admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-09T11:28:13.172170+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-09 11:28:17 +00:00
parent 4562a9fc32
commit b60a304b3d
927 changed files with 72071 additions and 2558 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CVE-2005/CVE-2005-15xx/CVE-2005-1513.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2005-1513",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-05-11T04:00:00.000",
"lastModified": "2020-10-05T21:15:12.517",
"lastModified": "2023-06-08T17:15:09.390",
"vulnStatus": "Modified",
"descriptions": [
{
@ -86,6 +86,10 @@
"url": "http://packetstormsecurity.com/files/158203/Qmail-Local-Privilege-Escalation-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2020/Jun/27",
"source": "cve@mitre.org"
@ -94,6 +98,10 @@
"url": "http://seclists.org/fulldisclosure/2020/May/42",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jun/2",
"source": "cve@mitre.org"
},
{
"url": "http://securitytracker.com/id?1013911",
"source": "cve@mitre.org",
@ -124,6 +132,10 @@
"url": "http://www.openwall.com/lists/oss-security/2020/06/16/2",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/06/3",
"source": "cve@mitre.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html",
"source": "cve@mitre.org"

70
CVE-2010/CVE-2010-100xx/CVE-2010-10010.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2010-10010",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-01T05:15:09.503",
"lastModified": "2023-06-01T13:00:30.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-08T16:35:34.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,26 +93,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:psychostats:psychostats:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.2b",
"matchCriteriaId": "E48C920F-0B03-4DBC-AC23-7D0DA5EA2514"
}
]
}
]
}
],
"references": [
{
"url": "http://www.psychostats.com/forums/index.php?showtopic=20796&hl=",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/StarsAlliance/PsychoStats/commit/5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/StarsAlliance/PsychoStats/releases/tag/3.2.2b",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.230265",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.230265",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

42
CVE-2010/CVE-2010-46xx/CVE-2010-4605.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2010-4605",
"sourceIdentifier": "cve@mitre.org",
"published": "2010-12-29T18:00:03.820",
"lastModified": "2011-01-04T05:00:00.000",
"lastModified": "2023-06-06T19:14:10.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -134,8 +134,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
@ -186,8 +186,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
@ -223,8 +223,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
@ -265,8 +265,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
@ -297,8 +297,8 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
@ -308,20 +308,34 @@
"references": [
{
"url": "http://securitytracker.com/id?1024901",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"URL Repurposed",
"VDB Entry"
]
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66686",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
{
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2010/3251",
"source": "cve@mitre.org",
"tags": [
"URL Repurposed",
"Vendor Advisory"
]
}

60
CVE-2012/CVE-2012-100xx/CVE-2012-10015.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2012-10015",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T00:15:09.417",
"lastModified": "2023-05-31T13:02:26.480",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-06T20:57:21.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bestwebsoft:twitter:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.15",
"matchCriteriaId": "6A17D4CA-0788-46A9-B6CA-23710665EA55"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/twitter-plugin/commit/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.230154",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.230154",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2013/CVE-2013-100xx/CVE-2013-10029.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2013-10029",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-05T21:15:09.250",
"lastModified": "2023-06-05T21:15:09.250",
"vulnStatus": "Received",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

88
CVE-2013/CVE-2013-100xx/CVE-2013-10030.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2013-10030",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-05T22:15:09.260",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230672."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/wordpress-exit-box-lite/commit/fad26701addb862c51baf85c6e3cc136aa79c309",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.230672",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.230672",
"source": "cna@vuldb.com"
}
]
}

50
CVE-2013/CVE-2013-42xx/CVE-2013-4279.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2013-4279",
"sourceIdentifier": "secalert@redhat.com",
"published": "2014-04-18T22:14:35.447",
"lastModified": "2014-04-21T15:31:39.217",
"lastModified": "2023-06-07T13:59:55.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -62,64 +62,64 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:imapsync_project:imapsync:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.564",
"matchCriteriaId": "26E75D08-6932-4AC8-B134-7CB06E728F39"
"matchCriteriaId": "AA45BFF9-6304-432D-B494-43C25C65C7D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.53:*:*:*:*:*:*:*",
"matchCriteriaId": "343C4B16-E908-41E4-97AC-66AB7A8DBF04"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.53:*:*:*:*:*:*:*",
"matchCriteriaId": "B40979AF-EB6A-46EB-99E4-D701581ED1BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.500:*:*:*:*:*:*:*",
"matchCriteriaId": "952F3989-1470-4F84-93E0-A249934BF916"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.500:*:*:*:*:*:*:*",
"matchCriteriaId": "5474AB1C-7C65-4DBA-84FC-25225ED0D1F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.504:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F86126-2BFE-4E35-B5EF-D33F09D7E0D2"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.504:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF07F71-64E1-4C03-990B-125F65BE1755"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.508:*:*:*:*:*:*:*",
"matchCriteriaId": "371C1004-F850-461C-AFA3-D2BFC3FCADE5"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.508:*:*:*:*:*:*:*",
"matchCriteriaId": "8E69E9B3-6B60-42FC-BF19-5D03C18C2D87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.516:*:*:*:*:*:*:*",
"matchCriteriaId": "B069477A-B5E8-4AE4-A949-FF7C875AC765"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.516:*:*:*:*:*:*:*",
"matchCriteriaId": "89F4D622-A8B7-4694-8299-6CD2A7CC4BC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.518:*:*:*:*:*:*:*",
"matchCriteriaId": "8412FC3F-0B47-48B3-850E-B4C245CEB0B7"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.518:*:*:*:*:*:*:*",
"matchCriteriaId": "561963EC-FC73-4284-91CB-D314EE02B3E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.525:*:*:*:*:*:*:*",
"matchCriteriaId": "608A2C86-CEBB-4924-99A2-E4B93B0739A2"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.525:*:*:*:*:*:*:*",
"matchCriteriaId": "B0BECF9F-1286-4549-8C60-1956024E0662"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.542:*:*:*:*:*:*:*",
"matchCriteriaId": "D1FE91AF-38CB-45B1-AC21-1CF2168C5A4B"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.542:*:*:*:*:*:*:*",
"matchCriteriaId": "E29744AC-E2CC-4C1E-8C06-8FD13CD44605"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.547:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4EF32F-8F3C-4FED-8AC9-E86186E9B55E"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.547:*:*:*:*:*:*:*",
"matchCriteriaId": "F9847527-D696-4BEC-A4D7-38ED38AB2C24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.554:*:*:*:*:*:*:*",
"matchCriteriaId": "85A720FD-427F-4FCC-8B17-37856347131F"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.554:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCD5E84-F077-4690-A25E-A026531FE866"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.558:*:*:*:*:*:*:*",
"matchCriteriaId": "730B64BC-0569-4DE1-9DEE-2BDE7778AB0D"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.558:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDBB7C4-28E5-4C04-B55B-FC91E96CA0CE"
}
]
}

6
CVE-2014/CVE-2014-01xx/CVE-2014-0177.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2014-0177",
"sourceIdentifier": "secalert@redhat.com",
"published": "2014-05-27T14:55:10.540",
"lastModified": "2014-05-28T17:51:19.880",
"lastModified": "2023-06-06T14:02:25.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -62,9 +62,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hub_project:hub:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:github:hub:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.12.0",
"matchCriteriaId": "4679EF96-344F-404F-8572-DC52C5A21D0C"
"matchCriteriaId": "53E52D34-F842-4DB6-AE48-7480A645A58D"
}
]
}

63
CVE-2014/CVE-2014-1251xx/CVE-2014-125103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-125103",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T03:15:09.077",
"lastModified": "2023-05-31T13:02:26.480",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-06T15:57:09.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bestwebsoft:twitter:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.2",
"matchCriteriaId": "BD158A27-B547-4078-B960-B946D5BE0813"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/twitter-plugin/commit/e04d59ab578316ffeb204cf32dc71c0d0e1ff77c",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.230155",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.230155",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2014/CVE-2014-1251xx/CVE-2014-125104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-125104",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-01T13:15:10.087",
"lastModified": "2023-06-01T14:01:50.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-08T15:34:11.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,22 +93,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:automattic:vaultpress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6.1",
"matchCriteriaId": "6EC94A3B-50F7-4CE6-85CB-EC3D37F9E3C0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/vaultpress/commit/e3b92b14edca6291c5f998d54c90cbe98a1fb0e3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/wp-plugins/vaultpress/releases/tag/1.6.1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.230263",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.230263",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2014/CVE-2014-20xx/CVE-2014-2014.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2014-2014",
"sourceIdentifier": "cve@mitre.org",
"published": "2014-04-18T22:14:35.980",
"lastModified": "2014-04-21T16:19:29.213",
"lastModified": "2023-06-07T13:59:55.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -62,79 +62,79 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:imapsync_project:imapsync:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.580",
"matchCriteriaId": "50F74B23-B18A-4BAF-97B9-1BC963729B8E"
"matchCriteriaId": "56905459-0B35-43B8-8C47-FBA9139EA823"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.53:*:*:*:*:*:*:*",
"matchCriteriaId": "343C4B16-E908-41E4-97AC-66AB7A8DBF04"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.53:*:*:*:*:*:*:*",
"matchCriteriaId": "B40979AF-EB6A-46EB-99E4-D701581ED1BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.500:*:*:*:*:*:*:*",
"matchCriteriaId": "952F3989-1470-4F84-93E0-A249934BF916"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.500:*:*:*:*:*:*:*",
"matchCriteriaId": "5474AB1C-7C65-4DBA-84FC-25225ED0D1F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.504:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F86126-2BFE-4E35-B5EF-D33F09D7E0D2"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.504:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF07F71-64E1-4C03-990B-125F65BE1755"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.508:*:*:*:*:*:*:*",
"matchCriteriaId": "371C1004-F850-461C-AFA3-D2BFC3FCADE5"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.508:*:*:*:*:*:*:*",
"matchCriteriaId": "8E69E9B3-6B60-42FC-BF19-5D03C18C2D87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.516:*:*:*:*:*:*:*",
"matchCriteriaId": "B069477A-B5E8-4AE4-A949-FF7C875AC765"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.516:*:*:*:*:*:*:*",
"matchCriteriaId": "89F4D622-A8B7-4694-8299-6CD2A7CC4BC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.518:*:*:*:*:*:*:*",
"matchCriteriaId": "8412FC3F-0B47-48B3-850E-B4C245CEB0B7"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.518:*:*:*:*:*:*:*",
"matchCriteriaId": "561963EC-FC73-4284-91CB-D314EE02B3E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.525:*:*:*:*:*:*:*",
"matchCriteriaId": "608A2C86-CEBB-4924-99A2-E4B93B0739A2"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.525:*:*:*:*:*:*:*",
"matchCriteriaId": "B0BECF9F-1286-4549-8C60-1956024E0662"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.542:*:*:*:*:*:*:*",
"matchCriteriaId": "D1FE91AF-38CB-45B1-AC21-1CF2168C5A4B"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.542:*:*:*:*:*:*:*",
"matchCriteriaId": "E29744AC-E2CC-4C1E-8C06-8FD13CD44605"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.547:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4EF32F-8F3C-4FED-8AC9-E86186E9B55E"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.547:*:*:*:*:*:*:*",
"matchCriteriaId": "F9847527-D696-4BEC-A4D7-38ED38AB2C24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.554:*:*:*:*:*:*:*",
"matchCriteriaId": "85A720FD-427F-4FCC-8B17-37856347131F"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.554:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCD5E84-F077-4690-A25E-A026531FE866"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.558:*:*:*:*:*:*:*",
"matchCriteriaId": "730B64BC-0569-4DE1-9DEE-2BDE7778AB0D"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.558:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDBB7C4-28E5-4C04-B55B-FC91E96CA0CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.564:*:*:*:*:*:*:*",
"matchCriteriaId": "A73FF740-DBE1-47AF-B6C4-CE03C15BF4B3"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.564:*:*:*:*:*:*:*",
"matchCriteriaId": "A74F9B7A-6DAA-4ECA-8113-4629C7FDD987"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.567:*:*:*:*:*:*:*",
"matchCriteriaId": "50B35AD1-C85B-483A-BF15-C8AA6A106A54"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.567:*:*:*:*:*:*:*",
"matchCriteriaId": "A525B607-E517-4CAD-80F1-053B8F8AB659"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.569:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB40920-47B3-483C-ACEB-49AF629DABFC"
"criteria": "cpe:2.3:a:imapsync_project:imapsync:1.569:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE68C11-2954-4C9E-8439-CB72D051A12A"
}
]
}

63
CVE-2015/CVE-2015-101xx/CVE-2015-10107.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-10107",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T03:15:09.157",
"lastModified": "2023-05-31T13:02:26.480",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-06T16:01:33.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simplr_registration_form_plus\\+_project:simplr_registration_form_plus\\+:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.4",
"matchCriteriaId": "1D78C503-96F1-4EB4-9272-13ABE04A18C3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/simplr-registration-form/commit/d588446844dd49232ab400ef213ff5b92121c33e",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.230153",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.230153",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

66
CVE-2015/CVE-2015-101xx/CVE-2015-10108.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-10108",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T19:15:11.720",
"lastModified": "2023-06-01T01:17:03.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-06T20:08:47.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,22 +93,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inline_google_spreadsheet_viewer_project:inline_google_spreadsheet_viewer:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.9.6",
"matchCriteriaId": "9E1737CA-C283-46FF-9336-BE8A099C1B1F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/inline-google-spreadsheet-viewer/commit/2a8057df8ca30adc859cecbe5cad21ac28c5b747",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/wp-plugins/inline-google-spreadsheet-viewer/releases/tag/0.9.6.1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.230234",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.230234",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

78
CVE-2015/CVE-2015-101xx/CVE-2015-10109.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-10109",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-01T13:15:10.180",
"lastModified": "2023-06-01T14:01:50.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-08T18:13:52.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +83,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,24 +91,66 @@
"value": "CWE-352"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cincopa:video_and_media_plug-in:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.137",
"matchCriteriaId": "0A7FCCD3-DAD8-4594-8299-2B201D22BBCB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/commit/ee28e91f4d5404905204c43b7b84a8ffecad932e",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/releases/tag/1.137",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.230264",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.230264",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

4
CVE-2015/CVE-2015-101xx/CVE-2015-10115.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-10115",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-05T18:15:09.417",
"lastModified": "2023-06-05T18:15:09.417",
"vulnStatus": "Received",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

88
CVE-2015/CVE-2015-101xx/CVE-2015-10116.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2015-10116",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-06T01:15:40.430",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade the affected component. The identifier VDB-230661 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/favicon-by-realfavicongenerator/commit/949a1ae7216216350458844f50a72f100b56d4e7",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.230661",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.230661",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2015/CVE-2015-101xx/CVE-2015-10117.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2015-10117",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-06T02:15:08.830",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 5966a5e6343e3d5610bdfa126a5cfbae95e629b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230664."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/gravity-forms-dps-pxpay/commit/5966a5e6343e3d5610bdfa126a5cfbae95e629b6",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/wp-plugins/gravity-forms-dps-pxpay/releases/tag/1.4.3",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.230664",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.230664",
"source": "cna@vuldb.com"
}
]
}

179
CVE-2015/CVE-2015-85xx/CVE-2015-8543.json
View File

@ -2,9 +2,9 @@
"id": "CVE-2015-8543",
"sourceIdentifier": "cve@mitre.org",
"published": "2015-12-28T11:59:06.077",
"lastModified": "2018-01-05T02:30:20.977",
"vulnStatus": "Modified",
"evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>",
"lastModified": "2023-06-07T12:47:10.247",
"vulnStatus": "Analyzed",
"evaluatorComment": "CWE-476: NULL Pointer Dereference",
"descriptions": [
{
"lang": "en",
@ -16,13 +16,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -85,8 +85,64 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.3.2",
"matchCriteriaId": "17376827-DFED-4E71-8D4A-5E5C44073D57"
"versionEndExcluding": "3.2.75",
"matchCriteriaId": "447A331C-5777-435D-B7B6-89333DF274DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3",
"versionEndExcluding": "3.4.111",
"matchCriteriaId": "BCA33A60-D0CC-4CB7-80EC-23170FAC9A74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5",
"versionEndExcluding": "3.10.95",
"matchCriteriaId": "E7605378-BB0D-4C8C-A83F-115CE036DBBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11",
"versionEndExcluding": "3.12.52",
"matchCriteriaId": "D9F8AED6-5B8B-4402-8A3C-E5349F025298"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.13",
"versionEndExcluding": "3.14.59",
"matchCriteriaId": "B8AC651B-877B-40A1-B0FB-E13C039FBBCF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.15",
"versionEndExcluding": "3.16.35",
"matchCriteriaId": "7DC4BA70-B111-4D2E-BC78-6601CED68F08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17",
"versionEndExcluding": "3.18.26",
"matchCriteriaId": "152B915A-F9A5-4DB5-B0B3-DBF5F092773B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.19",
"versionEndExcluding": "4.1.16",
"matchCriteriaId": "F829E177-AAF1-4509-964D-48DA8AE2C8BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2",
"versionEndExcluding": "4.3.4",
"matchCriteriaId": "B6B89F94-302A-4313-8FE5-E3C43BD4271E"
}
]
}
@ -96,83 +152,150 @@
"references": [
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.debian.org/security/2015/dsa-3426",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.debian.org/security/2016/dsa-3434",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/12/09/5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/79698",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1034892",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2886-1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2888-1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2890-1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2890-2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2890-3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290475",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

155
CVE-2015/CVE-2015-86xx/CVE-2015-8660.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-8660",
"sourceIdentifier": "secalert@redhat.com",
"published": "2015-12-28T11:59:08.093",
"lastModified": "2023-02-13T00:55:13.190",
"vulnStatus": "Modified",
"lastModified": "2023-06-07T12:44:34.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
@ -85,8 +85,23 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.3.2",
"matchCriteriaId": "17376827-DFED-4E71-8D4A-5E5C44073D57"
"versionStartIncluding": "3.18",
"versionEndExcluding": "3.18.31",
"matchCriteriaId": "3C4188E9-F514-4ED6-BBF3-A05801ED9CD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.19",
"versionEndExcluding": "4.1.22",
"matchCriteriaId": "D2D231A6-F06A-481A-8F4C-D1A7E1EC3742"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2",
"versionEndExcluding": "4.4",
"matchCriteriaId": "8F38C207-7F29-43E1-BB0B-F202DD2CFCF7"
}
]
}
@ -96,95 +111,175 @@
"references": [
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://packetstormsecurity.com/files/135151/Ubuntu-14.04-LTS-15.10-overlayfs-Local-Root.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/5",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/79671",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1034548",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2857-1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2857-2",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2858-1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2858-2",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2858-3",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291329",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/acff81ec2c79492b180fade3c2894425cd35a545",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/39166/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.exploit-db.com/exploits/39230/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.exploit-db.com/exploits/40688/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

6
CVE-2015/CVE-2015-93xx/CVE-2015-9306.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2015-9306",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-08-12T15:15:11.323",
"lastModified": "2019-08-16T20:06:13.423",
"lastModified": "2023-06-06T18:43:33.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smackcoders:ultimate_csv_importer:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:smackcoders:import_all_pages\\,_post_types\\,_products\\,_orders\\,_and_users_as_xml_\\&_csv:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.8.1",
"matchCriteriaId": "89421471-21DA-4F9B-83B8-05ECCFB7962A"
"matchCriteriaId": "AECA9902-EED7-4BB7-AB78-F75B8C84D842"
}
]
}

98
CVE-2016/CVE-2016-100xx/CVE-2016-10088.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-10088",
"sourceIdentifier": "security@debian.org",
"published": "2016-12-30T18:59:00.130",
"lastModified": "2018-01-05T02:30:31.400",
"vulnStatus": "Modified",
"lastModified": "2023-06-07T12:44:09.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -85,8 +85,57 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.9",
"matchCriteriaId": "C078FF02-3FD1-41D4-AB11-F63F20B93EB0"
"versionEndExcluding": "3.10.107",
"matchCriteriaId": "C7CC435A-771D-4B94-92E2-D1E1F6658911"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11",
"versionEndExcluding": "3.12.70",
"matchCriteriaId": "62D40056-DC08-4609-8FAB-B6D924994367"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.13",
"versionEndExcluding": "3.16.40",
"matchCriteriaId": "1331ABAB-8C2B-4379-BA77-B655A5B9A83F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17",
"versionEndExcluding": "3.18.47",
"matchCriteriaId": "B1A82714-1C53-498D-94AA-DE9F6B577522"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.19",
"versionEndExcluding": "4.1.38",
"matchCriteriaId": "755C626E-7669-4E6E-BC91-2656E4740E66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2",
"versionEndExcluding": "4.4.41",
"matchCriteriaId": "416DE4AD-4E79-4CC6-9B9D-15BA301E0811"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.8.17",
"matchCriteriaId": "852FD2CB-474A-4B94-8B29-1307B3402946"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9",
"versionEndExcluding": "4.9.2",
"matchCriteriaId": "F0671122-FCD7-4CEF-B818-5680B6E594DA"
}
]
}
@ -104,34 +153,55 @@
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/1",
"source": "security@debian.org",
"tags": [
"Mailing List"
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/95169",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1037538",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1842",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2077",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2669",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/128394eff343fc6d2f32172f03e24829539c5835",

95
CVE-2016/CVE-2016-102xx/CVE-2016-10200.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-10200",
"sourceIdentifier": "security@android.com",
"published": "2017-03-07T21:59:00.153",
"lastModified": "2018-01-05T02:30:32.243",
"vulnStatus": "Modified",
"lastModified": "2023-06-07T12:44:53.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -93,8 +93,51 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.8.13",
"matchCriteriaId": "AFA59F0A-3755-48B8-997D-77B0F7A45B94"
"versionStartIncluding": "3.0.34",
"versionEndExcluding": "3.2",
"matchCriteriaId": "14FD3DA1-7FAC-4B6B-A0BB-54475E9C1380"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.20",
"versionEndExcluding": "3.2.88",
"matchCriteriaId": "3B82F618-7B1B-49EA-B1C0-8D4317DD2F72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.2",
"versionEndExcluding": "3.12.69",
"matchCriteriaId": "736649AC-0E90-4495-B20F-FAB4D4051E48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.13",
"versionEndExcluding": "3.16.40",
"matchCriteriaId": "1331ABAB-8C2B-4379-BA77-B655A5B9A83F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17",
"versionEndExcluding": "3.18.52",
"matchCriteriaId": "8104AAC1-9700-4372-8E11-37B09309A76F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.19",
"versionEndExcluding": "4.4.38",
"matchCriteriaId": "5931D73A-2E25-417B-84CC-D257F64C28C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.8.14",
"matchCriteriaId": "2454EAB6-FC42-4FA4-BE76-CBAA81D4ADC4"
}
]
}
@ -144,31 +187,55 @@
},
{
"url": "http://www.securityfocus.com/bid/101783",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1037965",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1037968",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1842",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2077",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2437",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2444",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/32c231164b762dddefa13af5a0101032c70b50ef",

63
CVE-2016/CVE-2016-150xx/CVE-2016-15033.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2016-15033",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:09.717",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "http://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-delete-all-comments-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/delete-all-comments/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1e98d2d-20b1-4fff-96d4-0fb8e0d2615a?source=cve",
"source": "security@wordfence.com"
}
]
}

38
CVE-2016/CVE-2016-45xx/CVE-2016-4558.json
View File

@ -2,9 +2,9 @@
"id": "CVE-2016-4558",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-05-23T10:59:04.783",
"lastModified": "2016-08-02T18:43:03.703",
"lastModified": "2023-06-07T12:45:02.130",
"vulnStatus": "Analyzed",
"evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>",
"evaluatorComment": "CWE-416: Use After Free",
"descriptions": [
{
"lang": "en",
@ -16,13 +16,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -86,8 +86,16 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.5.4",
"matchCriteriaId": "1C36E5B8-129B-488B-B732-83E71CF311DD"
"versionStartIncluding": "4.4",
"versionEndExcluding": "4.4.11",
"matchCriteriaId": "854B0415-69B4-4DA9-9E3F-8C832E6D702E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.5.5",
"matchCriteriaId": "4EC30B3A-B105-4482-A6B1-A5D1C79EFBA2"
}
]
}
@ -117,15 +125,25 @@
"references": [
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92117d8443bc5afacc8d5ba82e541946310f106e",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-3005-1",

49
CVE-2016/CVE-2016-67xx/CVE-2016-6786.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-6786",
"sourceIdentifier": "security@android.com",
"published": "2016-12-28T07:59:00.213",
"lastModified": "2017-11-04T01:29:22.240",
"vulnStatus": "Modified",
"lastModified": "2023-06-07T12:46:00.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -85,8 +85,29 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.19.8",
"matchCriteriaId": "13BE712D-C8FA-4B87-9A81-D23E0DD30FD3"
"versionEndExcluding": "3.2.85",
"matchCriteriaId": "9A5A178A-A60C-4053-AEE0-5164430206AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3",
"versionEndExcluding": "3.16.40",
"matchCriteriaId": "6C5B0F97-B38C-412B-93E9-148AC6F6B58E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17",
"versionEndExcluding": "3.18.54",
"matchCriteriaId": "56806170-9BCD-4160-A14A-558EFAB98EC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.19",
"versionEndExcluding": "4.0",
"matchCriteriaId": "8A7FC79A-26B7-4E34-BB99-D25E74514239"
}
]
}
@ -111,17 +132,25 @@
},
{
"url": "http://www.debian.org/security/2017/dsa-3791",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/94679",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403842",
"source": "security@android.com",
"tags": [
"Issue Tracking"
"Issue Tracking",
"Third Party Advisory"
]
},
{

49
CVE-2016/CVE-2016-67xx/CVE-2016-6787.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-6787",
"sourceIdentifier": "security@android.com",
"published": "2016-12-28T07:59:00.260",
"lastModified": "2017-11-04T01:29:22.287",
"vulnStatus": "Modified",
"lastModified": "2023-06-07T12:46:14.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -85,8 +85,29 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.19.8",
"matchCriteriaId": "13BE712D-C8FA-4B87-9A81-D23E0DD30FD3"
"versionEndExcluding": "3.2.85",
"matchCriteriaId": "9A5A178A-A60C-4053-AEE0-5164430206AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3",
"versionEndExcluding": "3.16.40",
"matchCriteriaId": "6C5B0F97-B38C-412B-93E9-148AC6F6B58E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17",
"versionEndExcluding": "3.18.54",
"matchCriteriaId": "56806170-9BCD-4160-A14A-558EFAB98EC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.19",
"versionEndExcluding": "4.0",
"matchCriteriaId": "8A7FC79A-26B7-4E34-BB99-D25E74514239"
}
]
}
@ -111,17 +132,25 @@
},
{
"url": "http://www.debian.org/security/2017/dsa-3791",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/94679",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403842",
"source": "security@android.com",
"tags": [
"Issue Tracking"
"Issue Tracking",
"Third Party Advisory"
]
},
{

101
CVE-2017/CVE-2017-10001xx/CVE-2017-1000112.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-1000112",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-10-05T01:29:04.477",
"lastModified": "2018-08-06T01:29:00.380",
"vulnStatus": "Modified",
"lastModified": "2023-06-07T12:46:19.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -85,8 +85,44 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.13.9",
"matchCriteriaId": "3259E528-10D8-4E5E-99CE-AE8E7A8AC898"
"versionStartIncluding": "2.6.15",
"versionEndExcluding": "3.10.108",
"matchCriteriaId": "C3FE348E-5745-49CF-B0F6-52AA3E4F3A42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11",
"versionEndExcluding": "3.16.47",
"matchCriteriaId": "1B863019-9BE4-4D3F-907A-B5BFDEEE975E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17",
"versionEndExcluding": "3.18.65",
"matchCriteriaId": "15A3222E-681C-4561-B7DF-C1D36FE3773C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.19",
"versionEndExcluding": "4.4.82",
"matchCriteriaId": "BCC5E165-3BA3-42E8-A9B4-BAC5C9C90365"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.9.43",
"matchCriteriaId": "FE7B437E-2829-4956-BBB4-79F150CABB0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.12.7",
"matchCriteriaId": "9186C944-947B-4F51-8956-925591EFF822"
}
]
}
@ -105,7 +141,10 @@
},
{
"url": "http://www.debian.org/security/2017/dsa-3981",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/100262",
@ -125,39 +164,67 @@
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2918",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2930",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2931",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:3200",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:1931",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:1932",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:4159",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-1000112",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/45147/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

6
CVE-2017/CVE-2017-174xx/CVE-2017-17442.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2017-17442",
"sourceIdentifier": "secure@blackberry.com",
"published": "2018-03-13T18:29:00.227",
"lastModified": "2018-04-11T15:58:11.083",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-07T19:15:09.113",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link."
"value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.\n\n"
},
{
"lang": "es",

5
CVE-2017/CVE-2017-174xx/CVE-2017-17485.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-17485",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-01-10T18:29:01.167",
"lastModified": "2021-01-19T15:51:00.490",
"lastModified": "2023-06-08T18:00:10.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -86,9 +86,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndExcluding": "2.6.7.3",
"matchCriteriaId": "694CA8C9-6F69-4334-AE76-6C3C9F4D6DD6"
"matchCriteriaId": "1DF0B092-75D2-4A01-9CDC-B3AB2F4CF2C3"
},
{
"vulnerable": true,

92
CVE-2017/CVE-2017-201xx/CVE-2017-20185.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2017-20185",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-06T02:15:09.473",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWMP. It has been rated as problematic. This issue affects some unknown processing of the file swmp.php of the component GET Parameter Handler. The manipulation of the argument theme leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 792bcab637cb8c3bd251d8fc8771512c5329a93e. It is recommended to apply a patch to fix this issue. The identifier VDB-230669 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/fuzzymannerz/swmp/commit/792bcab637cb8c3bd251d8fc8771512c5329a93e",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/fuzzymannerz/swmp/pull/12",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.230669",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.230669",
"source": "cna@vuldb.com"
}
]
}

5
CVE-2017/CVE-2017-75xx/CVE-2017-7525.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-7525",
"sourceIdentifier": "secalert@redhat.com",
"published": "2018-02-06T15:29:00.297",
"lastModified": "2022-04-12T16:17:48.247",
"lastModified": "2023-06-08T17:57:47.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -96,9 +96,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndExcluding": "2.6.7.1",
"matchCriteriaId": "B6E8B388-3493-43DC-953A-E5AF0514E6C2"
"matchCriteriaId": "2BD0008C-1562-400E-9E79-973384BAE68C"
},
{
"vulnerable": true,

7
CVE-2018/CVE-2018-113xx/CVE-2018-11307.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-11307",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-07-09T16:15:12.807",
"lastModified": "2021-02-22T21:47:23.463",
"lastModified": "2023-06-08T17:56:38.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -86,9 +86,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.0",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.6.7.3",
"matchCriteriaId": "694CA8C9-6F69-4334-AE76-6C3C9F4D6DD6"
"matchCriteriaId": "7036DA13-110D-40B3-8494-E361BBF4AFCD"
},
{
"vulnerable": true,
@ -360,6 +360,7 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}

6
CVE-2018/CVE-2018-209xx/CVE-2018-20967.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-20967",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-08-14T16:15:12.440",
"lastModified": "2019-08-19T19:06:00.490",
"lastModified": "2023-06-06T18:43:33.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smackcoders:wp_ultimate_csv_importer:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:smackcoders:import_all_pages\\,_post_types\\,_products\\,_orders\\,_and_users_as_xml_\\&_csv:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.6.1",
"matchCriteriaId": "DE5BAA04-BB50-442E-B283-7687902C60E0"
"matchCriteriaId": "339A1411-8FA5-44CA-A22D-7D406CE33958"
}
]
}

6
CVE-2018/CVE-2018-250xx/CVE-2018-25046.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2018-25046",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.140",
"lastModified": "2023-01-06T16:31:54.073",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-08T21:15:15.203",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
"value": "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
}
],
"metrics": {

65
CVE-2018/CVE-2018-250xx/CVE-2018-25086.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-25086",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-01T07:15:08.860",
"lastModified": "2023-06-01T13:00:30.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-08T20:01:17.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,22 +93,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fanpress_cm_project:fanpress_cm:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndIncluding": "3.6.3",
"matchCriteriaId": "4B8BBB43-6747-480E-91C2-B47173EE96F4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sea75300/fanpresscm3/commit/c380d343c2107fcee55ab00eb8d189ce5e03369b",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/sea75300/fanpresscm3/releases/tag/v3.6.4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.230235",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.230235",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

92
CVE-2018/CVE-2018-250xx/CVE-2018-25087.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2018-25087",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-06T03:15:08.947",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Arborator Server. This vulnerability affects the function start of the file project.cgi. The manipulation of the argument project leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as cdbdbcbd491db65e9d697ab4365605fdfab1a604. It is recommended to apply a patch to fix this issue. VDB-230662 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Esta vulnerabilidad afecta a la funci\u00f3n de inicio del archivo project.cgi de Arborator Server. La manipulaci\u00f3n de los argumentos del archivo project provoca una denegaci\u00f3n de servicio. Este producto utiliza un ciclo de actualizaciones continua, por lo tanto no hay detalles de la versi\u00f3n afectada ni actualizadas. El parche es identificado como cdbdbcbd491db65e9d697ab4365605fdfab1a604. Es recomendable aplicar un parche para solucionar este problema. El identificador asignado a esta vulnerabilidad es VDB-230662."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7
},
"baseSeverity": "LOW",
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://github.com/Arborator/arborator-server/commit/cdbdbcbd491db65e9d697ab4365605fdfab1a604",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.230662",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.230662",
"source": "cna@vuldb.com"
}
]
}

6
CVE-2019/CVE-2019-169xx/CVE-2019-16942.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-16942",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-01T17:15:10.323",
"lastModified": "2022-10-29T02:32:52.257",
"lastModified": "2023-06-08T18:00:31.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -86,9 +86,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.0",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.6.7.3",
"matchCriteriaId": "694CA8C9-6F69-4334-AE76-6C3C9F4D6DD6"
"matchCriteriaId": "7036DA13-110D-40B3-8494-E361BBF4AFCD"
},
{
"vulnerable": true,

6
CVE-2019/CVE-2019-250xx/CVE-2019-25073.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2019-25073",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.397",
"lastModified": "2023-01-06T16:55:35.867",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-08T21:15:15.307",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Improper path santiziation in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory."
"value": "Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory."
}
],
"metrics": {

63
CVE-2019/CVE-2019-251xx/CVE-2019-25138.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2019-25138",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:09.963",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-user-submitted-posts-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/user-submitted-posts/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a97877b-fb4d-4e87-bcff-56be65fee6ce?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2019/CVE-2019-251xx/CVE-2019-25139.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2019-25139",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.033",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/unauthenticated-stored-xss-in-wordpress-coming-soon-page-and-maintenance-mode-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2121321",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2123149",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61fdc6e9-75ea-4226-9527-a5fd02efde70?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2019/CVE-2019-251xx/CVE-2019-25140.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2019-25140",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.107",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline and rcsp_description parameters in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/unauthenticated-stored-xss-in-wordpress-coming-soon-page-and-maintenance-mode-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2121321/responsive-coming-soon",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2123149/responsive-coming-soon",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/738c6c77-97ef-4e47-9f14-9b73ea425bc2?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2019/CVE-2019-251xx/CVE-2019-25141.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2019-25141",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.180",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Feasy-wp-smtp&old=2052057&new_path=%2Feasy-wp-smtp&new=2052058&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/support/topic/vulnerability-26/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84b75f7d-7258-46f6-aee6-b96d70bee264?source=cve",
"source": "security@wordfence.com"
}
]
}

79
CVE-2019/CVE-2019-251xx/CVE-2019-25142.json Normal file
View File

@ -0,0 +1,79 @@
{
"id": "CVE-2019-25142",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.250",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-mesmerize-and-materialis-themes-fixed-an-authenticated-options-change-vulnerability/",
"source": "security@wordfence.com"
},
{
"url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=121290%40materialis&new=121290%40materialis&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=121291%40mesmerize&new=121291%40mesmerize&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/themes/materialis/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/themes/mesmerize/",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/e4d70f03-69d5-4cca-8300-985f68d19ddc",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c9c3302-47cd-4dbe-b79e-5e6032928074?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2019/CVE-2019-251xx/CVE-2019-25143.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2019-25143",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.320",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-gdpr-cookie-compliance-plugin-fixed-authenticated-settings-deletion-vulnerability/",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/5ac51325-a7f5-4d38-9b41-61855206083d",
"source": "security@wordfence.com"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-gdpr-cookie-compliance-security-bypass-4-0-2/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9116d719-f536-4b8a-9e73-9a8a922f8a35?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2019/CVE-2019-251xx/CVE-2019-25144.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2019-25144",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.380",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/946ba166-3309-4e47-8b6b-d3f017bbfcc8?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2019/CVE-2019-251xx/CVE-2019-25145.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2019-25145",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.447",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the \u2018public/class-pirateforms-public.php\u2019 file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary HTML in emails that could be used to phish unsuspecting victims."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/html-injection-vulnerability-in-wordpress-pirate-forms-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e34c3f6-cc84-4e45-9948-6f7fd5cba8cd?source=cve",
"source": "security@wordfence.com"
}
]
}

71
CVE-2019/CVE-2019-251xx/CVE-2019-25146.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2019-25146",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.513",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings() function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute whenever a victim accesses the page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/vulnerability-in-the-wordpress-delucks-seo-plugin-actively-exploited/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2161211",
"source": "security@wordfence.com"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-delucks-seo-cross-site-scripting-2-1-7/",
"source": "security@wordfence.com"
},
{
"url": "https://www.pluginvulnerabilities.com/2019/09/21/hackers-may-already-be-targeting-this-persistent-xss-vulnerability-in-delucks-seo/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aaa2f738-4764-467c-9544-889ca8ba73d1?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2019/CVE-2019-251xx/CVE-2019-25147.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2019-25147",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.577",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the track_link function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/stored-xss-and-csv-injection-vulnerabilities-in-wordpress-shortlinks-by-pretty-links-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2108490%40pretty-link%2Ftrunk&old=2078274%40pretty-link%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae058c5b-b90b-4a1e-9f56-d56dbd2d3607?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2019/CVE-2019-251xx/CVE-2019-25148.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2019-25148",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.633",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.svn.wordpress.org/wp-html-mail/trunk/readme.txt",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3af900c-4048-4f4f-93e9-c60ca34d015b?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2019/CVE-2019-251xx/CVE-2019-25149.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2019-25149",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.700",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2019/CVE-2019-251xx/CVE-2019-25150.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2019-25150",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.773",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/email-templates/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5c449f1-4715-4033-b0a3-6a8ca968aabc?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2019/CVE-2019-251xx/CVE-2019-25151.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2019-25151",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.843",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/privilege-escalation-vulnerability-fixed-in-wordpress-cartflows-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/b6725319-909f-4d5c-9b34-8b6ea627b223%5D",
"source": "security@wordfence.com"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-funnel-builder-by-cartflows-create-high-converting-sales-funnels-for-wordpress-privilege-escalation-1-3-0/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0b95670-0767-4325-88d0-4ae6d7302558?source=cve",
"source": "security@wordfence.com"
}
]
}

56
CVE-2020/CVE-2020-107xx/CVE-2020-10732.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-10732",
"sourceIdentifier": "secalert@redhat.com",
"published": "2020-06-12T14:15:11.277",
"lastModified": "2023-02-12T23:38:59.777",
"vulnStatus": "Modified",
"lastModified": "2023-06-06T13:46:20.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -115,8 +115,51 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.16.85",
"matchCriteriaId": "4F9567FB-F394-443B-9A95-1DA060A9CCA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4",
"versionEndExcluding": "4.4.226",
"matchCriteriaId": "73253D32-56D4-437F-A88C-25D7A631AA5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9",
"versionEndExcluding": "4.9.226",
"matchCriteriaId": "C08B096E-3683-410F-8B4F-B4A9C9A1A57E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14",
"versionEndExcluding": "4.14.183",
"matchCriteriaId": "05BF7F52-27D8-4903-8006-5890E8F01ECE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19",
"versionEndExcluding": "4.19.126",
"matchCriteriaId": "8A296354-CF5F-4631-8F36-7C4C8F3452C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndExcluding": "5.4.44",
"matchCriteriaId": "381D2366-9899-4AFC-A83A-A2883EE78FA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6",
"versionEndExcluding": "5.6.16",
"matchCriteriaId": "FA20E67F-6725-42A2-92B6-498AFAC5CD22"
}
]
}
@ -583,7 +626,10 @@
},
{
"url": "https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg%40mail.gmail.com/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20210129-0005/",

10
CVE-2020/CVE-2020-160xx/CVE-2020-16009.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-16009",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2020-11-03T03:15:15.527",
"lastModified": "2021-07-21T11:39:23.747",
"lastModified": "2023-06-06T13:59:53.593",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2022-05-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Chromium V8 Implementation Vulnerability",
"cisaVulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
"descriptions": [
{
"lang": "en",
@ -90,6 +90,12 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cefsharp:cefsharp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "86.0.241",
"matchCriteriaId": "43539102-63D7-4F9D-A7D7-CA4AFC1853A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",

4
CVE-2020/CVE-2020-190xx/CVE-2020-19028.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-19028",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T21:15:10.307",
"lastModified": "2023-06-05T21:15:10.307",
"vulnStatus": "Received",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2020/CVE-2020-365xx/CVE-2020-36559.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-36559",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.500",
"lastModified": "2023-01-06T16:58:38.340",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-08T21:15:15.410",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read."
"value": "Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read."
}
],
"metrics": {

6
CVE-2020/CVE-2020-365xx/CVE-2020-36560.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-36560",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.573",
"lastModified": "2023-01-06T01:26:52.687",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-08T21:15:15.467",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
"value": "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
}
],
"metrics": {

6
CVE-2020/CVE-2020-365xx/CVE-2020-36561.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-36561",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.623",
"lastModified": "2023-01-06T01:27:02.303",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-08T21:15:15.530",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
"value": "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
}
],
"metrics": {

6
CVE-2020/CVE-2020-365xx/CVE-2020-36566.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-36566",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.723",
"lastModified": "2023-01-06T01:27:35.930",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-08T21:15:15.587",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
"value": "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
}
],
"metrics": {

14
CVE-2020/CVE-2020-366xx/CVE-2020-36694.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36694",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-21T23:15:08.960",
"lastModified": "2023-05-26T03:35:48.850",
"lastModified": "2023-06-06T18:41:54.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]

67
CVE-2020/CVE-2020-366xx/CVE-2020-36696.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2020-36696",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.930",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2349889%40product-input-fields-for-woocommerce&new=2349889%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/15f345e6-fc53-4bac-bc5a-de898181ea74",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01e41573-9329-48e1-9191-e8e1532f7afc?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2020/CVE-2020-366xx/CVE-2020-36697.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2020-36697",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.997",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin\u2019s settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/unauthenticated-stored-xss-and-content-spoofing-vulnerabilities-in-wordpress-wp-gdpr-plugin-unpatched/",
"source": "security@wordfence.com"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wp-gdpr-multiple-vulnerabilities-2-1-1/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/032e775a-97be-4d93-bac3-094e35be4b11?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2020/CVE-2020-366xx/CVE-2020-36699.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2020-36699",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.060",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9. This makes it possible for low-privileged attackers to interact with the plugin settings and to create a redirect link that would forward all traffic to an external malicious website."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-wordpress-quick-page-post-redirect-plugin-unpatched/",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/10198",
"source": "security@wordfence.com"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-quick-page-post-redirect-security-bypass-5-1-9/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11c4b855-8589-4ad2-b414-566ac8eb4632?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2020/CVE-2020-367xx/CVE-2020-36700.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2020-36700",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.127",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2320014%40kingcomposer&new=2320014%40kingcomposer&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/kingcomposer/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1bdba04e-df4d-4094-877e-611d69e2e25d?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2020/CVE-2020-367xx/CVE-2020-36701.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2020-36701",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.193",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level permissions and above to upload arbitrary files onto the server which can be used to execute code on the server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2320014%40kingcomposer&new=2320014%40kingcomposer&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/kingcomposer/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45a62dd0-386c-41b3-b8dd-ced443da9f92?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2020/CVE-2020-367xx/CVE-2020-36702.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2020-36702",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.257",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the plugin's settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-ultimate-addons-for-gutenberg-plugin-fixed-vulnerability/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4419a302-4305-44f8-a256-dd276b5cd751?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2020/CVE-2020-367xx/CVE-2020-36703.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2020-36703",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.327",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-svg-xss-protection-bypass-vulnerability/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42db52ae-f881-4082-b475-8577a28641c6?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2020/CVE-2020-367xx/CVE-2020-36704.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2020-36704",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.380",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/authenticated-stored-xss-vulnerability-in-wordpress-fruitful-theme/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49cf047f-4e8c-4f37-b8c0-d931c02fda7c?source=cve",
"source": "security@wordfence.com"
}
]
}

71
CVE-2020/CVE-2020-367xx/CVE-2020-36705.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2020-36705",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T13:15:09.167",
"lastModified": "2023-06-07T14:35:57.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/",
"source": "security@wordfence.com"
},
{
"url": "https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830c",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2020/CVE-2020-367xx/CVE-2020-36707.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2020-36707",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.440",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to confusing logic functions missing or having incorrect nonce validation. This makes it possible for unauthenticated attackers to gain and perform otherwise unauthorized access and actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://jetpack.com/features/security/library/nifty-coming-soon-and-under-construction-page-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/aa47a464-af97-43bc-b6cb-75a08ce3ece7",
"source": "security@wordfence.com"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-coming-soon-maintenance-mode-page-cross-site-request-forgery-1-57/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59278214-b0ce-44bf-8d8f-265c5c50006a?source=cve",
"source": "security@wordfence.com"
}
]
}

71
CVE-2020/CVE-2020-367xx/CVE-2020-36708.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2020-36708",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.503",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-in-wordpress-sparkling-theme/",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/bec52a5b-c892-4763-a962-05da7100eca5",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2020/CVE-2020-367xx/CVE-2020-36709.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2020-36709",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.570",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities/",
"source": "security@wordfence.com"
},
{
"url": "https://wpsocket.com/plugin/kingcomposer/changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6447de64-b484-4f64-ad78-7df81b5a0ed7?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2020/CVE-2020-367xx/CVE-2020-36710.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2020-36710",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.637",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2020/CVE-2020-367xx/CVE-2020-36711.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2020-36711",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.707",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/avada-wordpress-theme-fixed-multiple-vulnerabilities/",
"source": "security@wordfence.com"
},
{
"url": "https://theme-fusion.com/security-fix-added-in-6-2-3/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/684a1e8e-30f2-47dd-9df6-145198030c52?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2020/CVE-2020-367xx/CVE-2020-36712.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2020-36712",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.770",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/92644676-add4-415c-9a1a-c6616108688d?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2020/CVE-2020-367xx/CVE-2020-36713.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2020-36713",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.837",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-mstore-api-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-mstore-api-security-bypass-2-1-5/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/934c3ce9-cf2d-4bf6-9a34-f448cb2e5a1d?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2020/CVE-2020-367xx/CVE-2020-36715.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2020-36715",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.920",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/zero-day-vulnerability-fixed-in-wordpress-login-signup-popup-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2304979/easy-login-woocommerce",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/96d264fe-e7e1-4eec-b235-9d288bc5a22f?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2020/CVE-2020-367xx/CVE-2020-36716.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2020-36716",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.987",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard (if it has not been run previously) and access plugin configuration options."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-wp-security-audit-log-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2252006",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d0a8be3-6630-4cf7-b6cb-cdc86b99acb3?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2020/CVE-2020-367xx/CVE-2020-36717.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2020-36717",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.043",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5bcf456-f991-4775-8c3e-a3c0212a5765?source=cve",
"source": "security@wordfence.com"
}
]
}

75
CVE-2020/CVE-2020-367xx/CVE-2020-36718.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2020-36718",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.107",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input \"njt_gdpr_allow_permissions\" value. This allows unauthenticated attackers to inject a PHP Object."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2408938",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/ninja-gdpr-compliance/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2020/CVE-2020-367xx/CVE-2020-36719.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2020-36719",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.173",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/",
"source": "security@wordfence.com"
},
{
"url": "https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a08fa649-3092-4c26-a009-2dd576b9b1ac?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2020/CVE-2020-367xx/CVE-2020-36720.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2020-36720",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.233",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin's settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/kali-forms/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ed8e24d-6bd0-4638-9031-997ce2228fad?source=cve",
"source": "security@wordfence.com"
}
]
}

71
CVE-2020/CVE-2020-367xx/CVE-2020-36721.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2020-36721",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.297",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/themes/activello/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/themes/brilliance/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/themes/newspaper-x/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9e4e989-8e55-4ea7-8f42-9f67cfab1168?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2020/CVE-2020-367xx/CVE-2020-36722.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2020-36722",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.357",
"lastModified": "2023-06-07T02:44:59.217",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/multiple-xss-vulnerabilities-fixed-in-wordpress-visual-composer-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/10229",
"source": "security@wordfence.com"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-visual-composer-website-builder-multiple-cross-site-scripting-vulnerabilities-26-0/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c476d9af-9060-4294-874a-86e550253d3b?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2020/CVE-2020-367xx/CVE-2020-36723.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2020-36723",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.420",
"lastModified": "2023-06-07T02:44:59.217",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/",
"source": "security@wordfence.com"
},
{
"url": "https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2020/CVE-2020-367xx/CVE-2020-36724.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2020-36724",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.487",
"lastModified": "2023-06-07T02:44:59.217",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2234193/wordable/trunk/wordable.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be1ab218-37bd-407a-8cb9-66f761849c21?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2020/CVE-2020-367xx/CVE-2020-36725.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2020-36725",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.553",
"lastModified": "2023-06-07T02:44:59.217",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/critical-zero-day-vulnerability-fixed-in-wordpress-ti-woocommerce-wishlist-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://templateinvaders.com/changelogs/ti-woocommerce-wishlist-plugin-changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/2e2fb815-7cca-4e6c-b466-179337fe99ee",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d60b5741-5496-4e87-bcb0-adaa0db07d90?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2020/CVE-2020-367xx/CVE-2020-36726.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2020-36726",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.617",
"lastModified": "2023-06-07T02:44:59.217",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-ultimate-reviews-plugin-fixed-insecure-deserialization-vulnerability/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2409141",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db30acd7-ce51-45d9-8ff0-6ceea8237a8c?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2020/CVE-2020-367xx/CVE-2020-36727.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2020-36727",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.673",
"lastModified": "2023-06-07T02:44:59.217",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for unauthenticated attackers to inject a serialized PHP object."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/insecure-deserialization-vulnerability-in-wordpress-newsletter-manager-plugin-unpatched/",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/b82124b1-e5e1-4f1e-9513-90474fd3f066",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfd8c4d-d48b-468d-a7d5-1ec05b068f79?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2020/CVE-2020-367xx/CVE-2020-36728.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2020-36728",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T13:15:09.330",
"lastModified": "2023-06-07T14:35:57.670",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/",
"source": "security@wordfence.com"
},
{
"url": "https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2020/CVE-2020-367xx/CVE-2020-36729.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2020-36729",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.733",
"lastModified": "2023-06-07T02:44:59.217",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX action in versions up to, and including, 1.3.31. This makes it possible for authenticated attackers (Subscriber, or above level access) to allow attackers to perform otherwise restricted actions and subsequently deactivate any plugins on the blog."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-2j-slideshow-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2226528%402j-slideshow&new=2226528%402j-slideshow&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-images-slideshow-by-2j-image-slider-security-bypass-1-3-31/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f06d1b9e-e27d-4c43-a69b-7641518e4615?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2020/CVE-2020-367xx/CVE-2020-36730.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2020-36730",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.800",
"lastModified": "2023-06-07T02:44:59.217",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-cmp-coming-soon-and-maintenance-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/10341",
"source": "security@wordfence.com"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-cmp-coming-soon-maintenance-by-niteothemes-security-bypass-3-8-1/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1ef067b-e4b4-4174-b6ff-ec94a7afd55d?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2020/CVE-2020-367xx/CVE-2020-36731.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2020-36731",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.863",
"lastModified": "2023-06-07T02:44:59.217",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction() function which is called via an admin_init hook, along with missing sanitization and escaping on the settings that are stored."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/zero-day-vulnerability-fixed-in-wordpress-flexible-checkout-fields-for-woocommerce-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd12a952-2e99-41f7-b74c-55c2b7d8deed?source=cve",
"source": "security@wordfence.com"
}
]
}

6
CVE-2020/CVE-2020-88xx/CVE-2020-8840.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-8840",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-02-10T21:56:10.653",
"lastModified": "2021-02-22T21:45:18.413",
"lastModified": "2023-06-08T17:54:21.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -86,9 +86,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.7.0",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.7.9.7",
"matchCriteriaId": "29BC94E0-FEBC-4E86-825C-0101DC339852"
"matchCriteriaId": "2F87CF67-6994-43F1-BEC3-DD7D122D0146"
},
{
"vulnerable": true,

282
CVE-2020/CVE-2020-89xx/CVE-2020-8908.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-8908",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2020-12-10T23:15:13.973",
"lastModified": "2022-05-10T15:21:59.830",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-06T10:15:09.257",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured."
"value": "A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.\n\n"
},
{
"lang": "es",
@ -298,280 +298,140 @@
]
},
{
"url": "https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21@%3Ccommon-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21%40%3Ccommon-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14@%3Cdev.drill.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14%40%3Cdev.drill.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54@%3Cdev.drill.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54%40%3Cdev.drill.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e%40%3Ccommits.ws.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6@%3Cyarn-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6%40%3Cyarn-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4@%3Cdev.drill.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4%40%3Cdev.drill.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc@%3Cissues.geode.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc%40%3Cissues.geode.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6%40%3Ccommits.cxf.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27@%3Cyarn-dev.hadoop.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27%40%3Cyarn-dev.hadoop.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac@%3Ccommon-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac%40%3Ccommon-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44@%3Cissues.geode.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44%40%3Cissues.geode.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199@%3Cyarn-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199%40%3Cyarn-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a@%3Cdev.drill.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a%40%3Cdev.drill.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222@%3Ccommits.ws.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222%40%3Ccommits.ws.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c@%3Cissues.hive.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c%40%3Cissues.hive.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09@%3Cyarn-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09%40%3Cyarn-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3@%3Cyarn-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3%40%3Cyarn-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322@%3Cgitbox.hive.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322%40%3Cgitbox.hive.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf%40%3Ccommits.cxf.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97@%3Cissues.geode.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97%40%3Cissues.geode.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f@%3Cdev.hive.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f%40%3Cdev.hive.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5@%3Cissues.hive.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5%40%3Cissues.hive.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf@%3Cdev.pig.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf%40%3Cdev.pig.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27@%3Cyarn-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27%40%3Cyarn-issues.hadoop.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85@%3Cissues.geode.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85%40%3Cissues.geode.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e@%3Cyarn-dev.hadoop.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e%40%3Cyarn-dev.hadoop.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625@%3Cissues.geode.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625%40%3Cissues.geode.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E",
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594%40%3Cdev.myfaces.apache.org%3E",
"source": "cve-coordination@google.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220210-0003/",

6
CVE-2021/CVE-2021-217xx/CVE-2021-21741.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-21741",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2021-08-30T18:15:08.107",
"lastModified": "2021-09-07T14:04:59.580",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-05T22:15:10.770",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A conference management system of ZTE is impacted by a command execution vulnerability. Since the soapmonitor's java object service is enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending a deserialized payload to port 5001."
"value": "There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command."
},
{
"lang": "es",

6
CVE-2021/CVE-2021-250xx/CVE-2021-25019.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-25019",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-03-21T19:15:09.403",
"lastModified": "2022-03-28T18:41:35.317",
"lastModified": "2023-06-07T02:42:47.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squirrly:seo:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:squirrly:seo_plugin_by_squirrly_seo:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "11.1.12",
"matchCriteriaId": "A7DCDFF4-4D4C-479A-A0BF-25964F60B776"
"matchCriteriaId": "73F9EE75-1EC7-41E3-B08B-FB213A92519F"
}
]
}

69
CVE-2021/CVE-2021-312xx/CVE-2021-31233.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2021-31233",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T01:15:42.983",
"lastModified": "2023-05-31T13:02:26.480",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-06T01:17:15.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability found in Fighting Cock Information System v.1.0 allows a remote attacker to obtain sensitive information via the edit_breed.php parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fighting_cock_information_system_project:fighting_cock_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11C6CA2F-C8E7-4BB1-A787-92E8621D817F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gabesolomon/CVE-2021-31233",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/php/12824/fighting-cock-information-system.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

6
CVE-2021/CVE-2021-312xx/CVE-2021-31239.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-31239",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T02:15:08.907",
"lastModified": "2023-05-22T04:15:09.640",
"lastModified": "2023-06-09T08:15:09.170",
"vulnStatus": "Modified",
"descriptions": [
{
@ -80,6 +80,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/",
"source": "cve@mitre.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230609-0010/",
"source": "cve@mitre.org"
},
{
"url": "https://www.sqlite.org/cves.html",
"source": "cve@mitre.org",

20
CVE-2021/CVE-2021-316xx/CVE-2021-31693.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-31693",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-29T21:15:10.597",
"lastModified": "2023-02-23T23:40:42.283",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-07T16:15:09.247",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS."
"value": "The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693."
}
],
"metrics": {
@ -67,18 +67,8 @@
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20221223-0009/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0029.html",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
"url": "https://packetstormsecurity.com/files/162227/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
}
]
}

Some files were not shown because too many files have changed in this diff Show More