admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-08T08:00:26.687993+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-08 08:00:30 +00:00
parent bee9fd5dd8
commit cb4d849433
27 changed files with 1823 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-324xx/CVE-2023-32470.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32470",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-09-08T06:15:07.437",
"lastModified": "2023-09-08T06:15:07.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1386"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216243/dsa-2023-224",
"source": "security_alert@emc.com"
}
]
}

139
CVE-2023/CVE-2023-384xx/CVE-2023-38465.json
View File

@ -2,19 +2,146 @@
"id": "CVE-2023-38465", "id": "CVE-2023-38465",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-09-04T02:15:09.983", "published": "2023-09-04T02:15:09.983",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-08T06:44:04.463",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges" "value": "In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434", "source": "nvd@nist.gov",
"source": "security@unisoc.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434",
"source": "security@unisoc.com",
"tags": [
"Broken Link"
]
} }
] ]
} }

139
CVE-2023/CVE-2023-384xx/CVE-2023-38466.json
View File

@ -2,19 +2,146 @@
"id": "CVE-2023-38466", "id": "CVE-2023-38466",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-09-04T02:15:10.030", "published": "2023-09-04T02:15:10.030",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-08T06:44:49.057",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges" "value": "In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434", "source": "nvd@nist.gov",
"source": "security@unisoc.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434",
"source": "security@unisoc.com",
"tags": [
"Broken Link"
]
} }
] ]
} }

149
CVE-2023/CVE-2023-384xx/CVE-2023-38467.json
View File

@ -2,19 +2,156 @@
"id": "CVE-2023-38467", "id": "CVE-2023-38467",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-09-04T02:15:10.083", "published": "2023-09-04T02:15:10.083",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-08T06:45:06.603",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed" "value": "In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434", "source": "nvd@nist.gov",
"source": "security@unisoc.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434",
"source": "security@unisoc.com",
"tags": [
"Broken Link"
]
} }
] ]
} }

149
CVE-2023/CVE-2023-384xx/CVE-2023-38468.json
View File

@ -2,19 +2,156 @@
"id": "CVE-2023-38468", "id": "CVE-2023-38468",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-09-04T02:15:10.133", "published": "2023-09-04T02:15:10.133",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-08T06:45:25.753",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed" "value": "In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434", "source": "nvd@nist.gov",
"source": "security@unisoc.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434",
"source": "security@unisoc.com",
"tags": [
"Broken Link"
]
} }
] ]
} }

51
CVE-2023/CVE-2023-385xx/CVE-2023-38518.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38518", "id": "CVE-2023-38518",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-03T12:15:42.403", "published": "2023-09-03T12:15:42.403",
"lastModified": "2023-09-04T00:06:16.703", "lastModified": "2023-09-08T06:41:51.433",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://patchstack.com/database/vulnerability/borderless/wordpress-borderless-plugin-1-4-7-cross-site-scripting-xss?_s_id=cve", "nodes": [
"source": "audit@patchstack.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:visualmodo:borderless:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.8",
"matchCriteriaId": "B9D83358-9196-4B4C-8FAE-146B27066FF2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/borderless/wordpress-borderless-plugin-1-4-7-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2023/CVE-2023-385xx/CVE-2023-38521.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38521", "id": "CVE-2023-38521",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-03T12:15:42.483", "published": "2023-09-03T12:15:42.483",
"lastModified": "2023-09-04T00:06:16.703", "lastModified": "2023-09-08T06:42:06.290",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://patchstack.com/database/vulnerability/thesography/wordpress-exifography-plugin-1-3-1-cross-site-scripting-xss?_s_id=cve", "nodes": [
"source": "audit@patchstack.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kristarella:exifography:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.1",
"matchCriteriaId": "3A83F632-AD47-49A5-910D-D68E161947A0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/thesography/wordpress-exifography-plugin-1-3-1-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

139
CVE-2023/CVE-2023-385xx/CVE-2023-38553.json
View File

@ -2,19 +2,146 @@
"id": "CVE-2023-38553", "id": "CVE-2023-38553",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-09-04T02:15:10.187", "published": "2023-09-04T02:15:10.187",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-08T06:45:58.037",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed" "value": "In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434", "source": "nvd@nist.gov",
"source": "security@unisoc.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434",
"source": "security@unisoc.com",
"tags": [
"Broken Link"
]
} }
] ]
} }

149
CVE-2023/CVE-2023-385xx/CVE-2023-38554.json
View File

@ -2,19 +2,156 @@
"id": "CVE-2023-38554", "id": "CVE-2023-38554",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-09-04T02:15:10.247", "published": "2023-09-04T02:15:10.247",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-08T06:46:18.607",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In wcn bsp driver, there is a possible out of bounds write due to a missing bounds check.This could lead to local denial of service with no additional execution privileges" "value": "In wcn bsp driver, there is a possible out of bounds write due to a missing bounds check.This could lead to local denial of service with no additional execution privileges"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434", "source": "nvd@nist.gov",
"source": "security@unisoc.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434",
"source": "security@unisoc.com",
"tags": [
"Broken Link"
]
} }
] ]
} }

68
CVE-2023/CVE-2023-38xx/CVE-2023-3814.json
View File

@ -2,19 +2,52 @@
"id": "CVE-2023-3814", "id": "CVE-2023-3814",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:09.570", "published": "2023-09-04T12:15:09.570",
"lastModified": "2023-09-05T06:50:39.603", "lastModified": "2023-09-08T06:46:44.667",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server." "value": "The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -23,10 +56,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339", "nodes": [
"source": "contact@wpscan.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:advancedfilemanager:advanced_file_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.1.1",
"matchCriteriaId": "783D21AA-E44F-42FA-9295-9AE04E578323"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339",
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

50
CVE-2023/CVE-2023-393xx/CVE-2023-39370.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39370", "id": "CVE-2023-39370",
"sourceIdentifier": "cna@cyber.gov.il", "sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-09-03T15:15:13.857", "published": "2023-09-03T15:15:13.857",
"lastModified": "2023-09-04T00:06:16.703", "lastModified": "2023-09-08T06:42:31.750",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "cna@cyber.gov.il", "source": "cna@cyber.gov.il",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,30 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "nodes": [
"source": "cna@cyber.gov.il" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:startrinity:softswitch:2023-02-16:*:*:*:*:*:*:*",
"matchCriteriaId": "805C8B36-FA85-4B61-AAE1-F37B65D77DAA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

62
CVE-2023/CVE-2023-393xx/CVE-2023-39371.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39371", "id": "CVE-2023-39371",
"sourceIdentifier": "cna@cyber.gov.il", "sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-09-03T15:15:13.990", "published": "2023-09-03T15:15:13.990",
"lastModified": "2023-09-04T00:06:16.703", "lastModified": "2023-09-08T06:42:41.663",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cna@cyber.gov.il", "source": "cna@cyber.gov.il",
"type": "Secondary", "type": "Secondary",
@ -36,7 +56,7 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@cyber.gov.il", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [ "description": [
{ {
@ -44,12 +64,42 @@
"value": "CWE-601" "value": "CWE-601"
} }
] ]
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "nodes": [
"source": "cna@cyber.gov.il" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:startrinity:softswitch:2023-02-16:*:*:*:*:*:*:*",
"matchCriteriaId": "805C8B36-FA85-4B61-AAE1-F37B65D77DAA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

50
CVE-2023/CVE-2023-393xx/CVE-2023-39372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39372", "id": "CVE-2023-39372",
"sourceIdentifier": "cna@cyber.gov.il", "sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-09-03T15:15:14.127", "published": "2023-09-03T15:15:14.127",
"lastModified": "2023-09-04T00:06:16.703", "lastModified": "2023-09-08T06:43:14.083",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "cna@cyber.gov.il", "source": "cna@cyber.gov.il",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,30 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "nodes": [
"source": "cna@cyber.gov.il" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:startrinity:softswitch:2023-02-16:*:*:*:*:*:*:*",
"matchCriteriaId": "805C8B36-FA85-4B61-AAE1-F37B65D77DAA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

50
CVE-2023/CVE-2023-393xx/CVE-2023-39374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39374", "id": "CVE-2023-39374",
"sourceIdentifier": "cna@cyber.gov.il", "sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-09-03T15:15:14.453", "published": "2023-09-03T15:15:14.453",
"lastModified": "2023-09-04T00:06:16.703", "lastModified": "2023-09-08T06:43:33.377",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{ {
"source": "cna@cyber.gov.il", "source": "cna@cyber.gov.il",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,30 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "nodes": [
"source": "cna@cyber.gov.il" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:forescout:secureconnector:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FE62BB-DAD3-4AA2-B8E3-5B379F9C6284"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2023/CVE-2023-401xx/CVE-2023-40196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40196", "id": "CVE-2023-40196",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-04T12:15:09.647", "published": "2023-09-04T12:15:09.647",
"lastModified": "2023-09-05T06:50:39.603", "lastModified": "2023-09-08T06:47:13.897",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://patchstack.com/database/vulnerability/imagerecycle-pdf-image-compression/wordpress-imagerecycle-pdf-image-compression-plugin-3-1-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "nodes": [
"source": "audit@patchstack.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagerecycle:imagerecycle_pdf_\\&_image_compression:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.12",
"matchCriteriaId": "F7D48EC5-C1E6-4658-B711-D6778276DCB3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/imagerecycle-pdf-image-compression/wordpress-imagerecycle-pdf-image-compression-plugin-3-1-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2023/CVE-2023-401xx/CVE-2023-40197.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40197", "id": "CVE-2023-40197",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-04T12:15:09.737", "published": "2023-09-04T12:15:09.737",
"lastModified": "2023-09-05T06:50:39.603", "lastModified": "2023-09-08T06:47:28.880",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://patchstack.com/database/vulnerability/flowpaper-lite-pdf-flipbook/wordpress-flowpaper-plugin-1-9-9-cross-site-scripting-xss-vulnerability?_s_id=cve", "nodes": [
"source": "audit@patchstack.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flowpaper:flowpaper:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.0",
"matchCriteriaId": "5D110F02-CF15-467A-A4AD-945F638DB68D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/flowpaper-lite-pdf-flipbook/wordpress-flowpaper-plugin-1-9-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2023/CVE-2023-402xx/CVE-2023-40205.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40205", "id": "CVE-2023-40205",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-04T12:15:09.823", "published": "2023-09-04T12:15:09.823",
"lastModified": "2023-09-05T06:50:39.603", "lastModified": "2023-09-08T06:47:50.370",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://patchstack.com/database/vulnerability/pixtypes/wordpress-pixtypes-plugin-1-4-15-cross-site-scripting-xss-vulnerability?_s_id=cve", "nodes": [
"source": "audit@patchstack.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pixelgrade:pixtypes:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.15",
"matchCriteriaId": "BE31ACBF-A272-40D5-968B-30DB6D75635B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pixtypes/wordpress-pixtypes-plugin-1-4-15-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2023/CVE-2023-402xx/CVE-2023-40214.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40214", "id": "CVE-2023-40214",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-04T12:15:09.917", "published": "2023-09-04T12:15:09.917",
"lastModified": "2023-09-05T06:50:39.603", "lastModified": "2023-09-08T06:48:16.773",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://patchstack.com/database/vulnerability/business-pro/wordpress-business-pro-theme-1-10-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "nodes": [
"source": "audit@patchstack.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bestdivichild:business_pro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.10.4",
"matchCriteriaId": "3209FABA-3358-4C69-BC48-81109031A7E3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/business-pro/wordpress-business-pro-theme-1-10-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

72
CVE-2023/CVE-2023-40xx/CVE-2023-4059.json
View File

@ -2,18 +2,41 @@
"id": "CVE-2023-4059", "id": "CVE-2023-4059",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.110", "published": "2023-09-04T12:15:10.110",
"lastModified": "2023-09-05T06:50:39.603", "lastModified": "2023-09-08T06:49:52.050",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog" "value": "The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [ "description": [
{ {
@ -25,12 +48,47 @@
"value": "CWE-862" "value": "CWE-862"
} }
] ]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"
}
]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://wpscan.com/vulnerability/fc719d12-2f58-4d1f-b696-0f937e706842", "nodes": [
"source": "contact@wpscan.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.9.8",
"matchCriteriaId": "C4A365CC-2DF7-4631-AE56-71BE078F9148"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/fc719d12-2f58-4d1f-b696-0f937e706842",
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

56
CVE-2023/CVE-2023-41xx/CVE-2023-4151.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-4151", "id": "CVE-2023-4151",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.187", "published": "2023-09-04T12:15:10.187",
"lastModified": "2023-09-05T06:50:39.603", "lastModified": "2023-09-08T06:50:46.980",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" "value": "The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://wpscan.com/vulnerability/c9d80aa4-a26d-4b3f-b7bf-9d2fb0560d7b", "nodes": [
"source": "contact@wpscan.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:agilelogix:store_locator:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4.13",
"matchCriteriaId": "BBABF197-4EA1-48E2-9471-0AACB345391F"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/c9d80aa4-a26d-4b3f-b7bf-9d2fb0560d7b",
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

57
CVE-2023/CVE-2023-42xx/CVE-2023-4216.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-4216", "id": "CVE-2023-4216",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.257", "published": "2023-09-04T12:15:10.257",
"lastModified": "2023-09-05T06:50:39.603", "lastModified": "2023-09-08T06:51:11.473",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file." "value": "The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://wpscan.com/vulnerability/8189afc4-17b3-4696-89e1-731011cb9e2b", "nodes": [
"source": "contact@wpscan.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:villatheme:orders_tracking_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.6",
"matchCriteriaId": "11C15F9C-1CB9-4A4C-AA26-62C47C1F352A"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8189afc4-17b3-4696-89e1-731011cb9e2b",
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

57
CVE-2023/CVE-2023-42xx/CVE-2023-4253.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-4253", "id": "CVE-2023-4253",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.333", "published": "2023-09-04T12:15:10.333",
"lastModified": "2023-09-05T06:50:39.603", "lastModified": "2023-09-08T06:51:26.167",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" "value": "The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://wpscan.com/vulnerability/1cbbab9e-be3d-4081-bc0e-c52d500d9871", "nodes": [
"source": "contact@wpscan.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.7.8",
"matchCriteriaId": "3E7BCEE7-BF2A-42B9-88C7-A3D86854A1D0"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/1cbbab9e-be3d-4081-bc0e-c52d500d9871",
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

57
CVE-2023/CVE-2023-42xx/CVE-2023-4254.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-4254", "id": "CVE-2023-4254",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.403", "published": "2023-09-04T12:15:10.403",
"lastModified": "2023-09-05T06:50:39.603", "lastModified": "2023-09-08T06:51:43.910",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" "value": "The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://wpscan.com/vulnerability/0dfffe48-e60d-4bab-b194-8a63554246c3", "nodes": [
"source": "contact@wpscan.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.7.8",
"matchCriteriaId": "3E7BCEE7-BF2A-42B9-88C7-A3D86854A1D0"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0dfffe48-e60d-4bab-b194-8a63554246c3",
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

69
CVE-2023/CVE-2023-42xx/CVE-2023-4269.json
View File

@ -2,19 +2,52 @@
"id": "CVE-2023-4269", "id": "CVE-2023-4269",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.470", "published": "2023-09-04T12:15:10.470",
"lastModified": "2023-09-05T06:50:39.603", "lastModified": "2023-09-08T06:52:07.987",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses." "value": "The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -23,10 +56,32 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://wpscan.com/vulnerability/db3e4336-117c-47f2-9b43-2ca115525297", "nodes": [
"source": "contact@wpscan.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solwininfotech:user_activity_log:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6.6",
"matchCriteriaId": "29A3F2DC-6FFA-488B-8B66-F30684240C97"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/db3e4336-117c-47f2-9b43-2ca115525297",
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

56
CVE-2023/CVE-2023-42xx/CVE-2023-4284.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-4284", "id": "CVE-2023-4284",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.627", "published": "2023-09-04T12:15:10.627",
"lastModified": "2023-09-05T06:50:39.603", "lastModified": "2023-09-08T06:52:31.817",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" "value": "The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://wpscan.com/vulnerability/1c126869-0afa-456f-94cc-10334964e5f9", "nodes": [
"source": "contact@wpscan.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:agilelogix:post_timeline:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.6",
"matchCriteriaId": "02928EDD-1486-4573-A885-E95FCFE201E4"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/1c126869-0afa-456f-94cc-10334964e5f9",
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

57
CVE-2023/CVE-2023-42xx/CVE-2023-4298.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-4298", "id": "CVE-2023-4298",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:10.693", "published": "2023-09-04T12:15:10.693",
"lastModified": "2023-09-05T06:50:39.603", "lastModified": "2023-09-08T06:52:38.323",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" "value": "The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://wpscan.com/vulnerability/36285052-8464-4fd6-b4b1-c175e730edad", "nodes": [
"source": "contact@wpscan.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:123.chat:123.chat:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.1",
"matchCriteriaId": "FC593906-A926-4F05-B83A-CBBA5BFBCC39"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/36285052-8464-4fd6-b4b1-c175e730edad",
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

41
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-09-08T06:00:25.613057+00:00 2023-09-08T08:00:26.687993+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-09-08T05:15:43.073000+00:00 2023-09-08T06:52:38.323000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,24 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
224503 224504
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `0` Recently added CVEs: `1`
* [CVE-2023-32470](CVE-2023/CVE-2023-324xx/CVE-2023-32470.json) (`2023-09-08T06:15:07.437`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `5` Recently modified CVEs: `25`
* [CVE-2023-4761](CVE-2023/CVE-2023-47xx/CVE-2023-4761.json) (`2023-09-08T04:15:10.137`) * [CVE-2023-38518](CVE-2023/CVE-2023-385xx/CVE-2023-38518.json) (`2023-09-08T06:41:51.433`)
* [CVE-2023-4762](CVE-2023/CVE-2023-47xx/CVE-2023-4762.json) (`2023-09-08T04:15:11.017`) * [CVE-2023-38521](CVE-2023/CVE-2023-385xx/CVE-2023-38521.json) (`2023-09-08T06:42:06.290`)
* [CVE-2023-4763](CVE-2023/CVE-2023-47xx/CVE-2023-4763.json) (`2023-09-08T04:15:11.350`) * [CVE-2023-39370](CVE-2023/CVE-2023-393xx/CVE-2023-39370.json) (`2023-09-08T06:42:31.750`)
* [CVE-2023-4764](CVE-2023/CVE-2023-47xx/CVE-2023-4764.json) (`2023-09-08T04:15:11.677`) * [CVE-2023-39371](CVE-2023/CVE-2023-393xx/CVE-2023-39371.json) (`2023-09-08T06:42:41.663`)
* [CVE-2023-33546](CVE-2023/CVE-2023-335xx/CVE-2023-33546.json) (`2023-09-08T05:15:43.073`) * [CVE-2023-39372](CVE-2023/CVE-2023-393xx/CVE-2023-39372.json) (`2023-09-08T06:43:14.083`)
* [CVE-2023-39374](CVE-2023/CVE-2023-393xx/CVE-2023-39374.json) (`2023-09-08T06:43:33.377`)
* [CVE-2023-38465](CVE-2023/CVE-2023-384xx/CVE-2023-38465.json) (`2023-09-08T06:44:04.463`)
* [CVE-2023-38466](CVE-2023/CVE-2023-384xx/CVE-2023-38466.json) (`2023-09-08T06:44:49.057`)
* [CVE-2023-38467](CVE-2023/CVE-2023-384xx/CVE-2023-38467.json) (`2023-09-08T06:45:06.603`)
* [CVE-2023-38468](CVE-2023/CVE-2023-384xx/CVE-2023-38468.json) (`2023-09-08T06:45:25.753`)
* [CVE-2023-38553](CVE-2023/CVE-2023-385xx/CVE-2023-38553.json) (`2023-09-08T06:45:58.037`)
* [CVE-2023-38554](CVE-2023/CVE-2023-385xx/CVE-2023-38554.json) (`2023-09-08T06:46:18.607`)
* [CVE-2023-3814](CVE-2023/CVE-2023-38xx/CVE-2023-3814.json) (`2023-09-08T06:46:44.667`)
* [CVE-2023-40196](CVE-2023/CVE-2023-401xx/CVE-2023-40196.json) (`2023-09-08T06:47:13.897`)
* [CVE-2023-40197](CVE-2023/CVE-2023-401xx/CVE-2023-40197.json) (`2023-09-08T06:47:28.880`)
* [CVE-2023-40205](CVE-2023/CVE-2023-402xx/CVE-2023-40205.json) (`2023-09-08T06:47:50.370`)
* [CVE-2023-40214](CVE-2023/CVE-2023-402xx/CVE-2023-40214.json) (`2023-09-08T06:48:16.773`)
* [CVE-2023-4059](CVE-2023/CVE-2023-40xx/CVE-2023-4059.json) (`2023-09-08T06:49:52.050`)
* [CVE-2023-4151](CVE-2023/CVE-2023-41xx/CVE-2023-4151.json) (`2023-09-08T06:50:46.980`)
* [CVE-2023-4216](CVE-2023/CVE-2023-42xx/CVE-2023-4216.json) (`2023-09-08T06:51:11.473`)
* [CVE-2023-4253](CVE-2023/CVE-2023-42xx/CVE-2023-4253.json) (`2023-09-08T06:51:26.167`)
* [CVE-2023-4254](CVE-2023/CVE-2023-42xx/CVE-2023-4254.json) (`2023-09-08T06:51:43.910`)
* [CVE-2023-4269](CVE-2023/CVE-2023-42xx/CVE-2023-4269.json) (`2023-09-08T06:52:07.987`)
* [CVE-2023-4284](CVE-2023/CVE-2023-42xx/CVE-2023-4284.json) (`2023-09-08T06:52:31.817`)
* [CVE-2023-4298](CVE-2023/CVE-2023-42xx/CVE-2023-4298.json) (`2023-09-08T06:52:38.323`)
## Download and Usage ## Download and Usage