admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-04T04:00:24.978063+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-04 04:00:28 +00:00
parent 0163c1faf6
commit bd07d87165
15 changed files with 655 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
CVE-2022/CVE-2022-359xx/CVE-2022-35908.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2022-35908",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-29T21:15:09.943",
"lastModified": "2023-09-30T01:57:32.760",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T02:00:46.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent."
},
{
"lang": "es",
"value": "Cambium Enterprise Wi-Fi System Software anterior a 6.4.2 no sanitiza el argumento del host de ping en el agente del dispositivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cambiumnetworks:enterprise_wi-fi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.2",
"matchCriteriaId": "8695D9DD-096B-47A4-AB36-D103DED633E6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://community.cambiumnetworks.com/t/enterprise-wi-fi-system-software-release-6-4-2/87229",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.cambiumnetworks.com/support/security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-205xx/CVE-2023-20588.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20588",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.653",
"lastModified": "2023-10-04T00:15:11.497",
"lastModified": "2023-10-04T03:15:10.310",
"vulnStatus": "Modified",
"descriptions": [
{
@ -958,10 +958,18 @@
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/15",
"source": "psirt@amd.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/16",
"source": "psirt@amd.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/9",
"source": "psirt@amd.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/1",
"source": "psirt@amd.com"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-439.html",
"source": "psirt@amd.com"

24
CVE-2023/CVE-2023-223xx/CVE-2023-22374.json
View File

@ -2,18 +2,18 @@
"id": "CVE-2023-22374",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2023-02-01T18:15:11.363",
"lastModified": "2023-03-15T16:08:58.560",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-04T03:15:10.497",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
"value": "\nA format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "f5sirt@f5.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -33,30 +33,30 @@
"impactScore": 6.0
},
{
"source": "f5sirt@f5.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "f5sirt@f5.com",
"type": "Primary",
"description": [
{
@ -66,7 +66,7 @@
]
},
{
"source": "f5sirt@f5.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

59
CVE-2023/CVE-2023-32xx/CVE-2023-3213.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3213",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-04T02:15:09.990",
"lastModified": "2023-10-04T02:15:09.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://wpmailsmtp.com/docs/how-to-view-recent-changes-to-the-wp-mail-smtp-plugin-changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a813251b-a4c1-4b23-ad03-dcc1f4f19eb9?source=cve",
"source": "security@wordfence.com"
}
]
}

47
CVE-2023/CVE-2023-374xx/CVE-2023-37404.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-37404",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-04T02:15:09.923",
"lastModified": "2023-10-04T02:15:09.923",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259789",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7041863",
"source": "psirt@us.ibm.com"
}
]
}

47
CVE-2023/CVE-2023-418xx/CVE-2023-41856.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41856",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-02T09:15:12.117",
"lastModified": "2023-10-02T12:57:39.087",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T02:05:29.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clicktotweet:click_to_tweet:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.14",
"matchCriteriaId": "61ADAD7A-FBC3-44FC-94DA-FF1641BD1099"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/click-to-tweet/wordpress-click-to-tweet-plugin-2-0-14-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-418xx/CVE-2023-41859.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41859",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-02T09:15:12.203",
"lastModified": "2023-10-02T12:57:34.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T02:08:24.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tychesoftwares:order_delivery_date_for_wp_e-commerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2",
"matchCriteriaId": "E30D5074-2D42-4B35-A058-7241986B8A05"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/order-delivery-date/wordpress-order-delivery-date-for-wp-e-commerce-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-441xx/CVE-2023-44144.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44144",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-02T10:15:12.577",
"lastModified": "2023-10-02T12:57:34.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T02:25:54.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dreamfoxmedia:payment_gateway_per_product_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.7",
"matchCriteriaId": "4FA26FAB-5984-4C18-9693-3BE9B17AA062"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-product-payments/wordpress-payment-gateway-per-product-for-woocommerce-plugin-3-2-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-441xx/CVE-2023-44145.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44145",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-02T10:15:12.800",
"lastModified": "2023-10-02T12:57:34.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T02:29:04.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jesweb:anchor_episodes_index_\\(spotify_for_podcasters\\):*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.7",
"matchCriteriaId": "E94C978C-A0BF-4037-8828-F201313E0CB4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/anchor-episodes-index/wordpress-anchor-episodes-index-spotify-for-podcasters-plugin-2-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-442xx/CVE-2023-44244.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44244",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-02T09:15:12.277",
"lastModified": "2023-10-02T12:57:34.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T02:13:12.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fooplugins:foogallery:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.44",
"matchCriteriaId": "271CC801-5399-41B0-91EC-E434A7A721C9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/foogallery/wordpress-foogallery-plugin-2-2-44-reflected-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-444xx/CVE-2023-44474.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44474",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-02T09:15:12.357",
"lastModified": "2023-10-02T12:57:34.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T02:15:06.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:md_jakir_hosen:tiger_forms_-_drag_and_drop_form_builder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.0",
"matchCriteriaId": "6A9BE04E-0093-4B99-B408-2268713A0A52"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/tiger-form/wordpress-tiger-forms-plugin-2-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-444xx/CVE-2023-44479.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44479",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-02T09:15:12.513",
"lastModified": "2023-10-02T12:57:34.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T02:19:00.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:krillwebdesign:wp-jump-menu:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.6.4",
"matchCriteriaId": "FEC5ED56-19B2-458A-A898-12E2ED9DEE92"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-jump-menu/wordpress-wp-jump-menu-plugin-3-6-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-52xx/CVE-2023-5291.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-5291",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-04T02:15:10.080",
"lastModified": "2023-10-04T02:15:10.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/blog-filter/tags/1.5.3/blog-filter-output.php#L128",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2974261/blog-filter#file54",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b95c1bf7-bb05-44d3-a185-7e38e62b7201?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-53xx/CVE-2023-5357.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5357",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-04T02:15:10.163",
"lastModified": "2023-10-04T02:15:10.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/instagram-for-wordpress/tags/2.1.6/templates/instagramPost.php#L12",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3991d8d0-57a8-42e7-a53c-97508f7e137f?source=cve",
"source": "security@wordfence.com"
}
]
}

51
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-04T02:00:25.066418+00:00
2023-10-04T04:00:24.978063+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-04T01:55:31.953000+00:00
2023-10-04T03:15:10.497000+00:00
```
### Last Data Feed Release
@ -29,46 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226920
226924
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `4`
* [CVE-2022-22447](CVE-2022/CVE-2022-224xx/CVE-2022-22447.json) (`2023-10-04T00:15:11.293`)
* [CVE-2023-35905](CVE-2023/CVE-2023-359xx/CVE-2023-35905.json) (`2023-10-04T01:15:50.950`)
* [CVE-2023-37404](CVE-2023/CVE-2023-374xx/CVE-2023-37404.json) (`2023-10-04T02:15:09.923`)
* [CVE-2023-3213](CVE-2023/CVE-2023-32xx/CVE-2023-3213.json) (`2023-10-04T02:15:09.990`)
* [CVE-2023-5291](CVE-2023/CVE-2023-52xx/CVE-2023-5291.json) (`2023-10-04T02:15:10.080`)
* [CVE-2023-5357](CVE-2023/CVE-2023-53xx/CVE-2023-5357.json) (`2023-10-04T02:15:10.163`)
### CVEs modified in the last Commit
Recently modified CVEs: `39`
Recently modified CVEs: `10`
* [CVE-2023-43898](CVE-2023/CVE-2023-438xx/CVE-2023-43898.json) (`2023-10-03T23:55:59.983`)
* [CVE-2023-43951](CVE-2023/CVE-2023-439xx/CVE-2023-43951.json) (`2023-10-03T23:55:59.983`)
* [CVE-2023-43952](CVE-2023/CVE-2023-439xx/CVE-2023-43952.json) (`2023-10-03T23:55:59.983`)
* [CVE-2023-43953](CVE-2023/CVE-2023-439xx/CVE-2023-43953.json) (`2023-10-03T23:55:59.983`)
* [CVE-2023-44973](CVE-2023/CVE-2023-449xx/CVE-2023-44973.json) (`2023-10-03T23:55:59.983`)
* [CVE-2023-44974](CVE-2023/CVE-2023-449xx/CVE-2023-44974.json) (`2023-10-03T23:55:59.983`)
* [CVE-2023-39646](CVE-2023/CVE-2023-396xx/CVE-2023-39646.json) (`2023-10-03T23:55:59.983`)
* [CVE-2023-39648](CVE-2023/CVE-2023-396xx/CVE-2023-39648.json) (`2023-10-03T23:55:59.983`)
* [CVE-2023-39649](CVE-2023/CVE-2023-396xx/CVE-2023-39649.json) (`2023-10-03T23:55:59.983`)
* [CVE-2023-39651](CVE-2023/CVE-2023-396xx/CVE-2023-39651.json) (`2023-10-03T23:55:59.983`)
* [CVE-2023-39647](CVE-2023/CVE-2023-396xx/CVE-2023-39647.json) (`2023-10-03T23:55:59.983`)
* [CVE-2023-20588](CVE-2023/CVE-2023-205xx/CVE-2023-20588.json) (`2023-10-04T00:15:11.497`)
* [CVE-2023-22283](CVE-2023/CVE-2023-222xx/CVE-2023-22283.json) (`2023-10-04T00:15:11.743`)
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2023-10-04T00:15:11.890`)
* [CVE-2023-43740](CVE-2023/CVE-2023-437xx/CVE-2023-43740.json) (`2023-10-04T00:15:11.980`)
* [CVE-2023-4806](CVE-2023/CVE-2023-48xx/CVE-2023-4806.json) (`2023-10-04T00:15:12.080`)
* [CVE-2023-4813](CVE-2023/CVE-2023-48xx/CVE-2023-4813.json) (`2023-10-04T00:15:12.163`)
* [CVE-2023-5111](CVE-2023/CVE-2023-51xx/CVE-2023-5111.json) (`2023-10-04T00:15:12.257`)
* [CVE-2023-5156](CVE-2023/CVE-2023-51xx/CVE-2023-5156.json) (`2023-10-04T00:15:12.353`)
* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-10-04T00:15:12.427`)
* [CVE-2023-26218](CVE-2023/CVE-2023-262xx/CVE-2023-26218.json) (`2023-10-04T01:37:39.550`)
* [CVE-2023-20252](CVE-2023/CVE-2023-202xx/CVE-2023-20252.json) (`2023-10-04T01:44:44.877`)
* [CVE-2023-43655](CVE-2023/CVE-2023-436xx/CVE-2023-43655.json) (`2023-10-04T01:46:28.943`)
* [CVE-2023-20179](CVE-2023/CVE-2023-201xx/CVE-2023-20179.json) (`2023-10-04T01:53:00.463`)
* [CVE-2023-5207](CVE-2023/CVE-2023-52xx/CVE-2023-5207.json) (`2023-10-04T01:55:31.953`)
* [CVE-2022-35908](CVE-2022/CVE-2022-359xx/CVE-2022-35908.json) (`2023-10-04T02:00:46.277`)
* [CVE-2023-41856](CVE-2023/CVE-2023-418xx/CVE-2023-41856.json) (`2023-10-04T02:05:29.750`)
* [CVE-2023-41859](CVE-2023/CVE-2023-418xx/CVE-2023-41859.json) (`2023-10-04T02:08:24.597`)
* [CVE-2023-44244](CVE-2023/CVE-2023-442xx/CVE-2023-44244.json) (`2023-10-04T02:13:12.393`)
* [CVE-2023-44474](CVE-2023/CVE-2023-444xx/CVE-2023-44474.json) (`2023-10-04T02:15:06.293`)
* [CVE-2023-44479](CVE-2023/CVE-2023-444xx/CVE-2023-44479.json) (`2023-10-04T02:19:00.777`)
* [CVE-2023-44144](CVE-2023/CVE-2023-441xx/CVE-2023-44144.json) (`2023-10-04T02:25:54.813`)
* [CVE-2023-44145](CVE-2023/CVE-2023-441xx/CVE-2023-44145.json) (`2023-10-04T02:29:04.490`)
* [CVE-2023-20588](CVE-2023/CVE-2023-205xx/CVE-2023-20588.json) (`2023-10-04T03:15:10.310`)
* [CVE-2023-22374](CVE-2023/CVE-2023-223xx/CVE-2023-22374.json) (`2023-10-04T03:15:10.497`)
## Download and Usage