CVE-2023/CVE-2023-310xx/CVE-2023-31076.json) (`2023-08-22T00:56:19.440`) +* [CVE-2023-26530](CVE-2023/CVE-2023-265xx/CVE-2023-26530.json) (`2023-08-22T00:56:35.657`) +* [CVE-2023-31074](CVE-2023/CVE-2023-310xx/CVE-2023-31074.json) (`2023-08-22T00:56:44.707`) +* [CVE-2023-31091](CVE-2023/CVE-2023-310xx/CVE-2023-31091.json) (`2023-08-22T00:56:52.430`) +* [CVE-2023-38838](CVE-2023/CVE-2023-388xx/CVE-2023-38838.json) (`2023-08-22T00:57:04.490`) +* [CVE-2023-28693](CVE-2023/CVE-2023-286xx/CVE-2023-28693.json) (`2023-08-22T00:57:12.023`) +* [CVE-2023-28783](CVE-2023/CVE-2023-287xx/CVE-2023-28783.json) (`2023-08-22T00:57:19.960`) +* [CVE-2023-31079](CVE-2023/CVE-2023-310xx/CVE-2023-31079.json) (`2023-08-22T00:57:29.870`) +* [CVE-2023-38890](CVE-2023/CVE-2023-388xx/CVE-2023-38890.json) (`2023-08-22T00:57:39.623`) +* [CVE-2023-38910](CVE-2023/CVE-2023-389xx/CVE-2023-38910.json) (`2023-08-22T00:58:18.610`) +* [CVE-2023-38911](CVE-2023/CVE-2023-389xx/CVE-2023-38911.json) (`2023-08-22T00:58:46.030`) +* [CVE-2023-4422](CVE-2023/CVE-2023-44xx/CVE-2023-4422.json) (`2023-08-22T00:58:55.880`) +* [CVE-2023-23208](CVE-2023/CVE-2023-232xx/CVE-2023-23208.json) (`2023-08-22T01:00:04.300`) +* [CVE-2023-35689](CVE-2023/CVE-2023-356xx/CVE-2023-35689.json) (`2023-08-22T01:10:41.940`) +* [CVE-2023-40518](CVE-2023/CVE-2023-405xx/CVE-2023-40518.json) (`2023-08-22T01:16:07.403`) +* [CVE-2023-4347](CVE-2023/CVE-2023-43xx/CVE-2023-4347.json) (`2023-08-22T01:22:29.127`) +* [CVE-2023-30498](CVE-2023/CVE-2023-304xx/CVE-2023-30498.json) (`2023-08-22T01:42:12.990`) +* [CVE-2023-30747](CVE-2023/CVE-2023-307xx/CVE-2023-30747.json) (`2023-08-22T01:47:46.017`) +* [CVE-2023-32003](CVE-2023/CVE-2023-320xx/CVE-2023-32003.json) (`2023-08-22T01:55:13.197`) +* [CVE-2023-30778](CVE-2023/CVE-2023-307xx/CVE-2023-30778.json) (`2023-08-22T01:58:46.843`) ## Download and Usage