From c5e77975a940b68c604d81058352acf073a67404 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 20 Sep 2023 04:00:27 +0000 Subject: [PATCH] Auto-Update: 2023-09-20T04:00:24.364603+00:00 --- CVE-2022/CVE-2022-461xx/CVE-2022-46146.json | 8 ++- CVE-2023/CVE-2023-208xx/CVE-2023-20867.json | 10 +++- CVE-2023/CVE-2023-209xx/CVE-2023-20900.json | 10 +++- CVE-2023/CVE-2023-310xx/CVE-2023-31010.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31011.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31012.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31013.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31014.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31015.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-40xx/CVE-2023-4088.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-50xx/CVE-2023-5062.json | 63 +++++++++++++++++++++ CVE-2023/CVE-2023-50xx/CVE-2023-5063.json | 63 +++++++++++++++++++++ README.md | 40 ++++++------- 13 files changed, 552 insertions(+), 27 deletions(-) create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31010.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31011.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31012.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31013.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31014.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31015.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4088.json create mode 100644 CVE-2023/CVE-2023-50xx/CVE-2023-5062.json create mode 100644 CVE-2023/CVE-2023-50xx/CVE-2023-5063.json diff --git a/CVE-2022/CVE-2022-461xx/CVE-2022-46146.json b/CVE-2022/CVE-2022-461xx/CVE-2022-46146.json index ed3b6ba35f6..bd27a523a3c 100644 --- a/CVE-2022/CVE-2022-461xx/CVE-2022-46146.json +++ b/CVE-2022/CVE-2022-461xx/CVE-2022-46146.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46146", "sourceIdentifier": "security-advisories@github.com", "published": "2022-11-29T14:15:13.283", - "lastModified": "2023-02-01T15:39:15.070", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-20T02:15:12.573", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -139,6 +139,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6Y/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20867.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20867.json index be9a322d6c4..4487fbd9166 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20867.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20867.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20867", "sourceIdentifier": "security@vmware.com", "published": "2023-06-13T17:15:14.070", - "lastModified": "2023-09-15T22:15:10.683", + "lastModified": "2023-09-20T03:15:10.740", "vulnStatus": "Modified", "cisaExploitAdd": "2023-06-23", "cisaActionDue": "2023-07-14", @@ -12,6 +12,10 @@ { "lang": "en", "value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine." + }, + { + "lang": "es", + "value": "Un host ESXi totalmente comprometido puede obligar a VMware Tools a no poder autenticar las operaciones de host a invitado, lo que afecta la confidencialidad y la integridad de la m\u00e1quina virtual invitada." } ], "metrics": { @@ -108,6 +112,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/", "source": "security@vmware.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/", + "source": "security@vmware.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/", "source": "security@vmware.com" diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20900.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20900.json index a41313dc722..00a342e1ef3 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20900.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20900.json @@ -2,12 +2,16 @@ "id": "CVE-2023-20900", "sourceIdentifier": "security@vmware.com", "published": "2023-08-31T10:15:08.247", - "lastModified": "2023-09-15T22:15:10.827", + "lastModified": "2023-09-20T03:15:13.137", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html \u00a0in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html ." + }, + { + "lang": "es", + "value": "Un actor malicioso al que se le han otorgado Privilegios de Operaci\u00f3n de Invitado https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html en una m\u00e1quina virtual de destino es posible que pueda elevar sus privilegios si a esa m\u00e1quina virtual de destino se le ha asignado un Alias de Invitado m\u00e1s privilegiado https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/ 07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html." } ], "metrics": { @@ -168,6 +172,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/", "source": "security@vmware.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/", + "source": "security@vmware.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/", "source": "security@vmware.com" diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31010.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31010.json new file mode 100644 index 00000000000..34720ece5eb --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31010.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31010", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T02:15:18.130", + "lastModified": "2023-09-20T02:15:18.130", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31011.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31011.json new file mode 100644 index 00000000000..92020d7027d --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31011.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31011", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T02:15:19.207", + "lastModified": "2023-09-20T02:15:19.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31012.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31012.json new file mode 100644 index 00000000000..073c1c2eb5e --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31012.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31012", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T02:15:19.680", + "lastModified": "2023-09-20T02:15:19.680", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31013.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31013.json new file mode 100644 index 00000000000..256e2637999 --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31013.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31013", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T02:15:20.310", + "lastModified": "2023-09-20T02:15:20.310", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31014.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31014.json new file mode 100644 index 00000000000..4d99c7b1eb8 --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31014.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31014", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T02:15:20.783", + "lastModified": "2023-09-20T02:15:20.783", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-927" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5476", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31015.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31015.json new file mode 100644 index 00000000000..040a9805ea3 --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31015.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31015", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-09-20T02:15:21.413", + "lastModified": "2023-09-20T02:15:21.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4088.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4088.json new file mode 100644 index 00000000000..63f8b471366 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4088.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4088", + "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "published": "2023-09-20T03:15:13.687", + "lastModified": "2023-09-20T03:15:13.687", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Incorrect Default Permissions vulnerability due to incomplete fix to address CVE-2020-14496 in Mitsubishi Electric Corporation FA engineering software products allows a malicious local attacker to execute a malicious code, which could result in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition. However, if the mitigated version described in the advisory for CVE-2020-14496 is used and installed in the default installation folder, this vulnerability does not affect the products." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "references": [ + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5062.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5062.json new file mode 100644 index 00000000000..c1959878d7d --- /dev/null +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5062.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-5062", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-09-20T03:15:14.073", + "lastModified": "2023-09-20T03:15:14.073", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WordPress Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wp_charts' shortcode in versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-charts/tags/0.7.0/wordpress_charts_js.php#L223", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-charts/tags/0.7.0/wordpress_charts_js.php#L229", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2de2d2c5-1373-45b6-93a0-575713226669?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5063.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5063.json new file mode 100644 index 00000000000..14f853fb05e --- /dev/null +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5063.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-5063", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-09-20T03:15:14.457", + "lastModified": "2023-09-20T03:15:14.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/youtube-widget-responsive/trunk/youtube-widget-responsive.php?rev=2905626#L246", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2968766/youtube-widget-responsive#file1", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72daa533-8b17-420c-9b51-b5f72da2726c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a6b15469f00..ec3d6a147a8 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-20T02:00:25.925487+00:00 +2023-09-20T04:00:24.364603+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-20T01:15:56.580000+00:00 +2023-09-20T03:15:14.457000+00:00 ``` ### Last Data Feed Release @@ -29,37 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -225861 +225870 ``` ### CVEs added in the last Commit -Recently added CVEs: `18` +Recently added CVEs: `9` -* [CVE-2020-24089](CVE-2020/CVE-2020-240xx/CVE-2020-24089.json) (`2023-09-20T00:15:09.847`) -* [CVE-2023-36319](CVE-2023/CVE-2023-363xx/CVE-2023-36319.json) (`2023-09-20T00:15:10.980`) -* [CVE-2023-39575](CVE-2023/CVE-2023-395xx/CVE-2023-39575.json) (`2023-09-20T00:15:11.120`) -* [CVE-2023-25525](CVE-2023/CVE-2023-255xx/CVE-2023-25525.json) (`2023-09-20T01:15:51.370`) -* [CVE-2023-25526](CVE-2023/CVE-2023-255xx/CVE-2023-25526.json) (`2023-09-20T01:15:52.497`) -* [CVE-2023-25527](CVE-2023/CVE-2023-255xx/CVE-2023-25527.json) (`2023-09-20T01:15:52.920`) -* [CVE-2023-25528](CVE-2023/CVE-2023-255xx/CVE-2023-25528.json) (`2023-09-20T01:15:53.253`) -* [CVE-2023-25529](CVE-2023/CVE-2023-255xx/CVE-2023-25529.json) (`2023-09-20T01:15:53.497`) -* [CVE-2023-25530](CVE-2023/CVE-2023-255xx/CVE-2023-25530.json) (`2023-09-20T01:15:53.857`) -* [CVE-2023-25531](CVE-2023/CVE-2023-255xx/CVE-2023-25531.json) (`2023-09-20T01:15:54.297`) -* [CVE-2023-25532](CVE-2023/CVE-2023-255xx/CVE-2023-25532.json) (`2023-09-20T01:15:54.523`) -* [CVE-2023-25533](CVE-2023/CVE-2023-255xx/CVE-2023-25533.json) (`2023-09-20T01:15:54.900`) -* [CVE-2023-25534](CVE-2023/CVE-2023-255xx/CVE-2023-25534.json) (`2023-09-20T01:15:55.260`) -* [CVE-2023-31008](CVE-2023/CVE-2023-310xx/CVE-2023-31008.json) (`2023-09-20T01:15:55.453`) -* [CVE-2023-31009](CVE-2023/CVE-2023-310xx/CVE-2023-31009.json) (`2023-09-20T01:15:55.823`) -* [CVE-2023-38886](CVE-2023/CVE-2023-388xx/CVE-2023-38886.json) (`2023-09-20T01:15:56.153`) -* [CVE-2023-38887](CVE-2023/CVE-2023-388xx/CVE-2023-38887.json) (`2023-09-20T01:15:56.327`) -* [CVE-2023-38888](CVE-2023/CVE-2023-388xx/CVE-2023-38888.json) (`2023-09-20T01:15:56.580`) +* [CVE-2023-31010](CVE-2023/CVE-2023-310xx/CVE-2023-31010.json) (`2023-09-20T02:15:18.130`) +* [CVE-2023-31011](CVE-2023/CVE-2023-310xx/CVE-2023-31011.json) (`2023-09-20T02:15:19.207`) +* [CVE-2023-31012](CVE-2023/CVE-2023-310xx/CVE-2023-31012.json) (`2023-09-20T02:15:19.680`) +* [CVE-2023-31013](CVE-2023/CVE-2023-310xx/CVE-2023-31013.json) (`2023-09-20T02:15:20.310`) +* [CVE-2023-31014](CVE-2023/CVE-2023-310xx/CVE-2023-31014.json) (`2023-09-20T02:15:20.783`) +* [CVE-2023-31015](CVE-2023/CVE-2023-310xx/CVE-2023-31015.json) (`2023-09-20T02:15:21.413`) +* [CVE-2023-4088](CVE-2023/CVE-2023-40xx/CVE-2023-4088.json) (`2023-09-20T03:15:13.687`) +* [CVE-2023-5062](CVE-2023/CVE-2023-50xx/CVE-2023-5062.json) (`2023-09-20T03:15:14.073`) +* [CVE-2023-5063](CVE-2023/CVE-2023-50xx/CVE-2023-5063.json) (`2023-09-20T03:15:14.457`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `3` +* [CVE-2022-46146](CVE-2022/CVE-2022-461xx/CVE-2022-46146.json) (`2023-09-20T02:15:12.573`) +* [CVE-2023-20867](CVE-2023/CVE-2023-208xx/CVE-2023-20867.json) (`2023-09-20T03:15:10.740`) +* [CVE-2023-20900](CVE-2023/CVE-2023-209xx/CVE-2023-20900.json) (`2023-09-20T03:15:13.137`) ## Download and Usage