admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-16T22:00:24.396933+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-16 22:00:28 +00:00
parent fdd5c5749f
commit abb66d0abb
57 changed files with 1986 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2023/CVE-2023-201xx/CVE-2023-20198.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20198",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-10-16T16:15:10.023",
"lastModified": "2023-10-16T18:33:43.730",
"lastModified": "2023-10-16T21:15:10.537",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z",
"source": "ykramarz@cisco.com"

24
CVE-2023/CVE-2023-294xx/CVE-2023-29484.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-29484",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T20:15:14.423",
"lastModified": "2023-10-16T20:15:14.423",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.terminalfour.com/articles/security-notices/cve-2023-29484/",
"source": "cve@mitre.org"
},
{
"url": "https://docs.terminalfour.com/release-notes/83/16.html",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-309xx/CVE-2023-30987.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-30987",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T21:15:10.627",
"lastModified": "2023-10-16T21:15:10.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253440",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047560",
"source": "psirt@us.ibm.com"
}
]
}

32
CVE-2023/CVE-2023-31xx/CVE-2023-3154.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3154",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:14.507",
"lastModified": "2023-10-16T20:15:14.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ed099489-1db4-4b42-9f72-77de39c9e01e",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-31xx/CVE-2023-3155.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3155",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:14.597",
"lastModified": "2023-10-16T20:15:14.597",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/5c8473f4-4b52-430b-9140-b81b0a0901da",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-32xx/CVE-2023-3279.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3279",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:14.690",
"lastModified": "2023-10-16T20:15:14.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3b7a7070-8d61-4ff8-b003-b4ff06221635",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-37xx/CVE-2023-3706.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3706",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:14.780",
"lastModified": "2023-10-16T20:15:14.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via an IDOR vector"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/daa4d93a-f8b1-4809-a18e-8ab63a05de5a",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-37xx/CVE-2023-3707.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3707",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:14.883",
"lastModified": "2023-10-16T20:15:14.883",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private) via an IDOR vector. Password protected posts are not affected by this issue."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/541bbe4c-3295-4073-901d-763556269f48",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-37xx/CVE-2023-3746.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3746",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:15.010",
"lastModified": "2023-10-16T20:15:15.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/c15a6032-6495-47a8-828c-37e55ed9665a",
"source": "contact@wpscan.com"
}
]
}

59
CVE-2023/CVE-2023-387xx/CVE-2023-38720.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-38720",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T21:15:10.720",
"lastModified": "2023-10-16T21:15:10.720",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261616",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047489",
"source": "psirt@us.ibm.com"
}
]
}

20
CVE-2023/CVE-2023-408xx/CVE-2023-40851.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40851",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T21:15:10.810",
"lastModified": "2023-10-16T21:15:10.810",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page."
}
],
"metrics": {},
"references": [
{
"url": "https://www.exploit-db.com/exploits/51694",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-408xx/CVE-2023-40852.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40852",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T21:15:10.867",
"lastModified": "2023-10-16T21:15:10.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page."
}
],
"metrics": {},
"references": [
{
"url": "https://www.exploit-db.com/exploits/51695",
"source": "cve@mitre.org"
}
]
}

71
CVE-2023/CVE-2023-424xx/CVE-2023-42459.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-42459",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T21:15:10.923",
"lastModified": "2023-10-16T21:15:10.923",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
},
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-590"
}
]
}
],
"references": [
{
"url": "https://github.com/eProsima/Fast-DDS/issues/3207",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eProsima/Fast-DDS/pull/3824",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm",
"source": "security-advisories@github.com"
}
]
}

32
CVE-2023/CVE-2023-42xx/CVE-2023-4289.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4289",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:15.487",
"lastModified": "2023-10-16T20:15:15.487",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/38c337c6-048f-4009-aef8-29c18afa6fdc",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-42xx/CVE-2023-4290.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4290",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:15.577",
"lastModified": "2023-10-16T20:15:15.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHP_SELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/5fad5245-a089-4ba3-9958-1e2c3d066eea",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2023/CVE-2023-431xx/CVE-2023-43118.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43118",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T20:15:15.100",
"lastModified": "2023-10-16T20:15:15.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API."
}
],
"metrics": {},
"references": [
{
"url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114379",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-431xx/CVE-2023-43119.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43119",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T20:15:15.160",
"lastModified": "2023-10-16T20:15:15.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server."
}
],
"metrics": {},
"references": [
{
"url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114378",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-431xx/CVE-2023-43121.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43121",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T20:15:15.223",
"lastModified": "2023-10-16T20:15:15.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files."
}
],
"metrics": {},
"references": [
{
"url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114376",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-43xx/CVE-2023-4388.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4388",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:15.663",
"lastModified": "2023-10-16T20:15:15.663",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/4086b62c-c527-4721-af63-7f2687c98648",
"source": "contact@wpscan.com"
}
]
}

8
CVE-2023/CVE-2023-441xx/CVE-2023-44186.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44186",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-11T21:15:09.890",
"lastModified": "2023-10-11T22:13:59.567",
"lastModified": "2023-10-16T21:15:11.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\n\nThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\n\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions prior to 22.2R3-S2-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO.\n\n\n\n\n\n\n"
"value": "\nAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\n\nThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions prior to 22.2R3-S2-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO.\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de Improper Handling of Exceptional Conditions en el procesamiento AS PATH de Juniper Networks Junos OS y Junos OS Evolved permite a un atacante enviar un mensaje de actualizaci\u00f3n de BGP con un AS PATH que contiene una gran cantidad de AS de 4 bytes, lo que lleva a una Denegaci\u00f3n de Servicio (DoS). La recepci\u00f3n y el procesamiento continuo de estas actualizaciones de BGP crear\u00e1n una condici\u00f3n sostenida de Denegaci\u00f3n de Servicio (DoS). Este problema se produce cuando el router tiene habilitado el Non-Stop Routing (NSR), tiene un vecino BGP que no es de 4 bytes con capacidad AS, recibe un mensaje de actualizaci\u00f3n de BGP con un prefijo que incluye un AS PATH larga que contiene una gran cantidad de 4 bytes. AS de bytes y tiene que anunciar el prefijo hacia el vecino BGP que no es compatible con AS de 4 bytes. Este problema afecta a: \nJuniper Networks Junos OS: * Todas las versiones anteriores a 20.4R3-S8; * 21.1 versiones 21.1R1 y posteriores; * Versiones 21.2 anteriores a 21.2R3-S6; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S5; * Versiones 22.1 anteriores a 22.1R3-S4; * Versiones 22.2 anteriores a 22.2R3-S2; * Versiones 22.3 anteriores a 22.3R2-S2, 22.3R3-S1; * Versiones 22.4 anteriores a 22.4R2-S1, 22.4R3; * Versiones 23.2 anteriores a 23.2R2. \nJuniper Networks Junos OS Evolved * Todas las versiones anteriores a 20.4R3-S8-EVO; * 21.1 versiones 21.1R1-EVO y posteriores; * Versiones 21.2 anteriores a 21.2R3-S6-EVO; * Versiones 21.3 anteriores a 21.3R3-S5-EVO; * Versiones 21.4 anteriores a 21.4R3-S5-EVO; * Versiones 22.1 anteriores a 22.1R3-S4-EVO; * Versiones 22.2 anteriores a 22.2R3-S2-EVO; * Versiones 22.3 anteriores a 22.3R2-S2-EVO, 22.3R3-S1-EVO; * Versiones 22.4 anteriores a 22.4R2-S1-EVO, 22.4R3-EVO; * Versiones 23.2 anteriores a 23.2R2-EVO."
}
],
"metrics": {

71
CVE-2023/CVE-2023-451xx/CVE-2023-45128.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-45128",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T21:15:11.137",
"lastModified": "2023-10-16T21:15:11.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated user, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This issue has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes as defense in depth measures. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-565"
},
{
"lang": "en",
"value": "CWE-807"
}
]
}
],
"references": [
{
"url": "https://github.com/gofiber/fiber/commit/8c3916dbf4ad2ed427d02c6eb63ae8b2fa8f019a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/gofiber/fiber/security/advisories/GHSA-94w9-97p3-p368",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-451xx/CVE-2023-45141.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45141",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T21:15:11.237",
"lastModified": "2023-10-16T21:15:11.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This vulnerability has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-565"
}
]
}
],
"references": [
{
"url": "https://github.com/gofiber/fiber/security/advisories/GHSA-mv73-f69x-444p",
"source": "security-advisories@github.com"
}
]
}

75
CVE-2023/CVE-2023-451xx/CVE-2023-45144.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2023-45144",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T21:15:11.333",
"lastModified": "2023-10-16T21:15:11.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting (XSS) and XWiki syntax injection. This allows remote code execution via the groovy macro and thus affects the confidentiality, integrity and availability of the whole XWiki installation. The issue has been fixed in Identity OAuth version 1.6. There are no known workarounds for this vulnerability and users are advised to upgrade."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/xwikisas/identity-oauth/blob/master/ui/src/main/resources/IdentityOAuth/LoginUIExtension.vm#L58",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwikisas/identity-oauth/commit/d805d3154b17c6bf455ddf5deb0a3461a3833bc6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwikisas/identity-oauth/commit/d805d3154b17c6bf455ddf5deb0a3461a3833bc6#diff-2ab2e0716443d790d7d798320e4a45151661f4eca5440331f4a227b29c87c188",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwikisas/identity-oauth/security/advisories/GHSA-h2rm-29ch-wfmh",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20719",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-451xx/CVE-2023-45147.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45147",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T21:15:11.433",
"lastModified": "2023-10-16T21:15:11.433",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. Users are advised to update to version 3.1.1 if they are on the stable branch or 3.2.0.beta2 if they are on the beta branch. Users unable to upgrade should disable any plugins that access topic custom fields."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wm89-m359-f9qv",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-451xx/CVE-2023-45149.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-45149",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T20:15:15.287",
"lastModified": "2023-10-16T20:15:15.287",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the Nextcloud Talk app is upgraded to 15.0.8, 16.0.6 or 17.1.1. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7rf8-pqmj-rpqv",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/spreed/pull/10545",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/2094473",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-451xx/CVE-2023-45150.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-45150",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T20:15:15.393",
"lastModified": "2023-10-16T20:15:15.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended that the Nextcloud Calendar app is upgraded to 4.4.4. The only workaround for users unable to upgrade is to disable the calendar app."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/calendar/pull/5358",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r936-8gwm-w452",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/2058337",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2023/CVE-2023-455xx/CVE-2023-45542.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45542",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T21:15:11.517",
"lastModified": "2023-10-16T21:15:11.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ahrixia/CVE-2023-45542",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-46xx/CVE-2023-4643.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4643",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:15.743",
"lastModified": "2023-10-16T20:15:15.743",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d9125604-2236-435c-a67c-07951a1fc5b1",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-46xx/CVE-2023-4646.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4646",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:15.830",
"lastModified": "2023-10-16T20:15:15.830",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/c34f8dcc-3be6-44ad-91a4-7c3a0ce2f9d7",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-46xx/CVE-2023-4666.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4666",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:15.927",
"lastModified": "2023-10-16T20:15:15.927",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-46xx/CVE-2023-4687.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4687",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:16.013",
"lastModified": "2023-10-16T20:15:16.013",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/31596fc5-4203-40c4-9b0a-e8a37faafddd",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-46xx/CVE-2023-4691.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4691",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:16.093",
"lastModified": "2023-10-16T20:15:16.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/5085ec75-0795-4004-955d-e71b3d2c26c6",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-47xx/CVE-2023-4725.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4725",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:16.170",
"lastModified": "2023-10-16T20:15:16.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/e9b9a594-c960-4692-823e-23fc60cca7e7",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-47xx/CVE-2023-4776.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4776",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:16.250",
"lastModified": "2023-10-16T20:15:16.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/59dd3917-01cb-479f-a557-021b2a5147df",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-47xx/CVE-2023-4783.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4783",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:16.333",
"lastModified": "2023-10-16T20:15:16.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/02928db8-ceb3-471a-b626-ca661d073e4f",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-47xx/CVE-2023-4795.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4795",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:16.413",
"lastModified": "2023-10-16T20:15:16.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/b8390b4a-b43f-4bf6-a61b-dfcbc7b2e7a0",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-47xx/CVE-2023-4798.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4798",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:16.500",
"lastModified": "2023-10-16T20:15:16.500",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/273a95bf-39fe-4ba7-bc14-9527acfd9f42",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-48xx/CVE-2023-4800.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4800",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:16.583",
"lastModified": "2023-10-16T20:15:16.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-425"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/7eae1434-8c7a-4291-912d-a4a07b73ee56",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-48xx/CVE-2023-4805.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4805",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:16.670",
"lastModified": "2023-10-16T20:15:16.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/1049e940-49b1-4236-bea2-c636f35c5647",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-48xx/CVE-2023-4811.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4811",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:16.747",
"lastModified": "2023-10-16T20:15:16.747",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/7f9271f2-4de4-4be3-8746-2a3f149eb1d1",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-48xx/CVE-2023-4819.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4819",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:16.830",
"lastModified": "2023-10-16T20:15:16.830",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/4423b023-cf4a-46cb-b314-7a09ac08b29a",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-48xx/CVE-2023-4820.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4820",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:16.913",
"lastModified": "2023-10-16T20:15:16.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/e866a214-a142-43c7-b93d-ff2301a3e432",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-48xx/CVE-2023-4821.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4821",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:16.990",
"lastModified": "2023-10-16T20:15:16.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-48xx/CVE-2023-4861.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4861",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:17.067",
"lastModified": "2023-10-16T20:15:17.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/7fa03f00-25c7-4e40-8592-bb4001ce019d",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-48xx/CVE-2023-4862.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4862",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:17.153",
"lastModified": "2023-10-16T20:15:17.153",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/81821bf5-69e1-4005-b3eb-d541490909cc",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-49xx/CVE-2023-4933.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4933",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:17.243",
"lastModified": "2023-10-16T20:15:17.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-538"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-49xx/CVE-2023-4950.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4950",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:17.323",
"lastModified": "2023-10-16T20:15:17.323",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/73db1ee8-06a2-41b6-b287-44e25f5f2e58",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-49xx/CVE-2023-4971.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4971",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:17.403",
"lastModified": "2023-10-16T20:15:17.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/421194e1-6c3f-4972-8f3c-de1b9d2bcb13",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-50xx/CVE-2023-5003.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-5003",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:17.490",
"lastModified": "2023-10-16T20:15:17.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-538"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/91f4e500-71f3-4ef6-9cc7-24a7c12a5748",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-50xx/CVE-2023-5057.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-5057",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:17.573",
"lastModified": "2023-10-16T20:15:17.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/58a63507-f0fd-46f1-a80c-6b1c41dddcf5",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-50xx/CVE-2023-5087.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-5087",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:17.657",
"lastModified": "2023-10-16T20:15:17.657",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3b45cc0b-7378-49f3-900e-d0e18cd4b878",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-50xx/CVE-2023-5089.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-5089",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:17.737",
"lastModified": "2023-10-16T20:15:17.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/2b547488-187b-44bc-a57d-f876a7d4c87d",
"source": "contact@wpscan.com"
},
{
"url": "https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-51xx/CVE-2023-5133.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-5133",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:17.823",
"lastModified": "2023-10-16T20:15:17.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/36c30e54-75e4-4df1-b01a-60c51c0e76a3",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-51xx/CVE-2023-5167.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-5167",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:17.903",
"lastModified": "2023-10-16T20:15:17.903",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/78ea6fe0-5fac-4923-949c-023c85fe2437",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-51xx/CVE-2023-5177.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-5177",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:17.993",
"lastModified": "2023-10-16T20:15:17.993",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/a67b9c21-a35a-4cdb-9627-a5932334e5f0",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-55xx/CVE-2023-5561.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-5561",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:18.073",
"lastModified": "2023-10-16T20:15:18.073",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441",
"source": "contact@wpscan.com"
}
]
}

71
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-16T20:00:24.350486+00:00
2023-10-16T22:00:24.396933+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-16T19:53:30.110000+00:00
2023-10-16T21:15:11.517000+00:00
```
### Last Data Feed Release
@ -29,53 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227919
227973
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `54`
* [CVE-2023-45984](CVE-2023/CVE-2023-459xx/CVE-2023-45984.json) (`2023-10-16T18:15:16.510`)
* [CVE-2023-45985](CVE-2023/CVE-2023-459xx/CVE-2023-45985.json) (`2023-10-16T18:15:16.577`)
* [CVE-2023-40180](CVE-2023/CVE-2023-401xx/CVE-2023-40180.json) (`2023-10-16T19:15:10.567`)
* [CVE-2023-43120](CVE-2023/CVE-2023-431xx/CVE-2023-43120.json) (`2023-10-16T19:15:10.680`)
* [CVE-2023-45148](CVE-2023/CVE-2023-451xx/CVE-2023-45148.json) (`2023-10-16T19:15:10.860`)
* [CVE-2023-45151](CVE-2023/CVE-2023-451xx/CVE-2023-45151.json) (`2023-10-16T19:15:10.957`)
* [CVE-2023-45660](CVE-2023/CVE-2023-456xx/CVE-2023-45660.json) (`2023-10-16T19:15:11.060`)
* [CVE-2023-45669](CVE-2023/CVE-2023-456xx/CVE-2023-45669.json) (`2023-10-16T19:15:11.167`)
* [CVE-2023-45683](CVE-2023/CVE-2023-456xx/CVE-2023-45683.json) (`2023-10-16T19:15:11.253`)
* [CVE-2023-4820](CVE-2023/CVE-2023-48xx/CVE-2023-4820.json) (`2023-10-16T20:15:16.913`)
* [CVE-2023-4821](CVE-2023/CVE-2023-48xx/CVE-2023-4821.json) (`2023-10-16T20:15:16.990`)
* [CVE-2023-4861](CVE-2023/CVE-2023-48xx/CVE-2023-4861.json) (`2023-10-16T20:15:17.067`)
* [CVE-2023-4862](CVE-2023/CVE-2023-48xx/CVE-2023-4862.json) (`2023-10-16T20:15:17.153`)
* [CVE-2023-4933](CVE-2023/CVE-2023-49xx/CVE-2023-4933.json) (`2023-10-16T20:15:17.243`)
* [CVE-2023-4950](CVE-2023/CVE-2023-49xx/CVE-2023-4950.json) (`2023-10-16T20:15:17.323`)
* [CVE-2023-4971](CVE-2023/CVE-2023-49xx/CVE-2023-4971.json) (`2023-10-16T20:15:17.403`)
* [CVE-2023-5003](CVE-2023/CVE-2023-50xx/CVE-2023-5003.json) (`2023-10-16T20:15:17.490`)
* [CVE-2023-5057](CVE-2023/CVE-2023-50xx/CVE-2023-5057.json) (`2023-10-16T20:15:17.573`)
* [CVE-2023-5087](CVE-2023/CVE-2023-50xx/CVE-2023-5087.json) (`2023-10-16T20:15:17.657`)
* [CVE-2023-5089](CVE-2023/CVE-2023-50xx/CVE-2023-5089.json) (`2023-10-16T20:15:17.737`)
* [CVE-2023-5133](CVE-2023/CVE-2023-51xx/CVE-2023-5133.json) (`2023-10-16T20:15:17.823`)
* [CVE-2023-5167](CVE-2023/CVE-2023-51xx/CVE-2023-5167.json) (`2023-10-16T20:15:17.903`)
* [CVE-2023-5177](CVE-2023/CVE-2023-51xx/CVE-2023-5177.json) (`2023-10-16T20:15:17.993`)
* [CVE-2023-5561](CVE-2023/CVE-2023-55xx/CVE-2023-5561.json) (`2023-10-16T20:15:18.073`)
* [CVE-2023-30987](CVE-2023/CVE-2023-309xx/CVE-2023-30987.json) (`2023-10-16T21:15:10.627`)
* [CVE-2023-38720](CVE-2023/CVE-2023-387xx/CVE-2023-38720.json) (`2023-10-16T21:15:10.720`)
* [CVE-2023-40851](CVE-2023/CVE-2023-408xx/CVE-2023-40851.json) (`2023-10-16T21:15:10.810`)
* [CVE-2023-40852](CVE-2023/CVE-2023-408xx/CVE-2023-40852.json) (`2023-10-16T21:15:10.867`)
* [CVE-2023-42459](CVE-2023/CVE-2023-424xx/CVE-2023-42459.json) (`2023-10-16T21:15:10.923`)
* [CVE-2023-45128](CVE-2023/CVE-2023-451xx/CVE-2023-45128.json) (`2023-10-16T21:15:11.137`)
* [CVE-2023-45141](CVE-2023/CVE-2023-451xx/CVE-2023-45141.json) (`2023-10-16T21:15:11.237`)
* [CVE-2023-45144](CVE-2023/CVE-2023-451xx/CVE-2023-45144.json) (`2023-10-16T21:15:11.333`)
* [CVE-2023-45147](CVE-2023/CVE-2023-451xx/CVE-2023-45147.json) (`2023-10-16T21:15:11.433`)
* [CVE-2023-45542](CVE-2023/CVE-2023-455xx/CVE-2023-45542.json) (`2023-10-16T21:15:11.517`)
### CVEs modified in the last Commit
Recently modified CVEs: `65`
Recently modified CVEs: `2`
* [CVE-2023-43623](CVE-2023/CVE-2023-436xx/CVE-2023-43623.json) (`2023-10-16T19:01:01.317`)
* [CVE-2023-26319](CVE-2023/CVE-2023-263xx/CVE-2023-26319.json) (`2023-10-16T19:02:59.867`)
* [CVE-2023-26320](CVE-2023/CVE-2023-263xx/CVE-2023-26320.json) (`2023-10-16T19:04:10.920`)
* [CVE-2023-44997](CVE-2023/CVE-2023-449xx/CVE-2023-44997.json) (`2023-10-16T19:04:19.087`)
* [CVE-2023-3440](CVE-2023/CVE-2023-34xx/CVE-2023-3440.json) (`2023-10-16T19:06:06.767`)
* [CVE-2023-4733](CVE-2023/CVE-2023-47xx/CVE-2023-4733.json) (`2023-10-16T19:13:04.597`)
* [CVE-2023-4750](CVE-2023/CVE-2023-47xx/CVE-2023-4750.json) (`2023-10-16T19:13:09.647`)
* [CVE-2023-4781](CVE-2023/CVE-2023-47xx/CVE-2023-4781.json) (`2023-10-16T19:13:49.960`)
* [CVE-2023-4752](CVE-2023/CVE-2023-47xx/CVE-2023-4752.json) (`2023-10-16T19:13:58.133`)
* [CVE-2023-4990](CVE-2023/CVE-2023-49xx/CVE-2023-4990.json) (`2023-10-16T19:14:35.937`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-16T19:15:10.740`)
* [CVE-2023-44093](CVE-2023/CVE-2023-440xx/CVE-2023-44093.json) (`2023-10-16T19:18:41.647`)
* [CVE-2023-36479](CVE-2023/CVE-2023-364xx/CVE-2023-36479.json) (`2023-10-16T19:20:18.767`)
* [CVE-2023-41900](CVE-2023/CVE-2023-419xx/CVE-2023-41900.json) (`2023-10-16T19:20:23.917`)
* [CVE-2023-44961](CVE-2023/CVE-2023-449xx/CVE-2023-44961.json) (`2023-10-16T19:20:59.490`)
* [CVE-2023-44962](CVE-2023/CVE-2023-449xx/CVE-2023-44962.json) (`2023-10-16T19:21:28.193`)
* [CVE-2023-5555](CVE-2023/CVE-2023-55xx/CVE-2023-5555.json) (`2023-10-16T19:23:31.277`)
* [CVE-2023-5556](CVE-2023/CVE-2023-55xx/CVE-2023-5556.json) (`2023-10-16T19:23:44.070`)
* [CVE-2023-36839](CVE-2023/CVE-2023-368xx/CVE-2023-36839.json) (`2023-10-16T19:27:00.180`)
* [CVE-2023-43634](CVE-2023/CVE-2023-436xx/CVE-2023-43634.json) (`2023-10-16T19:29:48.237`)
* [CVE-2023-43633](CVE-2023/CVE-2023-436xx/CVE-2023-43633.json) (`2023-10-16T19:30:32.823`)
* [CVE-2023-43637](CVE-2023/CVE-2023-436xx/CVE-2023-43637.json) (`2023-10-16T19:30:36.710`)
* [CVE-2023-4504](CVE-2023/CVE-2023-45xx/CVE-2023-4504.json) (`2023-10-16T19:32:08.873`)
* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-10-16T19:41:01.563`)
* [CVE-2023-43746](CVE-2023/CVE-2023-437xx/CVE-2023-43746.json) (`2023-10-16T19:53:30.110`)
* [CVE-2023-20198](CVE-2023/CVE-2023-201xx/CVE-2023-20198.json) (`2023-10-16T21:15:10.537`)
* [CVE-2023-44186](CVE-2023/CVE-2023-441xx/CVE-2023-44186.json) (`2023-10-16T21:15:11.033`)
## Download and Usage