admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-04T16:00:27.597760+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-04 16:00:31 +00:00
parent befadd7192
commit aeef24096c
25 changed files with 1144 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
CVE-2020/CVE-2020-367xx/CVE-2020-36763.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-36763",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T16:15:10.090",
"lastModified": "2023-07-31T17:30:17.057",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T14:01:30.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:duxcms_project:duxcms:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5ECDBA01-F06D-4772-AFDB-8F5BAB85246A"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/annyshow/DuxCMS2.1/issues/I183GG",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

70
CVE-2022/CVE-2022-437xx/CVE-2022-43711.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2022-43711",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-26T14:15:09.823",
"lastModified": "2023-07-26T19:28:30.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T15:37:18.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gxsoftware:xperiencentral:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.29.1",
"versionEndIncluding": "10.33.0",
"matchCriteriaId": "A1220B0E-CFA0-4D31-BB31-64846F11783E"
}
]
}
]
}
],
"references": [
{
"url": "https://service.gxsoftware.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://service.gxsoftware.com/hc/nl/articles/12208173122461",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2022/CVE-2022-437xx/CVE-2022-43713.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2022-43713",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-26T14:15:09.930",
"lastModified": "2023-07-26T19:28:30.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T15:49:03.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gxsoftware:xperiencentral:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.33.1",
"versionEndIncluding": "10.35.0",
"matchCriteriaId": "62EF35F4-3634-4C92-88C7-276B8C90C4C8"
}
]
}
]
}
],
"references": [
{
"url": "https://service.gxsoftware.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://service.gxsoftware.com/hc/nl/articles/12208173122461",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-295xx/CVE-2023-29505.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-29505",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T15:15:09.987",
"lastModified": "2023-08-04T15:27:24.817",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-29505",
"source": "cve@mitre.org"
},
{
"url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_127131",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-296xx/CVE-2023-29689.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-29689",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T15:15:10.137",
"lastModified": "2023-08-04T15:27:24.817",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system."
}
],
"metrics": {},
"references": [
{
"url": "https://cupc4k3.lol/ssti-leads-to-rce-on-pyrocms-7515be27c811",
"source": "cve@mitre.org"
}
]
}

91
CVE-2023/CVE-2023-303xx/CVE-2023-30367.json
View File

@ -2,31 +2,108 @@
"id": "CVE-2023-30367",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-26T21:15:09.980",
"lastModified": "2023-07-31T19:15:16.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T14:53:08.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mremoteng:mremoteng:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.76.20",
"matchCriteriaId": "C25E67C1-C477-418C-A268-C62D8FE59B96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mremoteng:mremoteng:1.77.2-nb:*:*:*:*:*:*:*",
"matchCriteriaId": "949C895F-1702-4FD3-B48C-F6DBDE0994BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mremoteng:mremoteng:1.77.3-nb:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA0AD55-AE24-415C-97ED-E1CF71AD68FE"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173829/mRemoteNG-1.77.3.1784-NB-Sensitive-Information-Extraction.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/S1lkys/CVE-2023-30367-mRemoteNG-password-dumper",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/mRemoteNG/mRemoteNG/issues/2420",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.secuvera.de/advisories/secuvera-SA-2023-01.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-305xx/CVE-2023-30577.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-30577",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-26T17:15:10.227",
"lastModified": "2023-08-01T02:15:10.243",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T15:21:45.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zmanda:amanda:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.4",
"matchCriteriaId": "BB5D7CFE-057A-4FCF-B421-190A3881A398"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-309xx/CVE-2023-30949.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30949",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-07-26T18:15:11.007",
"lastModified": "2023-07-26T19:28:23.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T15:03:22.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
@ -34,10 +54,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:palantir:slate:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.207.0",
"matchCriteriaId": "F931AEBA-EAE5-4B8E-B406-DAD3D4124CCD"
}
]
}
]
}
],
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=bbc1772c-e10a-45cc-b89f-48cc1a8b2cfc",
"source": "cve-coordination@palantir.com"
"source": "cve-coordination@palantir.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-32xx/CVE-2023-3242.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3242",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2023-07-26T18:15:11.147",
"lastModified": "2023-07-26T19:28:23.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T15:03:53.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*",
"versionEndExcluding": "g4.93",
"matchCriteriaId": "4367AD90-1F40-4242-AB9F-BB7BB65E2465"
}
]
}
]
}
],
"references": [
{
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1689787619746-en-original-1.0.pdf",
"source": "cybersecurity@ch.abb.com"
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-335xx/CVE-2023-33534.json
View File

@ -2,19 +2,88 @@
"id": "CVE-2023-33534",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T14:15:10.223",
"lastModified": "2023-07-31T14:45:51.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T15:42:55.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sztozed:zlt_s10g_firmware:3.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0F85CB-BC26-435A-9EAD-7734E0D448D9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sztozed:zlt_s10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40E458-78E5-4DF4-8534-1219041EAD5D"
}
]
}
]
}
],
"references": [
{
"url": "https://rodelllemit.medium.com/cve-2023-33534-account-takeover-through-csrf-vulnerability-461de6f1b696",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-340xx/CVE-2023-34037.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34037",
"sourceIdentifier": "security@vmware.com",
"published": "2023-08-04T12:15:09.703",
"lastModified": "2023-08-04T12:15:09.703",
"vulnStatus": "Received",
"lastModified": "2023-08-04T15:27:24.817",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-340xx/CVE-2023-34038.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34038",
"sourceIdentifier": "security@vmware.com",
"published": "2023-08-04T12:15:10.217",
"lastModified": "2023-08-04T12:15:10.217",
"vulnStatus": "Received",
"lastModified": "2023-08-04T15:27:24.817",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

80
CVE-2023/CVE-2023-360xx/CVE-2023-36089.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-36089",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T14:15:10.480",
"lastModified": "2023-07-31T14:45:51.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T14:52:51.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-645_firmware:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D30DE3-3FAB-4BFA-97F2-03B82852BAC7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-645:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D49F68-E15D-478B-B88E-089291BF7DB6"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.dlink.com/en/support",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

80
CVE-2023/CVE-2023-360xx/CVE-2023-36090.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-36090",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T14:15:10.533",
"lastModified": "2023-07-31T14:45:51.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T14:52:44.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-885l_firmware:1.02:b01:*:*:*:*:*:*",
"matchCriteriaId": "CABE45B0-BA27-40B4-8717-DFF3011DABFE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD481B64-A25D-4123-B575-20EC3C524D9C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.dlink.com/en/support",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

80
CVE-2023/CVE-2023-360xx/CVE-2023-36091.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-36091",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T14:15:10.583",
"lastModified": "2023-07-31T14:45:51.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T14:51:35.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-895l_firmware:1.02:b07:*:*:*:*:*:*",
"matchCriteriaId": "7526958B-7D22-4AD0-8702-D70FB7260B9C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.dlink.com/en/support",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

80
CVE-2023/CVE-2023-360xx/CVE-2023-36092.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-36092",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T14:15:10.633",
"lastModified": "2023-07-31T14:45:51.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T14:51:20.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-859_firmware:1.05b03:*:*:*:*:*:*:*",
"matchCriteriaId": "7281C9FC-1832-41EE-8AF1-6FB8CD83C79E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.dlink.com/en/support",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

87
CVE-2023/CVE-2023-364xx/CVE-2023-36480.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2023-36480",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T15:15:10.210",
"lastModified": "2023-08-04T15:27:24.817",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to version 7.0.0, some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Version 7.0.0 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/AsyncRead.java#L68",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L1157",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L489",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L596",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/command/Buffer.java#L53",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/command/Command.java#L2083",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/util/Unpacker.java#L227",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aerospike/aerospike-client-java/commit/80c508cc5ecb0173ce92d7fab8cfab5e77bd9900",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aerospike/aerospike-client-java/security/advisories/GHSA-jj95-55cr-9597",
"source": "security-advisories@github.com"
}
]
}

73
CVE-2023/CVE-2023-376xx/CVE-2023-37647.json
View File

@ -2,27 +2,88 @@
"id": "CVE-2023-37647",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T13:15:09.897",
"lastModified": "2023-07-31T14:45:51.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T15:53:44.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sem-cms:semcms:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "29E32EAD-AB16-4C59-868D-A80DE7E0C34F"
}
]
}
]
}
],
"references": [
{
"url": "http://semcms.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://gitee.com/ants12/sem-cms_-shop_210918_v1.5-sql-injection-exists-s/tree/master/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.sem-cms.cn/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-393xx/CVE-2023-39379.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39379",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-04T10:15:09.870",
"lastModified": "2023-08-04T10:15:09.870",
"vulnStatus": "Received",
"lastModified": "2023-08-04T15:27:24.817",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

51
CVE-2023/CVE-2023-41xx/CVE-2023-4135.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-4135",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-04T14:15:12.173",
"lastModified": "2023-08-04T15:27:24.817",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4135",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229101",
"source": "secalert@redhat.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521",
"source": "secalert@redhat.com"
}
]
}

8
CVE-2023/CVE-2023-41xx/CVE-2023-4139.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4139",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-04T03:15:13.813",
"lastModified": "2023-08-04T03:15:13.813",
"vulnStatus": "Received",
"lastModified": "2023-08-04T15:27:24.817",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files."
},
{
"lang": "es",
"value": "El plugin Plugin WP Ultimate CSV Importer para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n sensible a trav\u00e9s de listados de directorios debido a la falta de restricci\u00f3n en la indexaci\u00f3n de carpetas de exportaci\u00f3n en versiones hasta, e incluyendo, v7.9.8. Esto hace posible que atacantes no autenticados puedan listar y ver los archivos exportados. "
}
],
"metrics": {

8
CVE-2023/CVE-2023-41xx/CVE-2023-4140.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4140",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-04T03:15:14.000",
"lastModified": "2023-08-04T03:15:14.000",
"vulnStatus": "Received",
"lastModified": "2023-08-04T15:27:24.817",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter."
},
{
"lang": "es",
"value": "El plugin Plugin WP Ultimate CSV Importer para WordPress es vulnerable a la escalada de privilegios en versiones hasta, e incluyendo, la v7.9.8 debido a una restricci\u00f3n insuficiente en la funci\u00f3n \"get_header_values\". Esto hace posible que atacantes autenticados, con permisos m\u00ednimos como un autor, si el administrador previamente concede acceso en la configuraci\u00f3n del plugin, modifiquen su rol de usuario suministrando el par\u00e1metro \"wp_capabilities-&gt;cus1\". "
}
],
"metrics": {

8
CVE-2023/CVE-2023-41xx/CVE-2023-4141.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4141",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-04T03:15:14.133",
"lastModified": "2023-08-04T03:15:14.133",
"vulnStatus": "Received",
"lastModified": "2023-08-04T15:27:24.817",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution."
},
{
"lang": "es",
"value": "El plugin WP Ultimate CSV Importer para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo en versiones hasta, e incluyendo, la v7.9.8 a trav\u00e9s del par\u00e1metro \"-&gt;cus2\". Esto permite a atacantes autenticados con permisos de nivel autor o superior, si el administrador concede previamente el acceso en la configuraci\u00f3n del plugin, crear un archivo PHP y ejecutar c\u00f3digo en el servidor. El autor resolvi\u00f3 esta vulnerabilidad eliminando la capacidad de los autores y editores para importar archivos, por favor tenga en cuenta que esto significa que la creaci\u00f3n de archivos PHP todav\u00eda est\u00e1 permitida para los administrador del sitio. Utilice el plugin con precauci\u00f3n. "
}
],
"metrics": {

8
CVE-2023/CVE-2023-41xx/CVE-2023-4142.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4142",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-04T03:15:14.267",
"lastModified": "2023-08-04T03:15:14.267",
"vulnStatus": "Received",
"lastModified": "2023-08-04T15:27:24.817",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution."
},
{
"lang": "es",
"value": "El plugin WP Ultimate CSV Importer para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo en versiones hasta, e incluyendo, la v7.9.8 a trav\u00e9s del par\u00e1metro \"-&gt;cus1\". Esto permite a atacantes autenticados con permisos de nivel de autor o superior, si el administrador concede previamente el acceso en la configuraci\u00f3n del plugin, ejecutar c\u00f3digo en el servidor. El autor resolvi\u00f3 esta vulnerabilidad eliminando la capacidad de los autores y editores para importar archivos, por favor tenga en cuenta que esto significa que la ejecuci\u00f3n remota de c\u00f3digo sigue siendo posible para los administradores del sitio. Utilice el plugin con precauci\u00f3n. "
}
],
"metrics": {

46
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-04T14:00:27.796323+00:00
2023-08-04T16:00:27.597760+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-04T13:59:07.953000+00:00
2023-08-04T15:53:44.720000+00:00
```
### Last Data Feed Release
@ -29,31 +29,43 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
221647
221651
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `4`
* [CVE-2023-34037](CVE-2023/CVE-2023-340xx/CVE-2023-34037.json) (`2023-08-04T12:15:09.703`)
* [CVE-2023-34038](CVE-2023/CVE-2023-340xx/CVE-2023-34038.json) (`2023-08-04T12:15:10.217`)
* [CVE-2023-4135](CVE-2023/CVE-2023-41xx/CVE-2023-4135.json) (`2023-08-04T14:15:12.173`)
* [CVE-2023-29505](CVE-2023/CVE-2023-295xx/CVE-2023-29505.json) (`2023-08-04T15:15:09.987`)
* [CVE-2023-29689](CVE-2023/CVE-2023-296xx/CVE-2023-29689.json) (`2023-08-04T15:15:10.137`)
* [CVE-2023-36480](CVE-2023/CVE-2023-364xx/CVE-2023-36480.json) (`2023-08-04T15:15:10.210`)
### CVEs modified in the last Commit
Recently modified CVEs: `10`
Recently modified CVEs: `20`
* [CVE-2023-38311](CVE-2023/CVE-2023-383xx/CVE-2023-38311.json) (`2023-08-04T12:55:45.233`)
* [CVE-2023-38310](CVE-2023/CVE-2023-383xx/CVE-2023-38310.json) (`2023-08-04T12:56:01.327`)
* [CVE-2023-38309](CVE-2023/CVE-2023-383xx/CVE-2023-38309.json) (`2023-08-04T12:56:24.150`)
* [CVE-2023-38308](CVE-2023/CVE-2023-383xx/CVE-2023-38308.json) (`2023-08-04T12:56:40.287`)
* [CVE-2023-38307](CVE-2023/CVE-2023-383xx/CVE-2023-38307.json) (`2023-08-04T12:56:51.953`)
* [CVE-2023-38306](CVE-2023/CVE-2023-383xx/CVE-2023-38306.json) (`2023-08-04T12:57:14.733`)
* [CVE-2023-38305](CVE-2023/CVE-2023-383xx/CVE-2023-38305.json) (`2023-08-04T12:57:27.330`)
* [CVE-2023-37464](CVE-2023/CVE-2023-374xx/CVE-2023-37464.json) (`2023-08-04T13:15:11.000`)
* [CVE-2023-34917](CVE-2023/CVE-2023-349xx/CVE-2023-34917.json) (`2023-08-04T13:49:09.827`)
* [CVE-2023-34916](CVE-2023/CVE-2023-349xx/CVE-2023-34916.json) (`2023-08-04T13:59:07.953`)
* [CVE-2020-36763](CVE-2020/CVE-2020-367xx/CVE-2020-36763.json) (`2023-08-04T14:01:30.770`)
* [CVE-2022-43711](CVE-2022/CVE-2022-437xx/CVE-2022-43711.json) (`2023-08-04T15:37:18.857`)
* [CVE-2022-43713](CVE-2022/CVE-2022-437xx/CVE-2022-43713.json) (`2023-08-04T15:49:03.637`)
* [CVE-2023-36092](CVE-2023/CVE-2023-360xx/CVE-2023-36092.json) (`2023-08-04T14:51:20.827`)
* [CVE-2023-36091](CVE-2023/CVE-2023-360xx/CVE-2023-36091.json) (`2023-08-04T14:51:35.410`)
* [CVE-2023-36090](CVE-2023/CVE-2023-360xx/CVE-2023-36090.json) (`2023-08-04T14:52:44.703`)
* [CVE-2023-36089](CVE-2023/CVE-2023-360xx/CVE-2023-36089.json) (`2023-08-04T14:52:51.697`)
* [CVE-2023-30367](CVE-2023/CVE-2023-303xx/CVE-2023-30367.json) (`2023-08-04T14:53:08.263`)
* [CVE-2023-30949](CVE-2023/CVE-2023-309xx/CVE-2023-30949.json) (`2023-08-04T15:03:22.487`)
* [CVE-2023-3242](CVE-2023/CVE-2023-32xx/CVE-2023-3242.json) (`2023-08-04T15:03:53.600`)
* [CVE-2023-30577](CVE-2023/CVE-2023-305xx/CVE-2023-30577.json) (`2023-08-04T15:21:45.547`)
* [CVE-2023-4139](CVE-2023/CVE-2023-41xx/CVE-2023-4139.json) (`2023-08-04T15:27:24.817`)
* [CVE-2023-4140](CVE-2023/CVE-2023-41xx/CVE-2023-4140.json) (`2023-08-04T15:27:24.817`)
* [CVE-2023-4141](CVE-2023/CVE-2023-41xx/CVE-2023-4141.json) (`2023-08-04T15:27:24.817`)
* [CVE-2023-4142](CVE-2023/CVE-2023-41xx/CVE-2023-4142.json) (`2023-08-04T15:27:24.817`)
* [CVE-2023-39379](CVE-2023/CVE-2023-393xx/CVE-2023-39379.json) (`2023-08-04T15:27:24.817`)
* [CVE-2023-34037](CVE-2023/CVE-2023-340xx/CVE-2023-34037.json) (`2023-08-04T15:27:24.817`)
* [CVE-2023-34038](CVE-2023/CVE-2023-340xx/CVE-2023-34038.json) (`2023-08-04T15:27:24.817`)
* [CVE-2023-33534](CVE-2023/CVE-2023-335xx/CVE-2023-33534.json) (`2023-08-04T15:42:55.730`)
* [CVE-2023-37647](CVE-2023/CVE-2023-376xx/CVE-2023-37647.json) (`2023-08-04T15:53:44.720`)
## Download and Usage