admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-30T15:00:24.334469+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-30 15:00:27 +00:00
parent 7bfcd6611c
commit c4b0e34842
30 changed files with 1756 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
CVE-2018/CVE-2018-111xx/CVE-2018-11103.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2018-11103",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T14:15:08.817",
"lastModified": "2023-10-30T14:15:08.817",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
],
"metrics": {},
"references": []
}

15
CVE-2020/CVE-2020-258xx/CVE-2020-25870.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2020-25870",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T14:15:08.897",
"lastModified": "2023-10-30T14:15:08.897",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
],
"metrics": {},
"references": []
}

70
CVE-2022/CVE-2022-253xx/CVE-2022-25332.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25332",
"sourceIdentifier": "cert@ncsc.nl",
"published": "2023-10-19T10:15:09.683",
"lastModified": "2023-10-19T12:59:29.480",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T13:44:07.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6
},
{
"source": "cert@ncsc.nl",
"type": "Secondary",
@ -38,10 +58,54 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ti:omap-l138_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2470A5EA-6ADD-49BC-8094-5C9D0613C259"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ti:omap-l138:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D233BF22-A3B6-4E74-9418-8732C3E0201F"
}
]
}
]
}
],
"references": [
{
"url": "https://tetraburst.com/",
"source": "cert@ncsc.nl"
"source": "cert@ncsc.nl",
"tags": [
"Technical Description"
]
}
]
}

15
CVE-2022/CVE-2022-481xx/CVE-2022-48190.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2022-48190",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-10-30T14:15:08.977",
"lastModified": "2023-10-30T14:15:08.977",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {},
"references": []
}

15
CVE-2023/CVE-2023-409xx/CVE-2023-40943.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-40943",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T14:15:09.037",
"lastModified": "2023-10-30T14:15:09.037",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
],
"metrics": {},
"references": []
}

15
CVE-2023/CVE-2023-416xx/CVE-2023-41605.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-41605",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T14:15:09.080",
"lastModified": "2023-10-30T14:15:09.080",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
],
"metrics": {},
"references": []
}

244
CVE-2023/CVE-2023-434xx/CVE-2023-43492.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43492",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-10-19T20:15:09.230",
"lastModified": "2023-10-20T11:27:35.620",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T14:33:25.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -50,14 +80,220 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20210212",
"matchCriteriaId": "33538560-F796-4D1D-AA52-63DB5FD817BF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A132B170-A1FC-4D38-9965-0FF47B944FD5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20210206",
"matchCriteriaId": "52502356-D835-4468-BCA6-875177B562F8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E08E3518-A03F-486D-B67A-013F67026D78"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20210220",
"matchCriteriaId": "210A03BC-C9BB-4832-BDB2-2EB5E87FD13A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DE53C8-09D5-4D5E-97EE-A89E1478CD65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20210220",
"matchCriteriaId": "17422509-5131-48A3-8C9A-ECA4332C33F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F83A8D-1489-48AA-911B-5BA561A57896"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20210220",
"matchCriteriaId": "3E5B9225-364C-46BD-BCB4-E151923855CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79C1F694-08A2-46E7-95C2-8DFA3D64423B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20210220",
"matchCriteriaId": "3651EA3F-5C3F-4893-AF82-E7FDBBAF5EAA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F607716E-7B7B-4620-819C-F44341B8C37F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20210220",
"matchCriteriaId": "82F72B48-B2CE-4580-B4CC-49879CA6074B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF5326B-5E33-4C11-9AC6-A90357078FCA"
}
]
}
]
}
],
"references": [
{
"url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

15
CVE-2023/CVE-2023-440xx/CVE-2023-44078.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-44078",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-30T14:15:09.123",
"lastModified": "2023-10-30T14:15:09.123",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
],
"metrics": {},
"references": []
}

58
CVE-2023/CVE-2023-451xx/CVE-2023-45146.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45146",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-18T22:15:09.323",
"lastModified": "2023-10-19T12:59:35.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T14:14:07.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xxl-rpc_project:xxl-rpc:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.7.0",
"matchCriteriaId": "E9AF588F-3BB3-421A-9FEB-A1EACED79D2A"
}
]
}
]
}
],
"references": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-052_XXL-RPC/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product",
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-458xx/CVE-2023-45812.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45812",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-18T22:15:09.403",
"lastModified": "2023-10-19T12:59:35.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T14:55:59.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +80,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apollographql:apollo_router:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.31.0",
"versionEndIncluding": "1.32.0",
"matchCriteriaId": "E5CBFBBF-CA05-439F-B7D9-0F0160C90006"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apollographql:apollo_helms-charts_router:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.31.0",
"versionEndIncluding": "1.32.0",
"matchCriteriaId": "7E5629BA-4004-4210-B632-6E80CF4383D5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/apollographql/router/pull/4014",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/apollographql/router/security/advisories/GHSA-r344-xw3p-2frj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-458xx/CVE-2023-45813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45813",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-18T21:15:09.640",
"lastModified": "2023-10-19T12:59:35.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T13:37:36.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +80,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:torbot_project:torbot:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.0",
"matchCriteriaId": "1A76049A-5F05-41CC-8B99-48D3179C49C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:validators_project:validators:0.11.0:*:*:*:*:python:*:*",
"matchCriteriaId": "E3D93DF2-C7B5-41A8-BA99-AD42587A6BE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:validators_project:validators:0.20.0:*:*:*:*:python:*:*",
"matchCriteriaId": "471398FE-B318-403A-80B0-C6E43EA1480E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550441086ac4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-463xx/CVE-2023-46324.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46324",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-23T01:15:07.637",
"lastModified": "2023-10-23T11:35:01.280",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T13:46:10.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,88 @@
"value": "pkg/suci/suci.go en free5GC udm anterior a 1.2.0, cuando se usa Go anterior a 1.19, permite un Ataque de Curva no v\u00e1lida porque puede calcular un secreto compartido a trav\u00e9s de una clave p\u00fablica sin comprimir que no ha sido validada. Un atacante puede enviar SUCI arbitrarias a la UDM, que intenta descifrarlas tanto a trav\u00e9s de su clave privada como de la clave p\u00fablica del atacante."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:free5gc:udm:*:*:*:*:*:go:*:*",
"versionEndExcluding": "1.2.0",
"matchCriteriaId": "B3A8A633-027B-49BA-A6F3-DEF13055F2E9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.19",
"matchCriteriaId": "7E89E139-D507-4065-A3CE-EAD6779A5958"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/free5gc/udm/compare/v1.1.1...v1.2.0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/free5gc/udm/pull/20",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-50xx/CVE-2023-5049.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-5049",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.167",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepress_gutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.11.4/app/rafflepress.php#L796",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.11.4/app/rafflepress.php#L955",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2976620/rafflepress#file0",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a6d663a9-3185-4c36-b9d1-878297965379?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-51xx/CVE-2023-5164.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-5164",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.240",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/bellows-accordion-menu/tags/1.4.2/includes/bellows.api.php#L5",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bellows-accordion-menu/tags/1.4.2/includes/functions.php#L12",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50283a4f-ea59-488a-bab0-dd6bc5718556?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-51xx/CVE-2023-5199.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5199",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.307",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/php-to-page/trunk/php-to-page.php?rev=441028#L22",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83e5a0dc-fc51-4565-945f-190cf9175874?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-52xx/CVE-2023-5250.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5250",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.383",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. This is limited to .php files."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/grid.plus.base.class.php#L19",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a6407792-2c76-4149-a9f9-d53002135bec?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-52xx/CVE-2023-5251.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-5251",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.457",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/ajax_be.php#L10",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/ajax_be.php#L69",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2d34c84-473c-49f8-b55c-c869b5479974?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-52xx/CVE-2023-5252.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5252",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.530",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/fareharbor/tags/3.6.7/fareharbor.php#L287",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42ad6fef-4280-45db-a3e2-6d7522751fa7?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-53xx/CVE-2023-5315.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5315",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.597",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-gmappity-easy-google-maps/tags/0.6/wpgmappity-metadata.php#L127",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/262db9aa-0db5-48cd-a85b-3e6302e88a42?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-53xx/CVE-2023-5335.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5335",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.667",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'buzzsprout' shortcode in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/buzzsprout-podcasting/tags/1.8.3/buzzsprout-podcasting.php#L271",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be7f8b73-801d-46e8-81c1-8bb0bb576700?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2023/CVE-2023-53xx/CVE-2023-5362.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-5362",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.733",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/spice-post-slider/tags/1.9/include/view/shortcode.php#L102",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/spice-post-slider/tags/2.0.1/include/view/shortcode.php?rev=2981648#L102",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2981654/spice-post-slider",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c0dd70b9-6f8a-41fc-ab4f-f6cdfee8dfb8?source=cve",
"source": "security@wordfence.com"
}
]
}

69
CVE-2023/CVE-2023-55xx/CVE-2023-5524.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5524",
"sourceIdentifier": "security@m-files.com",
"published": "2023-10-20T07:15:17.717",
"lastModified": "2023-10-20T11:27:12.763",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-30T13:50:35.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
},
{
"source": "security@m-files.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "security@m-files.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-files:web_companion:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "23.8",
"matchCriteriaId": "4A13E967-9494-4FA8-AE96-503DACD92325"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-files:web_companion:*:*:*:*:-:*:*:*",
"versionStartIncluding": "23.3",
"versionEndExcluding": "23.10",
"matchCriteriaId": "8442CD82-5B17-4837-831B-BB1F4B4BC333"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-files:web_companion:23.8:-:*:*:lts:*:*:*",
"matchCriteriaId": "F039E21F-58D0-4BBC-B41E-EFE922009296"
}
]
}
]
}
],
"references": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5524/",
"source": "security@m-files.com"
"source": "security@m-files.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-55xx/CVE-2023-5565.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5565",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:09.973",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/shortcode-menu/tags/3.2/shortcode-menu.php#L183",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/438b9c13-4059-4671-ab4a-07a8cf6f6122?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2023/CVE-2023-55xx/CVE-2023-5566.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-5566",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:10.043",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/smpl-shortcodes/tags/1.0.20/includes/shortcodes.php#L257",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/smpl-shortcodes/tags/1.0.20/includes/shortcodes.php#L292",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/smpl-shortcodes/tags/1.0.20/includes/shortcodes.php#L386",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a153d6b2-e3fd-42db-90ba-d899a07d60c1?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-55xx/CVE-2023-5583.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5583",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:10.120",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-simple-galleries/tags/1.34/wp-simple-gallery.php#L250",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-56xx/CVE-2023-5666.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-5666",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:10.183",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/accordions-wp/trunk/theme/custom-wp-accordion-themes.php?rev=2406278#L24",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2982015/accordions-wp#file370",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a8ada876-4a8b-494f-9132-d88a71b42c44?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-58xx/CVE-2023-5832.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5832",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-30T13:15:31.690",
"lastModified": "2023-10-30T14:01:39.793",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/18798c5b640018aaee924e0afd941705d88df92e",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/afee3726-571f-416e-bba5-0828c815f5df",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-58xx/CVE-2023-5833.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5833",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-30T13:15:31.917",
"lastModified": "2023-10-30T14:01:39.793",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/d5b1f84a4c7991987eac3454d4f1b4067841d783",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/00ec6847-125b-43e9-9658-d3cace1751d6",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-58xx/CVE-2023-5843.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5843",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-30T14:15:10.253",
"lastModified": "2023-10-30T14:32:18.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ads-by-datafeedrcom/tags/1.1.3/inc/dfads.class.php#L34",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5412fd87-49bc-445c-8d16-443e38933d1e?source=cve",
"source": "security@wordfence.com"
}
]
}

66
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-30T13:00:25.728456+00:00
2023-10-30T15:00:24.334469+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-30T12:58:20.887000+00:00
2023-10-30T14:55:59.993000+00:00
```
### Last Data Feed Release
@ -29,46 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
229134
229156
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `22`
* [CVE-2023-42431](CVE-2023/CVE-2023-424xx/CVE-2023-42431.json) (`2023-10-30T11:15:39.267`)
* [CVE-2023-5844](CVE-2023/CVE-2023-58xx/CVE-2023-5844.json) (`2023-10-30T11:15:39.347`)
* [CVE-2018-11103](CVE-2018/CVE-2018-111xx/CVE-2018-11103.json) (`2023-10-30T14:15:08.817`)
* [CVE-2020-25870](CVE-2020/CVE-2020-258xx/CVE-2020-25870.json) (`2023-10-30T14:15:08.897`)
* [CVE-2022-48190](CVE-2022/CVE-2022-481xx/CVE-2022-48190.json) (`2023-10-30T14:15:08.977`)
* [CVE-2023-5832](CVE-2023/CVE-2023-58xx/CVE-2023-5832.json) (`2023-10-30T13:15:31.690`)
* [CVE-2023-5833](CVE-2023/CVE-2023-58xx/CVE-2023-5833.json) (`2023-10-30T13:15:31.917`)
* [CVE-2023-40943](CVE-2023/CVE-2023-409xx/CVE-2023-40943.json) (`2023-10-30T14:15:09.037`)
* [CVE-2023-41605](CVE-2023/CVE-2023-416xx/CVE-2023-41605.json) (`2023-10-30T14:15:09.080`)
* [CVE-2023-44078](CVE-2023/CVE-2023-440xx/CVE-2023-44078.json) (`2023-10-30T14:15:09.123`)
* [CVE-2023-5049](CVE-2023/CVE-2023-50xx/CVE-2023-5049.json) (`2023-10-30T14:15:09.167`)
* [CVE-2023-5164](CVE-2023/CVE-2023-51xx/CVE-2023-5164.json) (`2023-10-30T14:15:09.240`)
* [CVE-2023-5199](CVE-2023/CVE-2023-51xx/CVE-2023-5199.json) (`2023-10-30T14:15:09.307`)
* [CVE-2023-5250](CVE-2023/CVE-2023-52xx/CVE-2023-5250.json) (`2023-10-30T14:15:09.383`)
* [CVE-2023-5251](CVE-2023/CVE-2023-52xx/CVE-2023-5251.json) (`2023-10-30T14:15:09.457`)
* [CVE-2023-5252](CVE-2023/CVE-2023-52xx/CVE-2023-5252.json) (`2023-10-30T14:15:09.530`)
* [CVE-2023-5315](CVE-2023/CVE-2023-53xx/CVE-2023-5315.json) (`2023-10-30T14:15:09.597`)
* [CVE-2023-5335](CVE-2023/CVE-2023-53xx/CVE-2023-5335.json) (`2023-10-30T14:15:09.667`)
* [CVE-2023-5362](CVE-2023/CVE-2023-53xx/CVE-2023-5362.json) (`2023-10-30T14:15:09.733`)
* [CVE-2023-5565](CVE-2023/CVE-2023-55xx/CVE-2023-5565.json) (`2023-10-30T14:15:09.973`)
* [CVE-2023-5566](CVE-2023/CVE-2023-55xx/CVE-2023-5566.json) (`2023-10-30T14:15:10.043`)
* [CVE-2023-5583](CVE-2023/CVE-2023-55xx/CVE-2023-5583.json) (`2023-10-30T14:15:10.120`)
* [CVE-2023-5666](CVE-2023/CVE-2023-56xx/CVE-2023-5666.json) (`2023-10-30T14:15:10.183`)
* [CVE-2023-5843](CVE-2023/CVE-2023-58xx/CVE-2023-5843.json) (`2023-10-30T14:15:10.253`)
### CVEs modified in the last Commit
Recently modified CVEs: `50`
Recently modified CVEs: `7`
* [CVE-2023-45998](CVE-2023/CVE-2023-459xx/CVE-2023-45998.json) (`2023-10-30T11:36:31.693`)
* [CVE-2023-46058](CVE-2023/CVE-2023-460xx/CVE-2023-46058.json) (`2023-10-30T11:37:02.710`)
* [CVE-2023-46059](CVE-2023/CVE-2023-460xx/CVE-2023-46059.json) (`2023-10-30T11:37:14.247`)
* [CVE-2023-5121](CVE-2023/CVE-2023-51xx/CVE-2023-5121.json) (`2023-10-30T11:37:47.037`)
* [CVE-2023-40685](CVE-2023/CVE-2023-406xx/CVE-2023-40685.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-46862](CVE-2023/CVE-2023-468xx/CVE-2023-46862.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-46863](CVE-2023/CVE-2023-468xx/CVE-2023-46863.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-46864](CVE-2023/CVE-2023-468xx/CVE-2023-46864.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-4393](CVE-2023/CVE-2023-43xx/CVE-2023-4393.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-46865](CVE-2023/CVE-2023-468xx/CVE-2023-46865.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-5842](CVE-2023/CVE-2023-58xx/CVE-2023-5842.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-46866](CVE-2023/CVE-2023-468xx/CVE-2023-46866.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-46867](CVE-2023/CVE-2023-468xx/CVE-2023-46867.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-44141](CVE-2023/CVE-2023-441xx/CVE-2023-44141.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-45746](CVE-2023/CVE-2023-457xx/CVE-2023-45746.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-45797](CVE-2023/CVE-2023-457xx/CVE-2023-45797.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-45798](CVE-2023/CVE-2023-457xx/CVE-2023-45798.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-45799](CVE-2023/CVE-2023-457xx/CVE-2023-45799.json) (`2023-10-30T11:54:30.703`)
* [CVE-2023-3254](CVE-2023/CVE-2023-32xx/CVE-2023-3254.json) (`2023-10-30T12:11:53.503`)
* [CVE-2023-45008](CVE-2023/CVE-2023-450xx/CVE-2023-45008.json) (`2023-10-30T12:14:10.967`)
* [CVE-2023-43800](CVE-2023/CVE-2023-438xx/CVE-2023-43800.json) (`2023-10-30T12:25:25.967`)
* [CVE-2023-43801](CVE-2023/CVE-2023-438xx/CVE-2023-43801.json) (`2023-10-30T12:38:24.330`)
* [CVE-2023-43803](CVE-2023/CVE-2023-438xx/CVE-2023-43803.json) (`2023-10-30T12:46:57.553`)
* [CVE-2023-45145](CVE-2023/CVE-2023-451xx/CVE-2023-45145.json) (`2023-10-30T12:50:12.313`)
* [CVE-2023-43802](CVE-2023/CVE-2023-438xx/CVE-2023-43802.json) (`2023-10-30T12:58:20.887`)
* [CVE-2022-25332](CVE-2022/CVE-2022-253xx/CVE-2022-25332.json) (`2023-10-30T13:44:07.793`)
* [CVE-2023-45813](CVE-2023/CVE-2023-458xx/CVE-2023-45813.json) (`2023-10-30T13:37:36.380`)
* [CVE-2023-46324](CVE-2023/CVE-2023-463xx/CVE-2023-46324.json) (`2023-10-30T13:46:10.107`)
* [CVE-2023-5524](CVE-2023/CVE-2023-55xx/CVE-2023-5524.json) (`2023-10-30T13:50:35.243`)
* [CVE-2023-45146](CVE-2023/CVE-2023-451xx/CVE-2023-45146.json) (`2023-10-30T14:14:07.753`)
* [CVE-2023-43492](CVE-2023/CVE-2023-434xx/CVE-2023-43492.json) (`2023-10-30T14:33:25.570`)
* [CVE-2023-45812](CVE-2023/CVE-2023-458xx/CVE-2023-45812.json) (`2023-10-30T14:55:59.993`)
## Download and Usage