From a8f5195c5ab27a641004246dc6bc0397b956ec31 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 26 Jun 2023 10:00:55 +0000 Subject: [PATCH] Auto-Update: 2023-06-26T10:00:51.567210+00:00 --- CVE-2023/CVE-2023-28xx/CVE-2023-2828.json | 6 ++- CVE-2023/CVE-2023-294xx/CVE-2023-29423.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-294xx/CVE-2023-29424.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-294xx/CVE-2023-29427.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-29xx/CVE-2023-2911.json | 6 ++- README.md | 23 ++++----- 6 files changed, 185 insertions(+), 15 deletions(-) create mode 100644 CVE-2023/CVE-2023-294xx/CVE-2023-29423.json create mode 100644 CVE-2023/CVE-2023-294xx/CVE-2023-29424.json create mode 100644 CVE-2023/CVE-2023-294xx/CVE-2023-29427.json diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2828.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2828.json index 58aa0a375aa..549edb0b010 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2828.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2828.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2828", "sourceIdentifier": "security-officer@isc.org", "published": "2023-06-21T17:15:47.703", - "lastModified": "2023-06-25T03:15:45.680", + "lastModified": "2023-06-26T08:15:09.213", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -46,6 +46,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/", "source": "security-officer@isc.org" + }, + { + "url": "https://www.debian.org/security/2023/dsa-5439", + "source": "security-officer@isc.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29423.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29423.json new file mode 100644 index 00000000000..52ff23afad8 --- /dev/null +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29423.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29423", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-26T08:15:09.050", + "lastModified": "2023-06-26T08:15:09.050", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin <=\u00a01.3.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/cancel-order-request-woocommerce/wordpress-cancel-order-request-woocommerce-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29424.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29424.json new file mode 100644 index 00000000000..0af36f56fa0 --- /dev/null +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29424.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29424", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-26T08:15:09.137", + "lastModified": "2023-06-26T08:15:09.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plainware ShiftController Employee Shift Scheduling plugin <=\u00a04.9.23 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/shiftcontroller/wordpress-shiftcontroller-employee-shift-scheduling-plugin-4-9-23-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29427.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29427.json new file mode 100644 index 00000000000..f4404064ccb --- /dev/null +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29427.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29427", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-26T09:15:09.620", + "lastModified": "2023-06-26T09:15:09.620", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar \u2013 Amelia plugin <=\u00a01.0.75 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ameliabooking/wordpress-amelia-plugin-1-0-75-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2911.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2911.json index 477d756cae0..3d67b928c5f 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2911.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2911.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2911", "sourceIdentifier": "security-officer@isc.org", "published": "2023-06-21T17:15:47.827", - "lastModified": "2023-06-25T03:15:46.127", + "lastModified": "2023-06-26T08:15:09.293", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -46,6 +46,10 @@ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/", "source": "security-officer@isc.org" + }, + { + "url": "https://www.debian.org/security/2023/dsa-5439", + "source": "security-officer@isc.org" } ] } \ No newline at end of file diff --git a/README.md b/README.md index 7cc3e7da18c..1113f8c5110 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-26T08:00:26.852167+00:00 +2023-06-26T10:00:51.567210+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-26T07:15:09.297000+00:00 +2023-06-26T09:15:09.620000+00:00 ``` ### Last Data Feed Release @@ -29,27 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -218530 +218533 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `3` -* [CVE-2023-28988](CVE-2023/CVE-2023-289xx/CVE-2023-28988.json) (`2023-06-26T06:15:09.127`) -* [CVE-2023-28991](CVE-2023/CVE-2023-289xx/CVE-2023-28991.json) (`2023-06-26T06:15:10.187`) -* [CVE-2023-28992](CVE-2023/CVE-2023-289xx/CVE-2023-28992.json) (`2023-06-26T06:15:10.593`) -* [CVE-2023-29093](CVE-2023/CVE-2023-290xx/CVE-2023-29093.json) (`2023-06-26T06:15:10.773`) -* [CVE-2023-1150](CVE-2023/CVE-2023-11xx/CVE-2023-1150.json) (`2023-06-26T07:15:08.877`) -* [CVE-2023-1619](CVE-2023/CVE-2023-16xx/CVE-2023-1619.json) (`2023-06-26T07:15:09.090`) -* [CVE-2023-1620](CVE-2023/CVE-2023-16xx/CVE-2023-1620.json) (`2023-06-26T07:15:09.197`) -* [CVE-2023-22359](CVE-2023/CVE-2023-223xx/CVE-2023-22359.json) (`2023-06-26T07:15:09.297`) +* [CVE-2023-29423](CVE-2023/CVE-2023-294xx/CVE-2023-29423.json) (`2023-06-26T08:15:09.050`) +* [CVE-2023-29424](CVE-2023/CVE-2023-294xx/CVE-2023-29424.json) (`2023-06-26T08:15:09.137`) +* [CVE-2023-29427](CVE-2023/CVE-2023-294xx/CVE-2023-29427.json) (`2023-06-26T09:15:09.620`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `2` +* [CVE-2023-2828](CVE-2023/CVE-2023-28xx/CVE-2023-2828.json) (`2023-06-26T08:15:09.213`) +* [CVE-2023-2911](CVE-2023/CVE-2023-29xx/CVE-2023-2911.json) (`2023-06-26T08:15:09.293`) ## Download and Usage