diff --git a/CVE-2020/CVE-2020-226xx/CVE-2020-22612.json b/CVE-2020/CVE-2020-226xx/CVE-2020-22612.json index 1762ebfb2e9..1cc7f38b133 100644 --- a/CVE-2020/CVE-2020-226xx/CVE-2020-22612.json +++ b/CVE-2020/CVE-2020-226xx/CVE-2020-22612.json @@ -2,8 +2,8 @@ "id": "CVE-2020-22612", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:07.533", - "lastModified": "2023-09-01T16:15:07.533", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-34xx/CVE-2022-3407.json b/CVE-2022/CVE-2022-34xx/CVE-2022-3407.json index da0c3a5a92a..cbf1418ef42 100644 --- a/CVE-2022/CVE-2022-34xx/CVE-2022-3407.json +++ b/CVE-2022/CVE-2022-34xx/CVE-2022-3407.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3407", "sourceIdentifier": "psirt@lenovo.com", "published": "2023-09-01T17:15:07.463", - "lastModified": "2023-09-01T17:15:07.463", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-432xx/CVE-2022-43293.json b/CVE-2022/CVE-2022-432xx/CVE-2022-43293.json index c6fb6aaa1bb..c1f51266ef1 100644 --- a/CVE-2022/CVE-2022-432xx/CVE-2022-43293.json +++ b/CVE-2022/CVE-2022-432xx/CVE-2022-43293.json @@ -2,8 +2,8 @@ "id": "CVE-2022-43293", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-11T01:15:06.987", - "lastModified": "2023-04-14T17:58:45.077", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-01T21:15:07.460", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -69,6 +69,10 @@ } ], "references": [ + { + "url": "https://cdn.wacom.com/u/productsupport/drivers/win/professional/releasenotes/Windows_6.4.2-1.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/LucaBarile/CVE-2022-43293", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1523.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1523.json index ba480edc4e6..1eb74aa106a 100644 --- a/CVE-2023/CVE-2023-15xx/CVE-2023-1523.json +++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1523.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1523", "sourceIdentifier": "security@ubuntu.com", "published": "2023-09-01T19:15:42.707", - "lastModified": "2023-09-01T19:15:42.707", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23763.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23763.json index 1b4fbc17e3a..b2ac9cd6423 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23763.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23763.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23763", "sourceIdentifier": "product-cna@github.com", "published": "2023-09-01T15:15:07.620", - "lastModified": "2023-09-01T15:15:07.620", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2352.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2352.json index def1799ac6d..f7327106af0 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2352.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2352.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2352", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-31T06:15:09.313", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T21:10:59.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,22 +46,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sureshchand:chp_ads_block_detector:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.9.4", + "matchCriteriaId": "823E8242-2D7D-4C3F-91B9-B37E819CE227" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2920522/chp-ads-block-detector", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2922313/chp-ads-block-detector", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2926660/chp-ads-block-detector", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5a9cced-0e5e-4b6e-8291-0a862c9f9523?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2353.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2353.json index c1cf8d1c22e..6c5f7233572 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2353.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2353.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2353", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-31T06:15:09.503", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T21:10:49.027", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,6 +31,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, @@ -46,22 +66,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sureshchand:chp_ads_block_detector:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.9.4", + "matchCriteriaId": "823E8242-2D7D-4C3F-91B9-B37E819CE227" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2920522/chp-ads-block-detector", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2922313/chp-ads-block-detector", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2926660/chp-ads-block-detector", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4eca64d7-6e33-4b8e-af37-a3e8bbf2b76f?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2354.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2354.json index 75584caae5c..311410b191c 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2354.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2354.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2354", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-31T06:15:09.617", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T21:10:29.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -46,22 +66,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sureshchand:chp_ads_block_detector:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.9.4", + "matchCriteriaId": "823E8242-2D7D-4C3F-91B9-B37E819CE227" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2920522/chp-ads-block-detector", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2922313/chp-ads-block-detector", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2926660/chp-ads-block-detector", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f8514c9-0e11-4e26-ba0b-1d08a990b56c?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24412.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24412.json index 6e8cf723532..66c18d94f58 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24412.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24412.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24412", "sourceIdentifier": "audit@patchstack.com", "published": "2023-09-01T11:15:40.863", - "lastModified": "2023-09-01T11:47:43.290", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T20:28:44.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:web-settler:image_social_feed:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.7.6", + "matchCriteriaId": "ED583508-9A16-4BAF-A846-BE5E07A9194F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/add-instagram/wordpress-image-social-feed-plugin-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-246xx/CVE-2023-24675.json b/CVE-2023/CVE-2023-246xx/CVE-2023-24675.json index 93c44439c75..8df41d4a050 100644 --- a/CVE-2023/CVE-2023-246xx/CVE-2023-24675.json +++ b/CVE-2023/CVE-2023-246xx/CVE-2023-24675.json @@ -2,23 +2,83 @@ "id": "CVE-2023-24675", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T10:15:08.080", - "lastModified": "2023-09-01T11:47:50.290", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T20:28:00.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bludit:bludit:3.14.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E1884F54-CD39-43CC-B52B-8B2335A09CDB" + } + ] + } + ] + } + ], "references": [ { "url": "https://cupc4k3.medium.com/cve-2023-24674-uncovering-a-privilege-escalation-vulnerability-in-bludit-cms-dcf86c41107", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://medium.com/@cupc4k3/xss-stored-in-friendly-url-field-on-bludit-cms-641a9dd653f", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25042.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25042.json index cc6e18d9579..e22698b8ec7 100644 --- a/CVE-2023/CVE-2023-250xx/CVE-2023-25042.json +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25042.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25042", "sourceIdentifier": "audit@patchstack.com", "published": "2023-09-01T11:15:41.097", - "lastModified": "2023-09-01T11:47:43.290", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T20:47:28.010", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stormconsultancy:oauth_twitter_feed_for_developers:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.3.0", + "matchCriteriaId": "7D58AA74-1308-4C21-8673-74981AB141AE" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/oauth-twitter-feed-for-developers/wordpress-oauth-twitter-feed-for-developers-plugin-2-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25044.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25044.json index e803fe7e61d..b98b78227d8 100644 --- a/CVE-2023/CVE-2023-250xx/CVE-2023-25044.json +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25044.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25044", "sourceIdentifier": "audit@patchstack.com", "published": "2023-09-01T11:15:41.313", - "lastModified": "2023-09-01T11:47:43.290", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T20:47:45.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sumo:social_share_boost:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.5", + "matchCriteriaId": "AB1892B9-68AC-4F6E-91F2-24CEAE155F04" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/social-share-boost/wordpress-social-share-boost-plugin-4-4-cross-site-scripting-xss-vulnerability-2?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json index 4869e3aa78f..31a1d6947a4 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28366", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:07.790", - "lastModified": "2023-09-01T16:15:07.790", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3162.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3162.json index 3a0d5095566..ac1294f134e 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3162.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3162.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3162", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-31T06:15:09.737", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T20:52:57.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,18 +46,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webtoffee:stripe_payment_plugin_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.7.7", + "matchCriteriaId": "D869C0F7-157C-4275-9389-713838B658A1" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/payment-gateway-stripe-and-woocommerce-integration/tags/3.7.7/includes/class-stripe-checkout.php#L640", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2925361/payment-gateway-stripe-and-woocommerce-integration", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d052f3e-8554-43f0-a5ae-1de09c198d7b?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3205.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3205.json index 1d09d6e38b4..cad3c7d0d4e 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3205.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3205.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3205", "sourceIdentifier": "cve@gitlab.com", "published": "2023-09-01T11:15:41.850", - "lastModified": "2023-09-01T11:47:43.290", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T21:13:41.500", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -46,14 +76,70 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "15.11", + "versionEndExcluding": "16.1.5", + "matchCriteriaId": "190E843E-6F15-4DD2-A5C4-C797BE750DA0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "15.11", + "versionEndExcluding": "16.1.5", + "matchCriteriaId": "1933945E-1CCB-4611-ABA6-9CD834CA6E62" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.2", + "versionEndExcluding": "16.2.5", + "matchCriteriaId": "18116007-7452-495F-80A1-39499882656E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.2", + "versionEndExcluding": "16.2.5", + "matchCriteriaId": "4E03E8BA-63C8-47D5-B5A1-26DF199E1F65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*", + "matchCriteriaId": "EE9B8DE8-9990-494B-BDBE-F867DDBB9D57" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "08D6B555-39B6-493D-8460-3DC998BAF651" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415067", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://hackerone.com/reports/2011464", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3210.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3210.json index c15176a63a7..05f848c93a3 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3210.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3210.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3210", "sourceIdentifier": "cve@gitlab.com", "published": "2023-09-01T11:15:42.053", - "lastModified": "2023-09-01T11:47:43.290", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T21:13:51.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -46,14 +76,70 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "15.11", + "versionEndExcluding": "16.1.5", + "matchCriteriaId": "190E843E-6F15-4DD2-A5C4-C797BE750DA0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "15.11", + "versionEndExcluding": "16.1.5", + "matchCriteriaId": "1933945E-1CCB-4611-ABA6-9CD834CA6E62" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.2", + "versionEndExcluding": "16.2.5", + "matchCriteriaId": "18116007-7452-495F-80A1-39499882656E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.2", + "versionEndExcluding": "16.2.5", + "matchCriteriaId": "4E03E8BA-63C8-47D5-B5A1-26DF199E1F65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*", + "matchCriteriaId": "EE9B8DE8-9990-494B-BDBE-F867DDBB9D57" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "08D6B555-39B6-493D-8460-3DC998BAF651" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415074", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://hackerone.com/reports/2011474", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3297.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3297.json new file mode 100644 index 00000000000..19353731942 --- /dev/null +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3297.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-3297", + "sourceIdentifier": "security@ubuntu.com", + "published": "2023-09-01T21:15:07.977", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182", + "source": "security@ubuntu.com" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297", + "source": "security@ubuntu.com" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/", + "source": "security@ubuntu.com" + }, + { + "url": "https://ubuntu.com/security/notices/USN-6190-1", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33833.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33833.json index 7a7331aa6fc..f222b5856e3 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33833.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33833.json @@ -2,16 +2,40 @@ "id": "CVE-2023-33833", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-08-31T13:15:42.310", - "lastModified": "2023-08-31T17:26:00.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T20:49:16.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013." + }, + { + "lang": "es", + "value": "IBM Security Verify Information Queue v10.0.4 y v10.0.5 almacena informaci\u00f3n confidencial en texto claro que puede ser le\u00edda por un usuario local. IBM X-Force ID: 256013." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +80,56 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_information_queue:10.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "1A17418B-EB46-4D94-85DD-2BEB4AAB43E6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_information_queue:10.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "82484EB1-ED0C-4195-BC80-161B3032FBD7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/256013", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7029584", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33834.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33834.json index fe2dc57e87d..b2b346f2267 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33834.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33834.json @@ -2,16 +2,40 @@ "id": "CVE-2023-33834", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-08-31T14:15:08.563", - "lastModified": "2023-08-31T17:26:00.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T20:48:26.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014." + }, + { + "lang": "es", + "value": "IBM Security Verify Information Queue v10.0.4 y v10.0.5 podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n sensible que podr\u00eda ayudar en futuros ataques contra el sistema. IBM X-force ID: 256014." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +80,55 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_information_queue:10.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "1A17418B-EB46-4D94-85DD-2BEB4AAB43E6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_information_queue:10.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "82484EB1-ED0C-4195-BC80-161B3032FBD7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/256014", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry" + ] }, { "url": "https://www.ibm.com/support/pages/node/7029584", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33835.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33835.json index 7cc03a55cca..4705966da24 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33835.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33835.json @@ -2,16 +2,40 @@ "id": "CVE-2023-33835", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-08-31T14:15:08.657", - "lastModified": "2023-08-31T17:26:00.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T20:48:06.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015." + }, + { + "lang": "es", + "value": "IBM Security Verify Information Queue v10.0.4 y v10.0.5 podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n sensible que podr\u00eda ayudar en futuros ataques contra el sistema. IBM X-Force ID: 256015. " } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +80,55 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_information_queue:10.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "1A17418B-EB46-4D94-85DD-2BEB4AAB43E6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_information_queue:10.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "82484EB1-ED0C-4195-BC80-161B3032FBD7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/256015", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry" + ] }, { "url": "https://www.ibm.com/support/pages/node/7029584", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3404.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3404.json index c9b3f5d46ca..66794ca0850 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3404.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3404.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3404", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-31T06:15:09.860", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T20:52:48.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,18 +46,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.5.0", + "matchCriteriaId": "DE279283-024F-4B29-97FB-51BBE207C3B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.4.8/includes/class-profile-magic-request.php#L325", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2936383/profilegrid-user-profiles-groups-and-communities#file475", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d490bfb-6560-428e-ad91-0f8d8bc9b1f2?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36076.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36076.json index 5708967b880..21bd9d82db2 100644 --- a/CVE-2023/CVE-2023-360xx/CVE-2023-36076.json +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36076.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36076", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:07.857", - "lastModified": "2023-09-01T16:15:07.857", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36088.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36088.json index f7007c0ac39..dd956f1a9a9 100644 --- a/CVE-2023/CVE-2023-360xx/CVE-2023-36088.json +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36088.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36088", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:07.910", - "lastModified": "2023-09-01T16:15:07.910", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36100.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36100.json index 1a635dffb85..4c9f25f1ef4 100644 --- a/CVE-2023/CVE-2023-361xx/CVE-2023-36100.json +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36100.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36100", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:07.967", - "lastModified": "2023-09-01T16:15:07.967", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36187.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36187.json index a340ae002b3..a5336aec8e9 100644 --- a/CVE-2023/CVE-2023-361xx/CVE-2023-36187.json +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36187.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36187", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:08.020", - "lastModified": "2023-09-01T16:15:08.020", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36326.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36326.json index af5963bcd41..eba75412304 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36326.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36326.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36326", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:08.077", - "lastModified": "2023-09-01T16:15:08.077", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36327.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36327.json index c74c6c6fc66..c7d24c9e661 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36327.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36327.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36327", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:08.127", - "lastModified": "2023-09-01T16:15:08.127", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36328.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36328.json index be345e35c66..7d85e2bd58d 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36328.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36328.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36328", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:08.177", - "lastModified": "2023-09-01T16:15:08.177", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36741.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36741.json index b1e6ef54e8b..2fa668cce8a 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36741.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36741.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36741", "sourceIdentifier": "secure@microsoft.com", "published": "2023-08-26T01:15:08.460", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T20:25:16.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", @@ -34,10 +54,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.1938.62", + "matchCriteriaId": "7C0071E7-E3D9-4BDE-9BA7-5778B824D5ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36741", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39582.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39582.json index 68429860da9..7cddda95f7a 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39582.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39582.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39582", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:08.230", - "lastModified": "2023-09-01T16:15:08.230", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-396xx/CVE-2023-39631.json b/CVE-2023/CVE-2023-396xx/CVE-2023-39631.json index 053f9945df6..0c79825bb8c 100644 --- a/CVE-2023/CVE-2023-396xx/CVE-2023-39631.json +++ b/CVE-2023/CVE-2023-396xx/CVE-2023-39631.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39631", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:08.370", - "lastModified": "2023-09-01T16:15:08.370", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-397xx/CVE-2023-39710.json b/CVE-2023/CVE-2023-397xx/CVE-2023-39710.json index 0d2ed56da9a..f17e6fba4e3 100644 --- a/CVE-2023/CVE-2023-397xx/CVE-2023-39710.json +++ b/CVE-2023/CVE-2023-397xx/CVE-2023-39710.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39710", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T14:15:07.777", - "lastModified": "2023-09-01T14:15:07.777", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-397xx/CVE-2023-39714.json b/CVE-2023/CVE-2023-397xx/CVE-2023-39714.json index 3c5535cebdc..4be6a8b62d5 100644 --- a/CVE-2023/CVE-2023-397xx/CVE-2023-39714.json +++ b/CVE-2023/CVE-2023-397xx/CVE-2023-39714.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39714", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T18:15:07.710", - "lastModified": "2023-09-01T18:15:07.710", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3915.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3915.json index a2f6e412cec..5e369c7f976 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3915.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3915.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3915", "sourceIdentifier": "cve@gitlab.com", "published": "2023-09-01T11:15:42.267", - "lastModified": "2023-09-01T11:47:43.290", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T21:14:01.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -46,14 +76,70 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.1.0", + "versionEndExcluding": "16.1.5", + "matchCriteriaId": "9CE5E96F-15A1-43AB-ABF6-3B1490B5D12C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.1.0", + "versionEndExcluding": "16.1.5", + "matchCriteriaId": "D8DD59A9-B682-4B74-8E18-29210812CAFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.2", + "versionEndExcluding": "16.2.5", + "matchCriteriaId": "18116007-7452-495F-80A1-39499882656E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.2", + "versionEndExcluding": "16.2.5", + "matchCriteriaId": "4E03E8BA-63C8-47D5-B5A1-26DF199E1F65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*", + "matchCriteriaId": "EE9B8DE8-9990-494B-BDBE-F867DDBB9D57" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "08D6B555-39B6-493D-8460-3DC998BAF651" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417664", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://hackerone.com/reports/2040834", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3950.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3950.json index 3367e189c7e..23601ea5ffa 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3950.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3950.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3950", "sourceIdentifier": "cve@gitlab.com", "published": "2023-09-01T11:15:42.457", - "lastModified": "2023-09-01T11:47:43.290", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T21:14:48.253", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.8, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 2.5 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -46,14 +76,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.2", + "versionEndExcluding": "16.2.5", + "matchCriteriaId": "18116007-7452-495F-80A1-39499882656E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.2", + "versionEndExcluding": "16.2.5", + "matchCriteriaId": "4E03E8BA-63C8-47D5-B5A1-26DF199E1F65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*", + "matchCriteriaId": "EE9B8DE8-9990-494B-BDBE-F867DDBB9D57" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "08D6B555-39B6-493D-8460-3DC998BAF651" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419675", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://hackerone.com/reports/2079154", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40585.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40585.json index 9980ac1fa9d..8cf383e72b4 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40585.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40585.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40585", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-25T21:15:09.103", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T21:15:12.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:metal3:ironic-image:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.3", + "matchCriteriaId": "27B0C984-15D2-41CB-AA20-456063F11DED" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/metal3-io/ironic-image/commit/f64bb6ce0945bbfb30d9965f98149ea183311de9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/metal3-io/ironic-image/security/advisories/GHSA-jwpr-9fwh-m4g7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40771.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40771.json index 68b723c575c..61e6d84839a 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40771.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40771.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40771", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:08.423", - "lastModified": "2023-09-01T16:15:08.423", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40837.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40837.json index 53f532430c8..82fe018c0c8 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40837.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40837.json @@ -2,19 +2,86 @@ "id": "CVE-2023-40837", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T17:15:10.337", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-01T20:23:05.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the \"formSetIptv\" function, obtaining the \"list\" and \"vlanId\" fields, unfiltered passing these two fields as parameters to the \"sub_ADD50\" function to execute commands." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*", + "matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/2/2.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40838.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40838.json index aad6076e9a2..7f518e8bf67 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40838.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40838.json @@ -2,19 +2,87 @@ "id": "CVE-2023-40838", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T17:15:10.397", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-01T20:12:42.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*", + "matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/1/1.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40968.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40968.json index cac5194f2fd..fed2a2f4b15 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40968.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40968.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40968", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:08.473", - "lastModified": "2023-09-01T16:15:08.473", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40980.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40980.json index d63063119fb..13f1697eedf 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40980.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40980.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40980", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:08.523", - "lastModified": "2023-09-01T16:15:08.523", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41046.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41046.json new file mode 100644 index 00000000000..d50b71c5f8c --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41046.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-41046", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-01T20:15:07.540", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type \"TextArea\" and content type \"VelocityCode\" or \"VelocityWiki\". For the former, the syntax of the document needs to be set the `xwiki/1.0` (this syntax doesn't need to be installed). In both cases, when adding the property to an object, the Velocity code is executed regardless of the rights of the author of the property (edit right is still required, though). In both cases, the code is executed with the correct context author so no privileged APIs can be accessed. However, Velocity still grants access to otherwise inaccessible data and APIs that could allow further privilege escalation. At least for \"VelocityCode\", this behavior is most likely very old but only since XWiki 7.2, script right is a separate right, before that version all users were allowed to execute Velocity and thus this was expected and not a security issue. This has been patched in XWiki 14.10.10 and 15.4 RC1. Users are advised to upgrade. There are no known workarounds." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/edc52579eeaab1b4514785c134044671a1ecd839", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m5m2-h6h9-p2c8", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20847", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20848", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41049.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41049.json new file mode 100644 index 00000000000..b51f2a420d0 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41049.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-41049", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-01T20:15:07.873", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/decentraland/single-sign-on-client/commit/bd20ea9533d0cda30809d929db85b1b76cef855a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/decentraland/single-sign-on-client/security/advisories/GHSA-vp4f-wxgw-7x8x", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json index cb4491067f0..4a6fafe870d 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41051", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-01T19:15:42.883", - "lastModified": "2023-09-01T19:15:42.883", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-415xx/CVE-2023-41560.json b/CVE-2023/CVE-2023-415xx/CVE-2023-41560.json index cc6be3c4284..11fef636003 100644 --- a/CVE-2023/CVE-2023-415xx/CVE-2023-41560.json +++ b/CVE-2023/CVE-2023-415xx/CVE-2023-41560.json @@ -2,19 +2,87 @@ "id": "CVE-2023-41560", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T13:15:14.390", - "lastModified": "2023-08-30T13:23:15.070", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-01T20:11:06.583", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*", + "matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/peris-navince/founded-0-days/blob/main/formSetFirewallCfg/1.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-415xx/CVE-2023-41561.json b/CVE-2023/CVE-2023-415xx/CVE-2023-41561.json index 26c1282107c..7ad9e944277 100644 --- a/CVE-2023/CVE-2023-415xx/CVE-2023-41561.json +++ b/CVE-2023/CVE-2023-415xx/CVE-2023-41561.json @@ -2,19 +2,114 @@ "id": "CVE-2023-41561", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T13:15:14.483", - "lastModified": "2023-08-30T13:23:15.070", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-01T20:16:09.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*", + "matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*", + "matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/peris-navince/founded-0-days/blob/main/formSetPPTPServer/1.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-415xx/CVE-2023-41562.json b/CVE-2023/CVE-2023-415xx/CVE-2023-41562.json index fc0482b8098..e265d57d056 100644 --- a/CVE-2023/CVE-2023-415xx/CVE-2023-41562.json +++ b/CVE-2023/CVE-2023-415xx/CVE-2023-41562.json @@ -2,19 +2,141 @@ "id": "CVE-2023-41562", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T13:15:14.573", - "lastModified": "2023-08-30T13:23:15.070", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-01T20:04:12.327", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*", + "matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*", + "matchCriteriaId": "4D94B37C-491D-4E7C-8273-F46FEDA62C9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac7:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "96503617-6B69-4862-ADFE-4EF379876F0F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*", + "matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/peris-navince/founded-0-days/blob/main/setSmartPowerManagement/1.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41627.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41627.json index c209af5e23d..e4fade17c44 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41627.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41627.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41627", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T17:15:07.633", - "lastModified": "2023-09-01T17:15:07.633", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41628.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41628.json index f1966bb2edd..0d6ab0180e3 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41628.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41628.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41628", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T17:15:07.690", - "lastModified": "2023-09-01T17:15:07.690", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41633.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41633.json index c50bb490540..3b28cbd0f32 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41633.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41633.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41633", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T19:15:43.003", - "lastModified": "2023-09-01T19:15:43.003", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4315.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4315.json index b8920a15142..3848f338acf 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4315.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4315.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4315", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-31T06:15:11.100", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T20:52:37.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-Site Scripting via the wcemails_edit parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "Woo Custom Emails para WordPress es vulnerable a Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro \"wcemails_edit\" en versiones hasta, e incluyendo, la 2.2 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas, que se ejecutan si consiguen enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace. " } ], "metrics": { @@ -46,14 +50,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp3sixty:woo_custom_emails:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.2", + "matchCriteriaId": "A31EB092-4D15-45E9-B61E-C538EBC7CB44" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/woo-custom-emails/trunk/admin/class-wcemails-admin.php#L335", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6782d8b3-32f9-42e1-874c-35a1e93ffde0?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4471.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4471.json index 23c273f34ae..beec8a81c84 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4471.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4471.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4471", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-31T06:15:11.207", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T20:52:28.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,18 +46,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:etoilewebdesign:order_tracking:*:*:*:*:pro:wordpress:*:*", + "versionEndIncluding": "3.3.6", + "matchCriteriaId": "9C6371DB-96BD-4538-98BD-138F65167F47" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/order-tracking/trunk/includes/Export.class.php#L158", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2959453%40order-tracking%2Ftrunk&old=2949611%40order-tracking%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed64d0ff-4f49-4c18-86ec-2c6fbd559d2e?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4500.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4500.json index b6e2b0cea9a..9f5fc58ebc1 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4500.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4500.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4500", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-31T06:15:11.327", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T20:51:54.740", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:etoilewebdesign:order_tracking:*:*:*:*:pro:wordpress:*:*", + "versionEndIncluding": "3.3.6", + "matchCriteriaId": "9C6371DB-96BD-4538-98BD-138F65167F47" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2959453%40order-tracking%2Ftrunk&old=2949611%40order-tracking%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81f9a4c6-971f-4f6d-8bb1-e97bf75cf8d3?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4707.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4707.json index 98636bffcf3..36738a63de5 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4707.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4707.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4707", "sourceIdentifier": "cna@vuldb.com", "published": "2023-09-01T18:15:07.793", - "lastModified": "2023-09-01T18:15:07.793", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4708.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4708.json index 80138ceb80e..5684b7248cc 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4708.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4708.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4708", "sourceIdentifier": "cna@vuldb.com", "published": "2023-09-01T18:15:07.893", - "lastModified": "2023-09-01T18:15:07.893", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4709.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4709.json index 01760551e92..adf770ced9f 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4709.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4709.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4709", "sourceIdentifier": "cna@vuldb.com", "published": "2023-09-01T19:15:43.063", - "lastModified": "2023-09-01T19:15:43.063", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4710.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4710.json new file mode 100644 index 00000000000..71a737a5d13 --- /dev/null +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4710.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-4710", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-09-01T20:15:08.103", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Undergoing Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in TOTVS RM 12.1. Affected by this vulnerability is an unknown functionality of the component Portal. The manipulation of the argument d leads to cross site scripting. The attack can be launched remotely. The identifier VDB-238573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.238573", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.238573", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4711.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4711.json new file mode 100644 index 00000000000..416015e45e7 --- /dev/null +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4711.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-4711", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-09-01T20:15:08.310", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "HIGH", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 4.6 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.9, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/TinkAnet/cve/blob/main/rce.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.238574", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.238574", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4712.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4712.json new file mode 100644 index 00000000000..d5b38afdb1e --- /dev/null +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4712.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-4712", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-09-01T20:15:08.473", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Undergoing Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. This affects an unknown part of the file /SysManage/AddUpdateRole.aspx. The manipulation of the argument txtRoleName leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wpay65249519/cve/blob/main/SQL_injection.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.238575", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.238575", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4713.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4713.json new file mode 100644 index 00000000000..3283291ed21 --- /dev/null +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4713.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-4713", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-09-01T20:15:08.680", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238576. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/13aiZe1/cve/blob/main/sql.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.238576", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.238576", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4714.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4714.json new file mode 100644 index 00000000000..d7c77b41e46 --- /dev/null +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4714.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-4714", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-09-01T20:15:08.890", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.238577", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.238577", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4720.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4720.json index f5d0999c43a..cc17229e779 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4720.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4720.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4720", "sourceIdentifier": "security@huntr.dev", "published": "2023-09-01T16:15:08.577", - "lastModified": "2023-09-01T16:15:08.577", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4721.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4721.json index 209ec2a332e..af0514bbc84 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4721.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4721.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4721", "sourceIdentifier": "security@huntr.dev", "published": "2023-09-01T16:15:08.660", - "lastModified": "2023-09-01T16:15:08.660", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4722.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4722.json index 4affe685dbc..425af77c51f 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4722.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4722.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4722", "sourceIdentifier": "security@huntr.dev", "published": "2023-09-01T16:15:08.737", - "lastModified": "2023-09-01T16:15:08.737", - "vulnStatus": "Received", + "lastModified": "2023-09-01T21:15:30.513", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index e66498081e1..f52b9eb3afe 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-01T20:00:25.380934+00:00 +2023-09-01T22:00:24.820627+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-01T19:59:22.693000+00:00 +2023-09-01T21:15:30.513000+00:00 ``` ### Last Data Feed Release @@ -29,51 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223937 +223945 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `8` -* [CVE-2023-39714](CVE-2023/CVE-2023-397xx/CVE-2023-39714.json) (`2023-09-01T18:15:07.710`) -* [CVE-2023-4707](CVE-2023/CVE-2023-47xx/CVE-2023-4707.json) (`2023-09-01T18:15:07.793`) -* [CVE-2023-4708](CVE-2023/CVE-2023-47xx/CVE-2023-4708.json) (`2023-09-01T18:15:07.893`) -* [CVE-2023-1523](CVE-2023/CVE-2023-15xx/CVE-2023-1523.json) (`2023-09-01T19:15:42.707`) -* [CVE-2023-41051](CVE-2023/CVE-2023-410xx/CVE-2023-41051.json) (`2023-09-01T19:15:42.883`) -* [CVE-2023-41633](CVE-2023/CVE-2023-416xx/CVE-2023-41633.json) (`2023-09-01T19:15:43.003`) -* [CVE-2023-4709](CVE-2023/CVE-2023-47xx/CVE-2023-4709.json) (`2023-09-01T19:15:43.063`) +* [CVE-2023-41046](CVE-2023/CVE-2023-410xx/CVE-2023-41046.json) (`2023-09-01T20:15:07.540`) +* [CVE-2023-41049](CVE-2023/CVE-2023-410xx/CVE-2023-41049.json) (`2023-09-01T20:15:07.873`) +* [CVE-2023-4710](CVE-2023/CVE-2023-47xx/CVE-2023-4710.json) (`2023-09-01T20:15:08.103`) +* [CVE-2023-4711](CVE-2023/CVE-2023-47xx/CVE-2023-4711.json) (`2023-09-01T20:15:08.310`) +* [CVE-2023-4712](CVE-2023/CVE-2023-47xx/CVE-2023-4712.json) (`2023-09-01T20:15:08.473`) +* [CVE-2023-4713](CVE-2023/CVE-2023-47xx/CVE-2023-4713.json) (`2023-09-01T20:15:08.680`) +* [CVE-2023-4714](CVE-2023/CVE-2023-47xx/CVE-2023-4714.json) (`2023-09-01T20:15:08.890`) +* [CVE-2023-3297](CVE-2023/CVE-2023-32xx/CVE-2023-3297.json) (`2023-09-01T21:15:07.977`) ### CVEs modified in the last Commit -Recently modified CVEs: `27` +Recently modified CVEs: `56` -* [CVE-2023-40586](CVE-2023/CVE-2023-405xx/CVE-2023-40586.json) (`2023-09-01T18:06:17.537`) -* [CVE-2023-3453](CVE-2023/CVE-2023-34xx/CVE-2023-3453.json) (`2023-09-01T18:11:49.340`) -* [CVE-2023-33876](CVE-2023/CVE-2023-338xx/CVE-2023-33876.json) (`2023-09-01T18:15:07.427`) -* [CVE-2023-4596](CVE-2023/CVE-2023-45xx/CVE-2023-4596.json) (`2023-09-01T18:17:25.357`) -* [CVE-2023-40170](CVE-2023/CVE-2023-401xx/CVE-2023-40170.json) (`2023-09-01T18:36:32.463`) -* [CVE-2023-4597](CVE-2023/CVE-2023-45xx/CVE-2023-4597.json) (`2023-09-01T18:36:38.313`) -* [CVE-2023-4611](CVE-2023/CVE-2023-46xx/CVE-2023-4611.json) (`2023-09-01T18:36:56.110`) -* [CVE-2023-41109](CVE-2023/CVE-2023-411xx/CVE-2023-41109.json) (`2023-09-01T18:37:07.207`) -* [CVE-2023-39348](CVE-2023/CVE-2023-393xx/CVE-2023-39348.json) (`2023-09-01T18:37:25.700`) -* [CVE-2023-35785](CVE-2023/CVE-2023-357xx/CVE-2023-35785.json) (`2023-09-01T18:37:42.127`) -* [CVE-2023-33317](CVE-2023/CVE-2023-333xx/CVE-2023-33317.json) (`2023-09-01T18:38:41.257`) -* [CVE-2023-4653](CVE-2023/CVE-2023-46xx/CVE-2023-4653.json) (`2023-09-01T18:39:05.677`) -* [CVE-2023-4652](CVE-2023/CVE-2023-46xx/CVE-2023-4652.json) (`2023-09-01T18:39:07.780`) -* [CVE-2023-4655](CVE-2023/CVE-2023-46xx/CVE-2023-4655.json) (`2023-09-01T18:39:47.187`) -* [CVE-2023-41121](CVE-2023/CVE-2023-411xx/CVE-2023-41121.json) (`2023-09-01T18:48:33.107`) -* [CVE-2023-4599](CVE-2023/CVE-2023-45xx/CVE-2023-4599.json) (`2023-09-01T18:59:53.493`) -* [CVE-2023-33325](CVE-2023/CVE-2023-333xx/CVE-2023-33325.json) (`2023-09-01T19:05:34.913`) -* [CVE-2023-41559](CVE-2023/CVE-2023-415xx/CVE-2023-41559.json) (`2023-09-01T19:10:58.247`) -* [CVE-2023-34032](CVE-2023/CVE-2023-340xx/CVE-2023-34032.json) (`2023-09-01T19:15:40.420`) -* [CVE-2023-34180](CVE-2023/CVE-2023-341xx/CVE-2023-34180.json) (`2023-09-01T19:22:34.537`) -* [CVE-2023-34176](CVE-2023/CVE-2023-341xx/CVE-2023-34176.json) (`2023-09-01T19:24:19.840`) -* [CVE-2023-34175](CVE-2023/CVE-2023-341xx/CVE-2023-34175.json) (`2023-09-01T19:36:10.463`) -* [CVE-2023-34174](CVE-2023/CVE-2023-341xx/CVE-2023-34174.json) (`2023-09-01T19:37:34.893`) -* [CVE-2023-41563](CVE-2023/CVE-2023-415xx/CVE-2023-41563.json) (`2023-09-01T19:54:35.217`) -* [CVE-2023-4624](CVE-2023/CVE-2023-46xx/CVE-2023-4624.json) (`2023-09-01T19:59:22.693`) +* [CVE-2023-28366](CVE-2023/CVE-2023-283xx/CVE-2023-28366.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-36076](CVE-2023/CVE-2023-360xx/CVE-2023-36076.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-36088](CVE-2023/CVE-2023-360xx/CVE-2023-36088.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-36100](CVE-2023/CVE-2023-361xx/CVE-2023-36100.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-36187](CVE-2023/CVE-2023-361xx/CVE-2023-36187.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-36326](CVE-2023/CVE-2023-363xx/CVE-2023-36326.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-36327](CVE-2023/CVE-2023-363xx/CVE-2023-36327.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-36328](CVE-2023/CVE-2023-363xx/CVE-2023-36328.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-39582](CVE-2023/CVE-2023-395xx/CVE-2023-39582.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-39631](CVE-2023/CVE-2023-396xx/CVE-2023-39631.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-40771](CVE-2023/CVE-2023-407xx/CVE-2023-40771.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-40968](CVE-2023/CVE-2023-409xx/CVE-2023-40968.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-40980](CVE-2023/CVE-2023-409xx/CVE-2023-40980.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-4720](CVE-2023/CVE-2023-47xx/CVE-2023-4720.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-4721](CVE-2023/CVE-2023-47xx/CVE-2023-4721.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-4722](CVE-2023/CVE-2023-47xx/CVE-2023-4722.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-41627](CVE-2023/CVE-2023-416xx/CVE-2023-41627.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-41628](CVE-2023/CVE-2023-416xx/CVE-2023-41628.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-39714](CVE-2023/CVE-2023-397xx/CVE-2023-39714.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-4707](CVE-2023/CVE-2023-47xx/CVE-2023-4707.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-4708](CVE-2023/CVE-2023-47xx/CVE-2023-4708.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-1523](CVE-2023/CVE-2023-15xx/CVE-2023-1523.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-41051](CVE-2023/CVE-2023-410xx/CVE-2023-41051.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-41633](CVE-2023/CVE-2023-416xx/CVE-2023-41633.json) (`2023-09-01T21:15:30.513`) +* [CVE-2023-4709](CVE-2023/CVE-2023-47xx/CVE-2023-4709.json) (`2023-09-01T21:15:30.513`) ## Download and Usage