admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-08T23:00:24.463816+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-08 23:00:28 +00:00
parent 92050295a3
commit c4b4fd0e95
24 changed files with 1019 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
CVE-2022/CVE-2022-294xx/CVE-2022-29409.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2022-29409",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T22:15:44.113",
"lastModified": "2024-01-08T22:15:44.113",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {},
"references": []
}

36
CVE-2022/CVE-2022-299xx/CVE-2022-29923.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-29923",
"sourceIdentifier": "audit@patchstack.com",
"published": "2022-07-20T19:15:14.463",
"lastModified": "2022-07-26T11:54:14.203",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-08T22:15:44.267",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.4.1 at WordPress."
"value": "Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1.\n\n"
},
{
"lang": "es",
@ -41,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
@ -90,20 +90,8 @@
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/quick-restaurant-reservations/wordpress-quick-restaurant-reservations-plugin-1-4-1-authenticated-reflected-cross-site-scripting-xss-vulnerability",
"source": "audit@patchstack.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://wordpress.org/plugins/quick-restaurant-reservations/#developers",
"source": "audit@patchstack.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
"url": "https://patchstack.com/database/vulnerability/quick-restaurant-reservations/wordpress-quick-restaurant-reservations-plugin-1-4-1-authenticated-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-343xx/CVE-2022-34344.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-34344",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T22:15:44.540",
"lastModified": "2024-01-08T22:15:44.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Rymera Web Co Wholesale Suite \u2013 WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite \u2013 WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-wholesale-prices/wordpress-wholesale-suite-plugin-2-1-5-auth-plugin-settings-change-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-363xx/CVE-2022-36352.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-36352",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T22:15:44.760",
"lastModified": "2024-01-08T22:15:44.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Profilegrid ProfileGrid \u2013 User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid \u2013 User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-0-3-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-406xx/CVE-2022-40696.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-40696",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T22:15:44.970",
"lastModified": "2024-01-08T22:15:44.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-custom-fields/wordpress-advanced-custom-fields-plugin-3-1-1-6-0-2-custom-field-value-exposure?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-453xx/CVE-2022-45354.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45354",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T21:15:08.260",
"lastModified": "2024-01-08T21:15:08.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-7-60-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2023/CVE-2023-277xx/CVE-2023-27739.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-27739",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-08T21:15:08.587",
"lastModified": "2024-01-08T21:15:08.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "easyXDM 2.5 allows XSS via the xdm_e parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://threeshield.ca/easyxdm-2.5.20.html",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-474xx/CVE-2023-47489.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47489",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T06:15:24.347",
"lastModified": "2023-11-16T16:39:53.067",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-08T21:15:08.643",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -74,6 +74,10 @@
"tags": [
"Broken Link"
]
},
{
"url": "https://nitipoom-jar.github.io/CVE-2023-47489/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-499xx/CVE-2023-49961.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-49961",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-08T21:15:08.767",
"lastModified": "2024-01-08T21:15:08.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure."
}
],
"metrics": {},
"references": [
{
"url": "https://www.wallix.com/support/alerts/",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51406.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51406",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T21:15:08.817",
"lastModified": "2024-01-08T21:15:08.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup \u2013 Fastest WordPress Migration & Duplicator.This issue affects FastDup \u2013 Fastest WordPress Migration & Duplicator: from n/a through 2.1.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/fastdup/wordpress-fastdup-plugin-2-1-7-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51408.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51408",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T21:15:09.013",
"lastModified": "2024-01-08T21:15:09.013",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel \u2013 Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel \u2013 Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n/a through 1.4.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-optin-wheel/wordpress-wp-optin-wheel-plugin-1-4-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51490.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51490",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T21:15:09.213",
"lastModified": "2024-01-08T21:15:09.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security \u2013 Malware Scanner, Login Security & Firewall.This issue affects Defender Security \u2013 Malware Scanner, Login Security & Firewall: from n/a through 4.1.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-security-plugin-4-1-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-515xx/CVE-2023-51508.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51508",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T21:15:09.420",
"lastModified": "2024-01-08T21:15:09.420",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/database-cleaner/wordpress-database-cleaner-plugin-0-9-8-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2023/CVE-2023-520xx/CVE-2023-52072.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-52072",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-08T22:15:45.173",
"lastModified": "2024-01-08T22:15:45.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/zouyang0714/cms/blob/main/2.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-520xx/CVE-2023-52073.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-52073",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-08T22:15:45.220",
"lastModified": "2024-01-08T22:15:45.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/zouyang0714/cms/blob/main/3.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-520xx/CVE-2023-52074.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-52074",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-08T22:15:45.267",
"lastModified": "2024-01-08T22:15:45.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/zouyang0714/cms/blob/main/1.md",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-521xx/CVE-2023-52142.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52142",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T21:15:09.607",
"lastModified": "2024-01-08T21:15:09.607",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/template-events-calendar/wordpress-events-shortcodes-for-the-events-calendar-plugin-2-3-1-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-521xx/CVE-2023-52196.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52196",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T21:15:09.820",
"lastModified": "2024-01-08T21:15:09.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cpt-bootstrap-carousel/wordpress-cpt-bootstrap-carousel-plugin-1-12-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-521xx/CVE-2023-52197.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52197",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T21:15:10.040",
"lastModified": "2024-01-08T21:15:10.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ads-invalid-click-protection/wordpress-ads-invalid-click-protection-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-521xx/CVE-2023-52198.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52198",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T21:15:10.243",
"lastModified": "2024-01-08T21:15:10.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/private-google-calendars/wordpress-private-google-calendars-plugin-20231125-contributor-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-522xx/CVE-2023-52201.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52201",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T21:15:10.443",
"lastModified": "2024-01-08T21:15:10.443",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brian D. Goad pTypeConverter.This issue affects pTypeConverter: from n/a through 0.2.8.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ptypeconverter/wordpress-ptypeconverter-plugin-0-2-8-1-subscriber-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-522xx/CVE-2023-52202.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52202",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-08T21:15:10.633",
"lastModified": "2024-01-08T21:15:10.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/html5-mp3-player-with-mp3-folder-feedburner-playlist/wordpress-html5-mp3-player-with-folder-feedburner-plugin-2-8-0-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

88
CVE-2023/CVE-2023-72xx/CVE-2023-7218.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-7218",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T21:15:10.850",
"lastModified": "2024-01-08T21:15:10.850",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/4/README.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249852",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249852",
"source": "cna@vuldb.com"
}
]
}

83
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-08T21:00:24.445554+00:00
2024-01-08T23:00:24.463816+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-08T20:15:46.437000+00:00
2024-01-08T22:15:45.267000+00:00
```
### Last Data Feed Release
@ -29,69 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
235176
235197
```
### CVEs added in the last Commit
Recently added CVEs: `36`
Recently added CVEs: `21`
* [CVE-2023-6161](CVE-2023/CVE-2023-61xx/CVE-2023-6161.json) (`2024-01-08T19:15:10.137`)
* [CVE-2023-6383](CVE-2023/CVE-2023-63xx/CVE-2023-6383.json) (`2024-01-08T19:15:10.183`)
* [CVE-2023-6505](CVE-2023/CVE-2023-65xx/CVE-2023-6505.json) (`2024-01-08T19:15:10.230`)
* [CVE-2023-6528](CVE-2023/CVE-2023-65xx/CVE-2023-6528.json) (`2024-01-08T19:15:10.273`)
* [CVE-2023-6529](CVE-2023/CVE-2023-65xx/CVE-2023-6529.json) (`2024-01-08T19:15:10.320`)
* [CVE-2023-6532](CVE-2023/CVE-2023-65xx/CVE-2023-6532.json) (`2024-01-08T19:15:10.363`)
* [CVE-2023-6555](CVE-2023/CVE-2023-65xx/CVE-2023-6555.json) (`2024-01-08T19:15:10.413`)
* [CVE-2023-6627](CVE-2023/CVE-2023-66xx/CVE-2023-6627.json) (`2024-01-08T19:15:10.460`)
* [CVE-2023-6750](CVE-2023/CVE-2023-67xx/CVE-2023-6750.json) (`2024-01-08T19:15:10.680`)
* [CVE-2023-6845](CVE-2023/CVE-2023-68xx/CVE-2023-6845.json) (`2024-01-08T19:15:10.727`)
* [CVE-2023-1032](CVE-2023/CVE-2023-10xx/CVE-2023-1032.json) (`2024-01-08T19:15:08.663`)
* [CVE-2023-52190](CVE-2023/CVE-2023-521xx/CVE-2023-52190.json) (`2024-01-08T19:15:08.863`)
* [CVE-2023-52207](CVE-2023/CVE-2023-522xx/CVE-2023-52207.json) (`2024-01-08T19:15:09.053`)
* [CVE-2023-47890](CVE-2023/CVE-2023-478xx/CVE-2023-47890.json) (`2024-01-08T20:15:44.453`)
* [CVE-2023-50982](CVE-2023/CVE-2023-509xx/CVE-2023-50982.json) (`2024-01-08T20:15:44.513`)
* [CVE-2023-51246](CVE-2023/CVE-2023-512xx/CVE-2023-51246.json) (`2024-01-08T20:15:44.723`)
* [CVE-2023-52200](CVE-2023/CVE-2023-522xx/CVE-2023-52200.json) (`2024-01-08T20:15:44.777`)
* [CVE-2023-52203](CVE-2023/CVE-2023-522xx/CVE-2023-52203.json) (`2024-01-08T20:15:45.010`)
* [CVE-2023-52204](CVE-2023/CVE-2023-522xx/CVE-2023-52204.json) (`2024-01-08T20:15:45.263`)
* [CVE-2023-52205](CVE-2023/CVE-2023-522xx/CVE-2023-52205.json) (`2024-01-08T20:15:45.463`)
* [CVE-2023-52206](CVE-2023/CVE-2023-522xx/CVE-2023-52206.json) (`2024-01-08T20:15:45.680`)
* [CVE-2023-52213](CVE-2023/CVE-2023-522xx/CVE-2023-52213.json) (`2024-01-08T20:15:45.920`)
* [CVE-2023-52216](CVE-2023/CVE-2023-522xx/CVE-2023-52216.json) (`2024-01-08T20:15:46.173`)
* [CVE-2023-52271](CVE-2023/CVE-2023-522xx/CVE-2023-52271.json) (`2024-01-08T20:15:46.387`)
* [CVE-2023-6631](CVE-2023/CVE-2023-66xx/CVE-2023-6631.json) (`2024-01-08T19:15:10.507`)
* [CVE-2022-45354](CVE-2022/CVE-2022-453xx/CVE-2022-45354.json) (`2024-01-08T21:15:08.260`)
* [CVE-2022-29409](CVE-2022/CVE-2022-294xx/CVE-2022-29409.json) (`2024-01-08T22:15:44.113`)
* [CVE-2022-34344](CVE-2022/CVE-2022-343xx/CVE-2022-34344.json) (`2024-01-08T22:15:44.540`)
* [CVE-2022-36352](CVE-2022/CVE-2022-363xx/CVE-2022-36352.json) (`2024-01-08T22:15:44.760`)
* [CVE-2022-40696](CVE-2022/CVE-2022-406xx/CVE-2022-40696.json) (`2024-01-08T22:15:44.970`)
* [CVE-2023-27739](CVE-2023/CVE-2023-277xx/CVE-2023-27739.json) (`2024-01-08T21:15:08.587`)
* [CVE-2023-49961](CVE-2023/CVE-2023-499xx/CVE-2023-49961.json) (`2024-01-08T21:15:08.767`)
* [CVE-2023-51406](CVE-2023/CVE-2023-514xx/CVE-2023-51406.json) (`2024-01-08T21:15:08.817`)
* [CVE-2023-51408](CVE-2023/CVE-2023-514xx/CVE-2023-51408.json) (`2024-01-08T21:15:09.013`)
* [CVE-2023-51490](CVE-2023/CVE-2023-514xx/CVE-2023-51490.json) (`2024-01-08T21:15:09.213`)
* [CVE-2023-51508](CVE-2023/CVE-2023-515xx/CVE-2023-51508.json) (`2024-01-08T21:15:09.420`)
* [CVE-2023-52142](CVE-2023/CVE-2023-521xx/CVE-2023-52142.json) (`2024-01-08T21:15:09.607`)
* [CVE-2023-52196](CVE-2023/CVE-2023-521xx/CVE-2023-52196.json) (`2024-01-08T21:15:09.820`)
* [CVE-2023-52197](CVE-2023/CVE-2023-521xx/CVE-2023-52197.json) (`2024-01-08T21:15:10.040`)
* [CVE-2023-52198](CVE-2023/CVE-2023-521xx/CVE-2023-52198.json) (`2024-01-08T21:15:10.243`)
* [CVE-2023-52201](CVE-2023/CVE-2023-522xx/CVE-2023-52201.json) (`2024-01-08T21:15:10.443`)
* [CVE-2023-52202](CVE-2023/CVE-2023-522xx/CVE-2023-52202.json) (`2024-01-08T21:15:10.633`)
* [CVE-2023-7218](CVE-2023/CVE-2023-72xx/CVE-2023-7218.json) (`2024-01-08T21:15:10.850`)
* [CVE-2023-52072](CVE-2023/CVE-2023-520xx/CVE-2023-52072.json) (`2024-01-08T22:15:45.173`)
* [CVE-2023-52073](CVE-2023/CVE-2023-520xx/CVE-2023-52073.json) (`2024-01-08T22:15:45.220`)
* [CVE-2023-52074](CVE-2023/CVE-2023-520xx/CVE-2023-52074.json) (`2024-01-08T22:15:45.267`)
### CVEs modified in the last Commit
Recently modified CVEs: `51`
Recently modified CVEs: `2`
* [CVE-2023-45561](CVE-2023/CVE-2023-455xx/CVE-2023-45561.json) (`2024-01-08T19:32:10.703`)
* [CVE-2023-26157](CVE-2023/CVE-2023-261xx/CVE-2023-26157.json) (`2024-01-08T19:33:27.113`)
* [CVE-2023-51652](CVE-2023/CVE-2023-516xx/CVE-2023-51652.json) (`2024-01-08T19:35:18.890`)
* [CVE-2023-50711](CVE-2023/CVE-2023-507xx/CVE-2023-50711.json) (`2024-01-08T19:36:27.290`)
* [CVE-2023-49794](CVE-2023/CVE-2023-497xx/CVE-2023-49794.json) (`2024-01-08T19:37:53.727`)
* [CVE-2023-6436](CVE-2023/CVE-2023-64xx/CVE-2023-6436.json) (`2024-01-08T19:40:27.743`)
* [CVE-2023-47488](CVE-2023/CVE-2023-474xx/CVE-2023-47488.json) (`2024-01-08T20:15:44.340`)
* [CVE-2024-0270](CVE-2024/CVE-2024-02xx/CVE-2024-0270.json) (`2024-01-08T19:04:24.233`)
* [CVE-2024-21650](CVE-2024/CVE-2024-216xx/CVE-2024-21650.json) (`2024-01-08T19:05:05.707`)
* [CVE-2024-21744](CVE-2024/CVE-2024-217xx/CVE-2024-21744.json) (`2024-01-08T19:05:05.707`)
* [CVE-2024-21745](CVE-2024/CVE-2024-217xx/CVE-2024-21745.json) (`2024-01-08T19:05:05.707`)
* [CVE-2024-21747](CVE-2024/CVE-2024-217xx/CVE-2024-21747.json) (`2024-01-08T19:05:05.707`)
* [CVE-2024-21628](CVE-2024/CVE-2024-216xx/CVE-2024-21628.json) (`2024-01-08T19:11:25.070`)
* [CVE-2024-21627](CVE-2024/CVE-2024-216xx/CVE-2024-21627.json) (`2024-01-08T19:23:49.707`)
* [CVE-2024-0182](CVE-2024/CVE-2024-01xx/CVE-2024-0182.json) (`2024-01-08T19:25:18.583`)
* [CVE-2024-0186](CVE-2024/CVE-2024-01xx/CVE-2024-0186.json) (`2024-01-08T19:26:38.947`)
* [CVE-2024-21623](CVE-2024/CVE-2024-216xx/CVE-2024-21623.json) (`2024-01-08T19:29:32.277`)
* [CVE-2024-0225](CVE-2024/CVE-2024-02xx/CVE-2024-0225.json) (`2024-01-08T19:41:43.560`)
* [CVE-2024-0224](CVE-2024/CVE-2024-02xx/CVE-2024-0224.json) (`2024-01-08T19:42:29.143`)
* [CVE-2024-0223](CVE-2024/CVE-2024-02xx/CVE-2024-0223.json) (`2024-01-08T19:43:03.690`)
* [CVE-2024-0222](CVE-2024/CVE-2024-02xx/CVE-2024-0222.json) (`2024-01-08T19:43:37.003`)
* [CVE-2024-0194](CVE-2024/CVE-2024-01xx/CVE-2024-0194.json) (`2024-01-08T19:44:29.260`)
* [CVE-2024-21911](CVE-2024/CVE-2024-219xx/CVE-2024-21911.json) (`2024-01-08T19:46:14.513`)
* [CVE-2024-21910](CVE-2024/CVE-2024-219xx/CVE-2024-21910.json) (`2024-01-08T19:46:25.757`)
* [CVE-2024-21908](CVE-2024/CVE-2024-219xx/CVE-2024-21908.json) (`2024-01-08T19:46:41.157`)
* [CVE-2022-29923](CVE-2022/CVE-2022-299xx/CVE-2022-29923.json) (`2024-01-08T22:15:44.267`)
* [CVE-2023-47489](CVE-2023/CVE-2023-474xx/CVE-2023-47489.json) (`2024-01-08T21:15:08.643`)
## Download and Usage