admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-13T04:00:25.580218+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-13 04:00:28 +00:00
parent bf92b755fc
commit ae91ca783a
19 changed files with 1087 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
CVE-2021/CVE-2021-43xx/CVE-2021-4372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4372",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:15.023",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T02:08:38.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rightpress:woocommerce_dynamic_pricing_and_discounts:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.4.1",
"matchCriteriaId": "99FB2230-2931-4006-9E18-953B7865E9D3"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcaa5d0e-b764-4566-bd46-2d41dc391c36?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2021/CVE-2021-43xx/CVE-2021-4373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4373",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:15.083",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T02:08:22.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webberzone:better_search:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.2",
"matchCriteriaId": "50A863C7-85E4-4678-BA94-37379FC27FE9"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2473344",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc6c595-dad2-4abc-8187-ed72355273b8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2021/CVE-2021-43xx/CVE-2021-4374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4374",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:15.147",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T02:05:58.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:valvepress:wordpress_automatic_plugin:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.53.2",
"matchCriteriaId": "88AC61E1-351D-4A52-A7B7-EF80DF7618F9"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-automatic-plugin/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0567dc8-7a4c-42f4-bf45-f31a8efaa354?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2021/CVE-2021-43xx/CVE-2021-4375.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4375",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:15.207",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T02:05:45.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.7",
"matchCriteriaId": "E0001C32-A260-43BD-8522-79783AC06CC9"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d82e856b-c8c9-4139-ad54-89368e3b7125?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2021/CVE-2021-43xx/CVE-2021-4376.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-4376",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:15.277",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T02:05:33.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value."
},
{
"lang": "es",
"value": "El plugin WooCommerce Multi Currency para WordPress es vulnerable a una falta de autorizaci\u00f3n en versiones hasta la v2.1.17 inclusive. Esto hace posible que atacantes autenticados cambien el precio de un producto a un valor arbitrario. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,22 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:palscode:woocommerce_multi_currency:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.17",
"matchCriteriaId": "D6D7C538-84BC-4A9A-9672-C4A1A5ACCAC4"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2734576%40woo-multi-currency&new=2734576%40woo-multi-currency&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/plugins/woo-multi-currency/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://wpscan.com/vulnerability/480125bc-bab3-45b8-9325-a4d406655a61",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a490c6-14c1-4c71-b44c-1e362cc892a8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2021/CVE-2021-43xx/CVE-2021-4377.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-4377",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:15.340",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T02:05:08.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmm_export_donations() function which is called via the admin_post_dmm_export hook due to missing capability checks. This can allow authenticated attackers to extract a CSV file that contains sensitive information about the donors."
},
{
"lang": "es",
"value": "El plugin Doneren met Mollie para WordPress es vulnerable a la exposici\u00f3n de datos sensibles en versiones hasta la v2.8.5 inclusive, a trav\u00e9s de la funci\u00f3n \"dmm_export_donations()\" que se llama a trav\u00e9s del hook \"admin_post_dmm_export\" debido a la falta de comprobaciones de capacidad. Esto puede permitir a atacantes autenticados extraer un archivo CSV que contiene informaci\u00f3n sensible sobre los donantes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,22 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wobbie:doneren_met_mollie:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.5",
"matchCriteriaId": "4C363B38-B1CF-4305-90F8-DA3068DDAF1A"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/information-disclosure-vulnerability-fixed-in-wordpress-doneren-met-mollie-plugin/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2459548",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wpscan.com/vulnerability/36afc442-9634-498e-961e-4c935880cd2b",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed99a056-42c6-4540-950e-12f8b547b64d?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-22xx/CVE-2023-2277.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2277",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-13T02:15:09.330",
"lastModified": "2023-06-13T02:15:09.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.1.8/application/views/wdk_resultitem/resultitem_edit.php#L34",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2904689/wpdirectorykit/trunk/application/controllers/Wdk_resultitem.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/82c6ed2f-20e8-46d1-a460-16d32b7536cd?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-22xx/CVE-2023-2278.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2278",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-13T02:15:09.433",
"lastModified": "2023-06-13T02:15:09.433",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.1.8/vendor/Winter_MVC/core/mvc_loader.php#L91",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2904689/wpdirectorykit/trunk/vendor/Winter_MVC/core/mvc_loader.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/87399a07-d2d8-42cd-81f0-9060f6cfff48?source=cve",
"source": "security@wordfence.com"
}
]
}

75
CVE-2023/CVE-2023-23xx/CVE-2023-2351.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2023-2351",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-13T02:15:09.507",
"lastModified": "2023-06-13T02:15:09.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.1.8/public/class-wpdirectorykit-public.php#L249",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2905046%40wpdirectorykit&new=2905046%40wpdirectorykit&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2905795%40wpdirectorykit&new=2905795%40wpdirectorykit&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2907164%40wpdirectorykit&new=2907164%40wpdirectorykit&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2917413%40wpdirectorykit&new=2917413%40wpdirectorykit&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50c5154c-1573-4c2b-85a1-a89bdb22dc7d?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-25xx/CVE-2023-2563.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2563",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-13T02:15:09.620",
"lastModified": "2023-06-13T02:15:09.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes it possible for unauthenticated attackers to delete forms created with this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/contact-forms/trunk/accua-forms.php#L738",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2924628%40contact-forms&new=2924628%40contact-forms&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f80a1f13-c1b9-4259-8d96-71a3cbcaf4ca?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-28xx/CVE-2023-2827.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2827",
"sourceIdentifier": "cna@sap.com",
"published": "2023-06-13T03:15:09.223",
"lastModified": "2023-06-13T03:15:09.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3301942",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

12
CVE-2023/CVE-2023-310xx/CVE-2023-31084.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31084",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T06:15:07.997",
"lastModified": "2023-05-02T14:17:32.120",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T03:15:09.317",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -64,6 +64,14 @@
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIEOLEOURP4BJZMIL7UGGPYRRB44UDN/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AOATNX5UFL7V7W2QDIQKOHFFHYKWFP4W/",
"source": "cve@mitre.org"
},
{
"url": "https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/",
"source": "cve@mitre.org",

59
CVE-2023/CVE-2023-321xx/CVE-2023-32114.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32114",
"sourceIdentifier": "cna@sap.com",
"published": "2023-06-13T03:15:09.393",
"lastModified": "2023-06-13T03:15:09.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3325642",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-321xx/CVE-2023-32115.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32115",
"sourceIdentifier": "cna@sap.com",
"published": "2023-06-13T03:15:09.473",
"lastModified": "2023-06-13T03:15:09.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/1794761",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-339xx/CVE-2023-33984.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-33984",
"sourceIdentifier": "cna@sap.com",
"published": "2023-06-13T03:15:09.567",
"lastModified": "2023-06-13T03:15:09.567",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could lead to Cross-Site Scripting vulnerability.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3318657",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-339xx/CVE-2023-33985.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-33985",
"sourceIdentifier": "cna@sap.com",
"published": "2023-06-13T03:15:09.667",
"lastModified": "2023-06-13T03:15:09.667",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3331627",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-339xx/CVE-2023-33986.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-33986",
"sourceIdentifier": "cna@sap.com",
"published": "2023-06-13T03:15:09.760",
"lastModified": "2023-06-13T03:15:09.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP CRM ABAP (Grantor Management) - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/2826092",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-339xx/CVE-2023-33991.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-33991",
"sourceIdentifier": "cna@sap.com",
"published": "2023-06-13T03:15:09.837",
"lastModified": "2023-06-13T03:15:09.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful exploitation, an attacker with user level access can cause high impact on confidentiality, modify some information and can cause unavailability of the application at user level.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3324285",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

37
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-12T23:55:24.028980+00:00
2023-06-13T04:00:25.580218+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-12T22:15:10.077000+00:00
2023-06-13T03:15:09.837000+00:00
```
### Last Data Feed Release
@ -23,32 +23,43 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-06-12T00:00:13.604926+00:00
2023-06-13T00:00:13.574050+00:00
```
### Total Number of included CVEs
```plain
217486
217497
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `11`
* [CVE-2023-26294](CVE-2023/CVE-2023-262xx/CVE-2023-26294.json) (`2023-06-12T22:15:09.780`)
* [CVE-2023-26295](CVE-2023/CVE-2023-262xx/CVE-2023-26295.json) (`2023-06-12T22:15:09.847`)
* [CVE-2023-26296](CVE-2023/CVE-2023-262xx/CVE-2023-26296.json) (`2023-06-12T22:15:09.897`)
* [CVE-2023-26297](CVE-2023/CVE-2023-262xx/CVE-2023-26297.json) (`2023-06-12T22:15:09.947`)
* [CVE-2023-26298](CVE-2023/CVE-2023-262xx/CVE-2023-26298.json) (`2023-06-12T22:15:09.987`)
* [CVE-2023-32673](CVE-2023/CVE-2023-326xx/CVE-2023-32673.json) (`2023-06-12T22:15:10.033`)
* [CVE-2023-32674](CVE-2023/CVE-2023-326xx/CVE-2023-32674.json) (`2023-06-12T22:15:10.077`)
* [CVE-2023-2277](CVE-2023/CVE-2023-22xx/CVE-2023-2277.json) (`2023-06-13T02:15:09.330`)
* [CVE-2023-2278](CVE-2023/CVE-2023-22xx/CVE-2023-2278.json) (`2023-06-13T02:15:09.433`)
* [CVE-2023-2351](CVE-2023/CVE-2023-23xx/CVE-2023-2351.json) (`2023-06-13T02:15:09.507`)
* [CVE-2023-2563](CVE-2023/CVE-2023-25xx/CVE-2023-2563.json) (`2023-06-13T02:15:09.620`)
* [CVE-2023-2827](CVE-2023/CVE-2023-28xx/CVE-2023-2827.json) (`2023-06-13T03:15:09.223`)
* [CVE-2023-32114](CVE-2023/CVE-2023-321xx/CVE-2023-32114.json) (`2023-06-13T03:15:09.393`)
* [CVE-2023-32115](CVE-2023/CVE-2023-321xx/CVE-2023-32115.json) (`2023-06-13T03:15:09.473`)
* [CVE-2023-33984](CVE-2023/CVE-2023-339xx/CVE-2023-33984.json) (`2023-06-13T03:15:09.567`)
* [CVE-2023-33985](CVE-2023/CVE-2023-339xx/CVE-2023-33985.json) (`2023-06-13T03:15:09.667`)
* [CVE-2023-33986](CVE-2023/CVE-2023-339xx/CVE-2023-33986.json) (`2023-06-13T03:15:09.760`)
* [CVE-2023-33991](CVE-2023/CVE-2023-339xx/CVE-2023-33991.json) (`2023-06-13T03:15:09.837`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `7`
* [CVE-2021-4377](CVE-2021/CVE-2021-43xx/CVE-2021-4377.json) (`2023-06-13T02:05:08.623`)
* [CVE-2021-4376](CVE-2021/CVE-2021-43xx/CVE-2021-4376.json) (`2023-06-13T02:05:33.037`)
* [CVE-2021-4375](CVE-2021/CVE-2021-43xx/CVE-2021-4375.json) (`2023-06-13T02:05:45.717`)
* [CVE-2021-4374](CVE-2021/CVE-2021-43xx/CVE-2021-4374.json) (`2023-06-13T02:05:58.907`)
* [CVE-2021-4373](CVE-2021/CVE-2021-43xx/CVE-2021-4373.json) (`2023-06-13T02:08:22.460`)
* [CVE-2021-4372](CVE-2021/CVE-2021-43xx/CVE-2021-4372.json) (`2023-06-13T02:08:38.943`)
* [CVE-2023-31084](CVE-2023/CVE-2023-310xx/CVE-2023-31084.json) (`2023-06-13T03:15:09.317`)
## Download and Usage