Auto-Update: 2023-08-14T12:00:27.213791+00:00

2025-07-11 16:13:34 +00:00 · 2023-08-14 12:00:30 +00:00 · 2023-08-14 12:00:30 +00:00 · c8c1982fa3
commit c8c1982fa3
parent d0b54e509a
4 changed files with 125 additions and 9 deletions
--- a/CVE-2022/CVE-2022-41xx/CVE-2022-4115.json
+++ b/CVE-2022/CVE-2022-41xx/CVE-2022-4115.json
@ -2,12 +2,12 @@
  "id": "CVE-2022-4115",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2023-06-27T14:15:10.077",
-  "lastModified": "2023-07-03T20:37:29.117",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-08-14T11:15:09.197",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "The Editorial Calendar WordPress plugin through 3.7.12 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users."
+      "value": "The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-31xx/CVE-2023-3160.json
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3160.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3160",
+  "sourceIdentifier": "security@eset.com",
+  "published": "2023-08-14T10:15:09.503",
+  "lastModified": "2023-08-14T10:15:09.503",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nThe vulnerability potentially allows an attacker to misuse ESET\u2019s file operations during the module update to delete or move files without having proper permissions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@eset.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@eset.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-269"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://support.eset.com/en/ca8466",
+      "source": "security@eset.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-43xx/CVE-2023-4321.json
+++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4321.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-4321",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-08-14T11:15:09.443",
+  "lastModified": "2023-08-14T11:15:09.443",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "LOW",
+          "baseScore": 8.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/cockpit-hq/cockpit/commit/34ab31ee9362da51b9709e178469dbffd7717249",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.dev/bounties/fce38751-bfd6-484c-b6e1-935e0aa8ffdc",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-08-14T08:00:34.156555+00:00
+2023-08-14T12:00:27.213791+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-08-14T06:15:09.683000+00:00
+2023-08-14T11:15:09.443000+00:00
 ```

 ### Last Data Feed Release
@ -29,20 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-222554
+222556
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

-* [CVE-2023-40305](CVE-2023/CVE-2023-403xx/CVE-2023-40305.json) (`2023-08-14T06:15:09.683`)
+* [CVE-2023-3160](CVE-2023/CVE-2023-31xx/CVE-2023-3160.json) (`2023-08-14T10:15:09.503`)
+* [CVE-2023-4321](CVE-2023/CVE-2023-43xx/CVE-2023-4321.json) (`2023-08-14T11:15:09.443`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+* [CVE-2022-4115](CVE-2022/CVE-2022-41xx/CVE-2022-4115.json) (`2023-08-14T11:15:09.197`)


 ## Download and Usage