admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-13T20:00:26.408854+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-13 20:00:29 +00:00
parent 8981dd4a84
commit ccef4fe71c
83 changed files with 20510 additions and 290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
CVE-2020/CVE-2020-367xx/CVE-2020-36701.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36701",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.193",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:05:10.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,22 +76,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:king-theme:page_builder_king_composer:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.9.3",
"matchCriteriaId": "46411B6A-00E8-45F1-B822-0310F4A1950F"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2320014%40kingcomposer&new=2320014%40kingcomposer&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/plugins/kingcomposer/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45a62dd0-386c-41b3-b8dd-ced443da9f92?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2020/CVE-2020-367xx/CVE-2020-36717.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36717",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.043",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:26:45.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kaliforms:kali_forms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.1",
"matchCriteriaId": "439FD37F-B352-4A09-B798-2EABC348AF96"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5bcf456-f991-4775-8c3e-a3c0212a5765?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2021/CVE-2021-43xx/CVE-2021-4383.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-4383",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:15.607",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:30:48.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit/create any page or post on the blog."
},
{
"lang": "es",
"value": "El plugin WP Quick FrontEnd para WordPress es vulnerable a la inyecci\u00f3n de contenido de p\u00e1ginas en versiones hasta la v5.5 inclusive. Esto se debe a la falta de comprobaciones en la funcionalidad de edici\u00f3n de p\u00e1ginas del plugin. Esto hace posible que atacantes poco autenticados, como los suscriptores, editen/creen cualquier p\u00e1gina o entrada en el blog. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webdevocean:wp_quick_frontend_editor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.5",
"matchCriteriaId": "E76D1951-AE12-4213-973A-F50E270DB47D"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://wordpress.org/plugins/wp-quick-front-end-editor/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5492bff-cfd9-41ed-a59b-4445d5e83e86?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

2041
CVE-2022/CVE-2022-220xx/CVE-2022-22060.json
View File

File diff suppressed because it is too large Load Diff

9439
CVE-2022/CVE-2022-220xx/CVE-2022-22076.json
View File

File diff suppressed because it is too large Load Diff

4
CVE-2022/CVE-2022-316xx/CVE-2022-31635.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-31635",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-13T17:15:12.567",
"lastModified": "2023-06-13T17:15:12.567",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:48.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-316xx/CVE-2022-31636.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-31636",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-13T17:15:12.640",
"lastModified": "2023-06-13T17:15:12.640",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:48.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-316xx/CVE-2022-31637.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-31637",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-13T17:15:12.700",
"lastModified": "2023-06-13T17:15:12.700",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:48.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-316xx/CVE-2022-31638.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-31638",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-13T17:15:12.753",
"lastModified": "2023-06-13T17:15:12.753",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:48.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-316xx/CVE-2022-31639.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-31639",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-13T17:15:12.807",
"lastModified": "2023-06-13T17:15:12.807",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:48.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

1285
CVE-2022/CVE-2022-332xx/CVE-2022-33224.json
View File

File diff suppressed because it is too large Load Diff

55
CVE-2022/CVE-2022-436xx/CVE-2022-43684.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-43684",
"sourceIdentifier": "psirt@servicenow.com",
"published": "2023-06-13T19:15:09.243",
"lastModified": "2023-06-13T19:15:09.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.\n\n\n\nAdditional Details\n\nThis issue is present in the following supported ServiceNow releases: \n\n\n\n * Quebec prior to Patch 10 Hot Fix 8b\n * Rome prior to Patch 10 Hot Fix 1\n * San Diego prior to Patch 7\n * Tokyo prior to Tokyo Patch 1; and \n * Utah prior to Utah General Availability \n\n\n\n\nIf this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@servicenow.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@servicenow.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489",
"source": "psirt@servicenow.com"
}
]
}

3457
CVE-2022/CVE-2022-481xx/CVE-2022-48181.json
View File

File diff suppressed because it is too large Load Diff

66
CVE-2022/CVE-2022-49xx/CVE-2022-4948.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-4948",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:15.687",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:38:55.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in ways administrators are intended to. One action (save_config) allows for the configuration of an external CDN. This could be used to include malicious javascript from a source controlled by the attacker."
},
{
"lang": "es",
"value": "El plugin FlyingPress para WordPress es vulnerable a una omisi\u00f3n de autorizaci\u00f3n debido a una falta de comprobaci\u00f3n en sus acciones \"AJAX\" en versiones hasta la v3.9.6 inclusive. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, interact\u00faen con el plugin como si fueran un administrador. Una acci\u00f3n (como por ejemplo \"save_config\") permite configurar una CDN externa. Esto podr\u00eda utilizarse para incluir javascript malicioso desde una fuente controlada por el atacante. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flying-press:flyingpress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.9.7",
"matchCriteriaId": "29055153-2B90-45AC-B40C-EA0EA90B7A78"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-flyingpress-plugin-fixed-broken-access-control-vulnerability/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1d541b-7010-4dbf-9b1c-d59c84390065?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2022/CVE-2022-49xx/CVE-2022-4949.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-4949",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:15.750",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:40:35.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on the affected sites server which makes remote code execution possible."
},
{
"lang": "es",
"value": "El plugin AdSanity para WordPress es vulnerable a la subida de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n \"ajax_upload\" en las versiones hasta la 1.8.1 inclusive. Esto hace posible que atacantes autenticados con privilegios de nivel \"Contributor+\" carguen archivos arbitrarios en el servidor de los sitios afectados, lo que posibilita la ejecuci\u00f3n remota de c\u00f3digo. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adsanityplugin:adsanity:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.2",
"matchCriteriaId": "AB898A27-1965-4FC9-B869-21D53DC05E7B"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/critical-vulnerability-in-wordpress-adsanity-plugin/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/effd72d2-876d-4f8d-b1e4-5ab38eab401b?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

122
CVE-2022/CVE-2022-49xx/CVE-2022-4950.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4950",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:15.813",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:42:34.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,100 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coolplugins:cool_timeline:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.4",
"matchCriteriaId": "B0EB744A-1F45-4381-B2D1-40B5F18A451D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5.1",
"matchCriteriaId": "7C167C14-32C8-4492-AA99-470F9EB66F31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coolplugins:cryptocurrency_widgets_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3",
"matchCriteriaId": "356F16F6-7CCA-45E4-8D3D-28647EC0E9C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coolplugins:event_single_page_builder_for_the_event_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6",
"matchCriteriaId": "F7CAAE89-9BB2-4F08-BC69-0E8AF4B2738F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coolplugins:events-notification-bar-addon:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6",
"matchCriteriaId": "61640038-2699-41C1-A86B-6B7377F628E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coolplugins:events_search_for_the_events_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2",
"matchCriteriaId": "C152C683-8E12-44C4-95BD-DF27C96E6F68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coolplugins:events_shortcodes_for_the_events_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0",
"matchCriteriaId": "5F1F3A5B-7EEC-4460-B969-8B23B8FED3BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coolplugins:events_widgets_for_elementor_and_the_events_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.5",
"matchCriteriaId": "B69CF29B-2A58-4C5E-AD28-E485C7055924"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coolplugins:the_events_calendar_countdown_addon:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4",
"matchCriteriaId": "1CD54721-0C86-4B22-B69E-EC25E04DB335"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cryptocurrency_payment_\\&_donation_box_plugins:cryptocurrency_payment_\\&_donation_box:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8",
"matchCriteriaId": "21665B07-BBDF-4425-B8BC-DD88452DBA78"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
}
]
}

594
CVE-2023/CVE-2023-06xx/CVE-2023-0635.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0635",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2023-06-05T04:15:09.493",
"lastModified": "2023-06-05T13:02:53.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:55:26.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "cybersecurity@ch.abb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +76,566 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "90915F51-F953-463D-9DC9-920A6BDE339A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:aspect-ent-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6351DE-8170-4023-B815-536030F9236E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "A584338E-68E3-4A18-9210-EC9B5BB1931B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:aspect-ent-12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3FE8A0-B7B1-496F-918B-83AECEC80486"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "886F345B-B8A8-4FB5-B7E8-E1814B5C9649"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:aspect-ent-256:-:*:*:*:*:*:*:*",
"matchCriteriaId": "125AAF0E-3CB2-4F5A-BA04-742918422422"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "28963E35-B5B5-417F-B49B-5A4836F95949"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:aspect-ent-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC1901E-7476-4070-B649-E2EAE52A38A6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "96C574A1-D4AB-4973-8F59-623FBA23ABE9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:nexus-2128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "697D73AC-8567-4D25-B42F-FB584DAFF05F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "529748B3-25B5-4D40-B71E-F8DBC5AA4CFB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:nexus-2128-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C4B551-EC7D-4D96-9B44-5238B2671F38"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "1DC90491-EEF2-4893-BA1E-4F41E716ED8B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:nexus-2128-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86993CA6-E80C-464D-A208-EB119F41E106"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "C2D20353-5535-4DFC-972D-D7C0AE020943"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:nexus-2128-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1B0FAC-EE50-41E7-8C6A-63E28649A539"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "AC6B5035-9627-4A06-B4D1-BC845A5387A2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:nexus-3-2128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66A14E33-5416-45D9-BBE4-61EFEC246E20"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "862E9C0F-1334-4BEF-9E22-AE3EC9E0A17F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:nexus-3-264:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF51C6-E220-4347-9505-48DAE2BB26B7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "CDC4937A-5EF3-40A5-A5F8-AEB617C87481"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:nexus-264:-:*:*:*:*:*:*:*",
"matchCriteriaId": "979B2BF4-885C-46B4-9093-E7CC35EBB397"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "A4524FEB-AA98-4515-A140-6B53DEE82545"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:nexus-264-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3961881-0563-443D-8381-428058A008DF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "257FD712-153D-48A7-83BA-94B07BACD8D4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:nexus-264-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7E5C1B-CFA0-4584-89F5-BE9190DC7DB7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "531B160D-0FE9-44A2-A64D-C310CBF48433"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:nexus-264-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43EB9B15-B1DF-49DC-B69C-00D0342E0592"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "D5C6E19F-9B07-45D0-A001-6F0D909B9D13"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:matrix-216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "653A6815-9BC7-4BD4-BB67-DBCC666ED860"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "994F4371-2AFF-4FC5-ABC7-CCE3E260643A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:matrix-232:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40C07D72-CA89-40A1-8EE8-F48A06DB7992"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "EC58A9B8-2D12-4117-890A-53B52DCAE1EC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:matrix-296:-:*:*:*:*:*:*:*",
"matchCriteriaId": "699E0759-590A-4362-9B5B-F876C1A020D1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "340901DB-3492-4202-9B54-F107D2B9E8C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:matrix-264:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E8A1A8-8476-4C36-A6F6-258C2DC60388"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.07.01",
"matchCriteriaId": "13A433D2-9A61-49EB-8382-1D5024E70B88"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:abb:matrix-11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC44F95-4AE8-48B3-AC2C-6A4EB20F62DD"
}
]
}
]
}
],
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch",
"source": "cybersecurity@ch.abb.com"
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-06xx/CVE-2023-0666.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-0666",
"sourceIdentifier": "cve@takeonme.org",
"published": "2023-06-07T03:15:09.000",
"lastModified": "2023-06-07T12:52:33.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:50:23.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."
},
{
"lang": "es",
"value": "Debido a un fallo en la validaci\u00f3n de la longitud proporcionada por un atacante de paquetes manipulados RTPS, Wireshark v4.0.5 y anteriores, por defecto, es susceptible a un desbordamiento de b\u00fafer de pila y posiblemente la ejecuci\u00f3n de c\u00f3digo en el contexto del proceso que ejecuta Wireshark. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cve@takeonme.org",
"type": "Secondary",
@ -23,22 +60,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.6",
"matchCriteriaId": "FBA0E5F8-10A3-4294-95A8-6CB594C4DADE"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19085",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://takeonme.org/cves/CVE-2023-0666.html",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-18.html",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-06xx/CVE-2023-0667.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-0667",
"sourceIdentifier": "cve@takeonme.org",
"published": "2023-06-07T03:15:09.117",
"lastModified": "2023-06-07T12:52:33.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:51:26.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark"
},
{
"lang": "es",
"value": "Debido a un fallo en la validaci\u00f3n de la longitud proporcionada por un atacante en un paquete manipulado MSMMS, Wireshark v4.0.5 y anteriores, en una configuraci\u00f3n inusual, es susceptible a un desbordamiento de b\u00fafer de pila, y posiblemente a la ejecuci\u00f3n de c\u00f3digo en el contexto del proceso que ejecuta Wireshark. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cve@takeonme.org",
"type": "Secondary",
@ -23,14 +60,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.6.14",
"matchCriteriaId": "39738E11-AD14-4332-BC9F-0FF028EF6EC2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.6",
"matchCriteriaId": "FBA0E5F8-10A3-4294-95A8-6CB594C4DADE"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19086",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://takeonme.org/cves/CVE-2023-0667.html",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-06xx/CVE-2023-0668.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-0668",
"sourceIdentifier": "cve@takeonme.org",
"published": "2023-06-07T03:15:09.193",
"lastModified": "2023-06-07T12:52:33.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:51:48.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."
},
{
"lang": "es",
"value": "Debido a un fallo en la validaci\u00f3n de la longitud proporcionada por un atacante de paquetes IEEE-C37.118, Wireshark v4.0.5 y anteriores, por defecto, es susceptible a un desbordamiento de b\u00fafer de la pila, y posiblemente la ejecuci\u00f3n de c\u00f3digo en el contexto del proceso que ejecuta Wireshark. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cve@takeonme.org",
"type": "Secondary",
@ -23,22 +60,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndExcluding": "3.6.14",
"matchCriteriaId": "CED49BFD-0350-4790-9D15-35875AEE4F00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.6",
"matchCriteriaId": "FBA0E5F8-10A3-4294-95A8-6CB594C4DADE"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19087",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://takeonme.org/cves/CVE-2023-0668.html",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-19.html",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-09xx/CVE-2023-0976.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0976",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2023-06-07T08:15:09.027",
"lastModified": "2023-06-08T05:15:08.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:56:11.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
@ -46,10 +76,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trellix:agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.7.9",
"matchCriteriaId": "4132AB2C-3238-423B-94AC-07653A03E9CE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10398",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-13xx/CVE-2023-1388.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1388",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2023-06-07T08:15:10.143",
"lastModified": "2023-06-07T12:52:33.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:58:22.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
@ -34,10 +54,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trellix:agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.7.9",
"matchCriteriaId": "4132AB2C-3238-423B-94AC-07653A03E9CE"
}
]
}
]
}
],
"references": [
{
"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10398",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-16xx/CVE-2023-1621.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1621",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-06-06T20:15:10.227",
"lastModified": "2023-06-07T02:45:15.873",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:36:25.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -34,18 +54,67 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "15.10.5",
"matchCriteriaId": "362657BB-66CB-4F41-8258-CF037235EC5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.11.0",
"versionEndExcluding": "15.11.1",
"matchCriteriaId": "4690D9EC-4B6C-4DC3-8B47-EBDFE88CE810"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1621.json",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/399774",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/1914049",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-17xx/CVE-2023-1707.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-1707",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-13T18:15:21.450",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6."
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838",
"source": "hp-security-alert@hp.com"
}
]
}

4
CVE-2023/CVE-2023-208xx/CVE-2023-20867.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20867",
"sourceIdentifier": "security@vmware.com",
"published": "2023-06-13T17:15:14.070",
"lastModified": "2023-06-13T17:15:14.070",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:48.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

64
CVE-2023/CVE-2023-21xx/CVE-2023-2157.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-2157",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-06T20:15:12.120",
"lastModified": "2023-06-07T02:45:15.873",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:30:29.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -23,10 +56,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1.1-9",
"matchCriteriaId": "F3D31EDB-8FBB-400E-95A7-26177859B552"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208537",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-22xx/CVE-2023-2253.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-2253",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-06T20:15:12.493",
"lastModified": "2023-06-07T02:45:15.873",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:09:09.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -23,10 +56,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF8EFFB-5686-4F28-A68F-1A8854E098CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97321212-0E07-4CC2-A917-7B5F61AB9A5A"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189886",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-24xx/CVE-2023-2404.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2404",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.593",
"lastModified": "2023-06-05T13:03:03.327",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:40:27.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vcita:crm_and_lead_management_by_vcita:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6.2",
"matchCriteriaId": "32E546D2-FE48-44AC-936A-E977BD8832E2"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/crm-customer-relationship-management-by-vcita/trunk/vcita-callback.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e26ccd06-22e0-4d91-a53a-df6ead8a8e3b?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link"
]
}
]
}

68
CVE-2023/CVE-2023-24xx/CVE-2023-2405.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2405",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.653",
"lastModified": "2023-06-05T13:03:03.327",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:40:24.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vcita:crm_and_lead_management_by_vcita:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6.2",
"matchCriteriaId": "32E546D2-FE48-44AC-936A-E977BD8832E2"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/crm-customer-relationship-management-by-vcita/trunk/vcita-callback.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f75c6bf-1b93-49d5-b5fb-e59b4e67432f?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link"
]
}
]
}

79
CVE-2023/CVE-2023-24xx/CVE-2023-2406.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2406",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.717",
"lastModified": "2023-06-05T13:03:03.327",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:50:09.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -50,22 +80,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vcita:event_registration_calendar_by_vcita:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.9.1",
"matchCriteriaId": "056C8523-49C7-4FD6-937B-861025FF38B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vcita:online_payments_-_get_paid_with_paypal\\,_square_\\&_stripe:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.1",
"matchCriteriaId": "83E52AEC-9136-4506-A71D-885228E41361"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/system/parse_vcita_callback.php#L55",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/paypal-payment-button-by-vcita/trunk/system/parse_vcita_callback.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ab05954-9999-43ff-8e3c-a987e2da1956?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link"
]
}
]
}

79
CVE-2023/CVE-2023-24xx/CVE-2023-2407.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2407",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.780",
"lastModified": "2023-06-05T13:03:03.327",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:52:56.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,22 +76,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vcita:event_registration_calendar_by_vcita:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.9.1",
"matchCriteriaId": "056C8523-49C7-4FD6-937B-861025FF38B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vcita:online_payments_-_get_paid_with_paypal\\,_square_\\&_stripe:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.1",
"matchCriteriaId": "83E52AEC-9136-4506-A71D-885228E41361"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/system/parse_vcita_callback.php#L55",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/paypal-payment-button-by-vcita/trunk/system/parse_vcita_callback.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/207b40fa-2062-48d6-990b-f05cbbf8fb8e?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-24xx/CVE-2023-2416.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2416",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-03T05:15:09.903",
"lastModified": "2023-06-05T13:03:03.327",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:46:40.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vcita:online_booking_\\&_scheduling_calendar_for_wordpress_by_vcita:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.2.10",
"matchCriteriaId": "78676BA2-72C4-45F9-AA3A-F25FCF27BC6C"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php#L55",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f434585c-8533-4788-b0bc-5650390c29a8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-278xx/CVE-2023-27836.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-27836",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T19:15:09.317",
"lastModified": "2023-06-13T19:15:09.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/lzd521/IOT/tree/main/TP-Link%20WPA8630P%202",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-278xx/CVE-2023-27837.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27837",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.327",
"lastModified": "2023-06-13T17:15:14.327",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:48.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-283xx/CVE-2023-28303.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28303",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-13T17:15:14.380",
"lastModified": "2023-06-13T17:15:14.380",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:48.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-285xx/CVE-2023-28598.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28598",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T17:15:14.467",
"lastModified": "2023-06-13T17:15:14.467",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:48.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-285xx/CVE-2023-28599.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28599",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T17:15:14.537",
"lastModified": "2023-06-13T17:15:14.537",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:48.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-286xx/CVE-2023-28600.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28600",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T18:15:21.533",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-286xx/CVE-2023-28601.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28601",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T18:15:21.613",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-286xx/CVE-2023-28602.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28602",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T18:15:21.683",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-286xx/CVE-2023-28603.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28603",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T18:15:21.760",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

52
CVE-2023/CVE-2023-28xx/CVE-2023-2891.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2891",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:16:12.163",
"lastModified": "2023-06-09T13:03:24.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:14:01.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpeasycart:wp_easycart:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.4.8",
"matchCriteriaId": "0BF27219-FD49-44FE-A353-A8444D0909A8"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2917958/wp-easycart",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcca7ade-8b35-4ba1-a8b4-b1e815b025e3?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-28xx/CVE-2023-2892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2892",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T07:15:09.987",
"lastModified": "2023-06-09T13:03:24.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:14:09.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpeasycart:wp_easycart:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.4.8",
"matchCriteriaId": "0BF27219-FD49-44FE-A353-A8444D0909A8"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2917958/wp-easycart",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b36e94e4-b1e8-4803-9377-c4d710b029de?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-28xx/CVE-2023-2893.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2893",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T07:15:10.110",
"lastModified": "2023-06-09T13:03:24.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:14:19.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpeasycart:wp_easycart:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.4.8",
"matchCriteriaId": "0BF27219-FD49-44FE-A353-A8444D0909A8"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2917958/wp-easycart",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1268604c-08eb-4d86-8e97-9cdaa3e19c1f?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-28xx/CVE-2023-2894.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2894",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T07:15:10.193",
"lastModified": "2023-06-09T13:03:24.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:14:30.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpeasycart:wp_easycart:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.4.8",
"matchCriteriaId": "0BF27219-FD49-44FE-A353-A8444D0909A8"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2917958/wp-easycart",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a68b8df9-9b50-4617-9308-76a2a9036d7a?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-28xx/CVE-2023-2895.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2895",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T07:15:10.273",
"lastModified": "2023-06-09T13:03:24.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:14:40.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpeasycart:wp_easycart:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.4.8",
"matchCriteriaId": "0BF27219-FD49-44FE-A353-A8444D0909A8"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2917958/wp-easycart",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/02fd8469-cd99-42dc-9a28-c0ea08512bb0?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-28xx/CVE-2023-2896.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2896",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T07:15:10.347",
"lastModified": "2023-06-09T13:03:24.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:14:49.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpeasycart:wp_easycart:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.4.8",
"matchCriteriaId": "0BF27219-FD49-44FE-A353-A8444D0909A8"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2917958/wp-easycart",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/041830b8-f059-46f5-961b-3ba908d161f9?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-296xx/CVE-2023-29630.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29630",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T21:15:10.760",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:52:24.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +54,47 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joommasters:jms_drop_mega_menu:1.0.0:*:*:*:*:prestashop:*:*",
"matchCriteriaId": "9BEB8B07-3AD7-41BF-8F84-3B5F3BC443CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joommasters:jms_drop_mega_menu:2.0.0:*:*:*:*:prestashop:*:*",
"matchCriteriaId": "48A87135-4B9B-43B0-890B-98F2C33E952E"
}
]
}
]
}
],
"references": [
{
"url": "https://friends-of-presta.github.io/security-advisories/modules/2023/03/13/jmsvermegamenu.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-296xx/CVE-2023-29631.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29631",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T21:15:10.827",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:51:57.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +54,42 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joommasters:jms_slider:1.6.0:*:*:*:*:prestashop:*:*",
"matchCriteriaId": "95B15187-4CF2-4B91-B40B-7DCD4EE12055"
}
]
}
]
}
],
"references": [
{
"url": "https://friends-of-presta.github.io/security-advisories/modules/2023/03/13/jmsslider.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-296xx/CVE-2023-29632.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29632",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-06T20:15:11.683",
"lastModified": "2023-06-07T02:45:15.873",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:02:26.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +54,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joommasters:jmspagebuilder:-:*:*:*:*:prestashop:*:*",
"matchCriteriaId": "B99B3393-038C-4EDD-8E27-E1DF2C190FCE"
}
]
}
]
}
],
"references": [
{
"url": "https://friends-of-presta.github.io/security-advisories/modules/2023/03/13/jmspagebuilder.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-301xx/CVE-2023-30179.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30179",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.600",
"lastModified": "2023-06-13T17:15:14.600",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:48.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-314xx/CVE-2023-31437.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31437",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.657",
"lastModified": "2023-06-13T17:15:14.657",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:48.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-314xx/CVE-2023-31438.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31438",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.707",
"lastModified": "2023-06-13T17:15:14.707",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-314xx/CVE-2023-31439.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31439",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.753",
"lastModified": "2023-06-13T17:15:14.753",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-315xx/CVE-2023-31541.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31541",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.810",
"lastModified": "2023-06-13T17:15:14.810",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

80
CVE-2023/CVE-2023-318xx/CVE-2023-31893.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-31893",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T21:15:10.977",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:12:30.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:telefonica:brasil_vivo_play_firmware:2023.04.04.01.06.15:*:*:*:*:*:*:*",
"matchCriteriaId": "761C78C8-CDEE-4AC1-98CE-5EF5B70A8530"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:telefonica:brasil_vivo_play:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA064EC5-00EA-46DB-8233-F32492EA0129"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@shooterRX/dns-recursion-leads-to-dos-attack-vivo-play-iptv-cve-2023-31893-b5ac45f38f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.cert.br/docs/whitepapers/dns-recursivo-aberto/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
}
]
}

68
CVE-2023/CVE-2023-31xx/CVE-2023-3124.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3124",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:15.970",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:46:52.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation."
},
{
"lang": "es",
"value": "El plugin Elementor Pro para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de comprobaci\u00f3n en la funci\u00f3n \"update_page_option\" en versiones hasta la 3.11.6 inclusive. Esto hace posible que atacantes autenticados con capacidades a nivel de suscriptor actualicen opciones del sitio arbitrarias, lo que puede llevar a una escalada de privilegios. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elementor:elementor_pro:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.11.7",
"matchCriteriaId": "A1352EB5-460E-4162-A177-DB73569E19AB"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/570474f2-c118-45e1-a237-c70b849b2d3c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-31xx/CVE-2023-3125.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3125",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:16.027",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:48:26.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site."
},
{
"lang": "es",
"value": "El plugin B2BKing para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de una comprobaci\u00f3n en la funci\u00f3n \"b2bking_save_price_import\" en las versiones hasta la 4.6.00 inclusive. Esto hace posible que atacantes autenticados con permisos a nivel de suscriptor o cliente modifiquen el precio de cualquier producto en el sitio. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webwizards:b2bking:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.6.00",
"matchCriteriaId": "72928636-9506-4971-B459-CA91F8AD9328"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-b2bking-plugin/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://woocommerce-b2b-plugin.com/changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3f2c4c3-73d6-4b3b-8eb3-c494f52dc183?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
}
]
}

71
CVE-2023/CVE-2023-31xx/CVE-2023-3126.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3126",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:16.093",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:48:53.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site."
},
{
"lang": "es",
"value": "El plugin B2BKing para WordPress es vulnerable al acceso no autorizado de datos debido a la falta de comprobaci\u00f3n en la funci\u00f3n \"b2bkingdownloadpricelist\" en las versiones hasta la v4.6.00 inclusive. Esto hace posible que atacantes autenticados con permisos a nivel de suscriptor o cliente recuperen la lista completa de precios de todos los productos del sitio. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webwizards:b2bking:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.6.00",
"matchCriteriaId": "72928636-9506-4971-B459-CA91F8AD9328"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-b2bking-plugin/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://woocommerce-b2b-plugin.com/changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2e3ac14-1421-49f0-9c60-7f7d5c9d7654?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
}
]
}

66
CVE-2023/CVE-2023-326xx/CVE-2023-32683.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32683",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-06T19:15:11.963",
"lastModified": "2023-06-07T02:45:20.120",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:01:46.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.85.0",
"matchCriteriaId": "57D26682-77B5-428E-B7F8-50A0D2CB3C2E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/matrix-org/synapse/pull/15601",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-32xx/CVE-2023-3214.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-3214",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-13T18:15:22.170",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1450568",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2023/CVE-2023-32xx/CVE-2023-3215.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-3215",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-13T18:15:22.223",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1446274",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2023/CVE-2023-32xx/CVE-2023-3216.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-3216",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-13T18:15:22.273",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1450114",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2023/CVE-2023-32xx/CVE-2023-3217.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-3217",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-13T18:15:22.320",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1450601",
"source": "chrome-cve-admin@google.com"
}
]
}

59
CVE-2023/CVE-2023-32xx/CVE-2023-3224.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3224",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-13T18:15:22.370",
"lastModified": "2023-06-13T19:15:09.640",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/nuxt/nuxt/commit/65a8f4eb3ef1b249a95fd59e323835a96428baff",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/1eb74fd8-0258-4c1f-a904-83b52e373a87",
"source": "security@huntr.dev"
}
]
}

75
CVE-2023/CVE-2023-334xx/CVE-2023-33477.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-33477",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-06T20:15:13.857",
"lastModified": "2023-06-07T02:45:15.873",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:14:00.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:harmonicinc:nsg_9000-6g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B93658-54C2-461E-AFC3-68B998121143"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:harmonicinc:nsg_9000-6g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAABB758-5E30-46E3-A174-8FFF8D36B3D3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Skr11lex/CVE-2023-33477",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

145
CVE-2023/CVE-2023-335xx/CVE-2023-33536.json
View File

@ -2,19 +2,156 @@
"id": "CVE-2023-33536",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T04:15:10.467",
"lastModified": "2023-06-07T12:52:33.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:53:24.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68707068-83D6-460C-9107-1B86FC95F6DC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6212F19C-E507-43BC-B3F0-7DDABB84BE20"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F95370-1001-4194-A0CB-B3CEA027AB6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1520C26-52D3-46E6-B11B-89C4085DDF23"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "694B53D1-8714-4678-A9CF-51FF230C8BC4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr740n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13CA99B0-BE20-4850-9D5E-2CC6020C4775"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6284AB5D-17FD-411B-99A1-948434193041"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7D2E14-77D8-4534-BBD1-D52ADA5B175F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/2/TL-WR940N_TL-WR841N_TL-WR740N_userRpm_WlanMacFilterRpm.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

145
CVE-2023/CVE-2023-335xx/CVE-2023-33537.json
View File

@ -2,19 +2,156 @@
"id": "CVE-2023-33537",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T04:15:10.563",
"lastModified": "2023-06-07T12:52:33.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:53:45.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68707068-83D6-460C-9107-1B86FC95F6DC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6212F19C-E507-43BC-B3F0-7DDABB84BE20"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F95370-1001-4194-A0CB-B3CEA027AB6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1520C26-52D3-46E6-B11B-89C4085DDF23"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "694B53D1-8714-4678-A9CF-51FF230C8BC4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr740n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13CA99B0-BE20-4850-9D5E-2CC6020C4775"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6284AB5D-17FD-411B-99A1-948434193041"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7D2E14-77D8-4534-BBD1-D52ADA5B175F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/1/TL-WR940N_TL-WR841N_TL-WR740N_userRpm_FixMapCfgRpm.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

145
CVE-2023/CVE-2023-335xx/CVE-2023-33538.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33538",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T04:15:10.623",
"lastModified": "2023-06-07T12:52:33.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:53:52.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,148 @@
"value": "Se ha descubierto que TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, y TL-WR740N V1/V2 contienen una vulnerabilidad de inyecci\u00f3n de comandos en el componente /userRpm/WlanNetworkRpm."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68707068-83D6-460C-9107-1B86FC95F6DC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6212F19C-E507-43BC-B3F0-7DDABB84BE20"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F95370-1001-4194-A0CB-B3CEA027AB6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1520C26-52D3-46E6-B11B-89C4085DDF23"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "694B53D1-8714-4678-A9CF-51FF230C8BC4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr740n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13CA99B0-BE20-4850-9D5E-2CC6020C4775"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6284AB5D-17FD-411B-99A1-948434193041"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7D2E14-77D8-4534-BBD1-D52ADA5B175F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-336xx/CVE-2023-33601.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-33601",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T02:15:15.887",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:44:08.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga arbitraria de archivos en \"/admin.php?c=upload\" de phpok v6.4.100 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo PHP manipulado. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpok:phpok:6.4.100:*:*:*:*:*:*:*",
"matchCriteriaId": "5730074C-4684-4569-8B4C-448C9CB688A6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/phpok/phpok/issues/I72D24",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

70
CVE-2023/CVE-2023-336xx/CVE-2023-33604.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-33604",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T02:15:15.930",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T18:45:37.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspReFile function in /sp/ListSp.php. This vulnerability is exploited by attackers via a crafted POST request."
},
{
"lang": "es",
"value": "Se ha descubierto que Imperial CMS v7.5 contiene una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos a trav\u00e9s de la funci\u00f3n \"DelspReFile\" en \"/sp/ListSp.php\". Esta vulnerabilidad es explotada por atacantes a trav\u00e9s de una petici\u00f3n POST manipulada. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imperial_cms_project:imperial_cms:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCB3ED1-F24F-4B6C-8BE2-5B64AD0949F4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.mubucm.com/doc/38rCUPucWz",
"source": "cve@mitre.org"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257484",
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

4
CVE-2023/CVE-2023-336xx/CVE-2023-33620.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33620",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.863",
"lastModified": "2023-06-13T17:15:14.863",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

70
CVE-2023/CVE-2023-336xx/CVE-2023-33690.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-33690",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T16:15:09.447",
"lastModified": "2023-06-05T16:42:43.303",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T19:27:31.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicjs:sonicjs:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.5.4",
"versionEndIncluding": "0.7.0",
"matchCriteriaId": "453662F0-0760-42E7-B029-792CE90CD548"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/lane711/sonicjs/pull/183",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://youtu.be/6ZuwA9CkQLg",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

55
CVE-2023/CVE-2023-341xx/CVE-2023-34113.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34113",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T18:15:21.840",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-341xx/CVE-2023-34114.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34114",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T19:15:09.427",
"lastModified": "2023-06-13T19:15:09.427",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-341xx/CVE-2023-34115.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34115",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T19:15:09.500",
"lastModified": "2023-06-13T19:15:09.500",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer copy without checking size of input in Zoom Meeting SDK before 5.13.0 may allow an authenticated user to potentially enable a denial of service via local access. This issue may result in the Zoom Meeting SDK to crash and need to be restarted."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-341xx/CVE-2023-34120.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34120",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T18:15:21.913",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": " Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-341xx/CVE-2023-34121.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34121",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T18:15:21.987",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": " Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-341xx/CVE-2023-34122.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34122",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T18:15:22.053",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the installer for Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. \n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

4
CVE-2023/CVE-2023-342xx/CVE-2023-34247.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34247",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-13T17:15:14.920",
"lastModified": "2023-06-13T17:15:14.920",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-342xx/CVE-2023-34249.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34249",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-13T17:15:15.003",
"lastModified": "2023-06-13T17:15:15.003",
"vulnStatus": "Received",
"lastModified": "2023-06-13T18:27:41.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

28
CVE-2023/CVE-2023-349xx/CVE-2023-34965.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-34965",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T19:15:09.587",
"lastModified": "2023-06-13T19:15:09.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.google.com/document/d/1TbHYGW65o1HBZoDf0rUDQMHPJE6qfQAvqdFv1DYY4BU/edit?usp=sharing",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/AgentY0/CVE-2023-34965",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Anankke/SSPanel-Uim",
"source": "cve@mitre.org"
}
]
}

101
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-13T18:00:29.145813+00:00
2023-06-13T20:00:26.408854+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-13T17:55:45.267000+00:00
2023-06-13T19:55:26.553000+00:00
```
### Last Data Feed Release
@ -29,66 +29,63 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
217582
217601
```
### CVEs added in the last Commit
Recently added CVEs: `22`
Recently added CVEs: `19`
* [CVE-2022-31635](CVE-2022/CVE-2022-316xx/CVE-2022-31635.json) (`2023-06-13T17:15:12.567`)
* [CVE-2022-31636](CVE-2022/CVE-2022-316xx/CVE-2022-31636.json) (`2023-06-13T17:15:12.640`)
* [CVE-2022-31637](CVE-2022/CVE-2022-316xx/CVE-2022-31637.json) (`2023-06-13T17:15:12.700`)
* [CVE-2022-31638](CVE-2022/CVE-2022-316xx/CVE-2022-31638.json) (`2023-06-13T17:15:12.753`)
* [CVE-2022-31639](CVE-2022/CVE-2022-316xx/CVE-2022-31639.json) (`2023-06-13T17:15:12.807`)
* [CVE-2023-25978](CVE-2023/CVE-2023-259xx/CVE-2023-25978.json) (`2023-06-13T16:15:12.693`)
* [CVE-2023-27624](CVE-2023/CVE-2023-276xx/CVE-2023-27624.json) (`2023-06-13T16:15:12.847`)
* [CVE-2023-33621](CVE-2023/CVE-2023-336xx/CVE-2023-33621.json) (`2023-06-13T16:15:13.027`)
* [CVE-2023-33695](CVE-2023/CVE-2023-336xx/CVE-2023-33695.json) (`2023-06-13T16:15:13.077`)
* [CVE-2023-20867](CVE-2023/CVE-2023-208xx/CVE-2023-20867.json) (`2023-06-13T17:15:14.070`)
* [CVE-2023-27837](CVE-2023/CVE-2023-278xx/CVE-2023-27837.json) (`2023-06-13T17:15:14.327`)
* [CVE-2023-28303](CVE-2023/CVE-2023-283xx/CVE-2023-28303.json) (`2023-06-13T17:15:14.380`)
* [CVE-2023-28598](CVE-2023/CVE-2023-285xx/CVE-2023-28598.json) (`2023-06-13T17:15:14.467`)
* [CVE-2023-28599](CVE-2023/CVE-2023-285xx/CVE-2023-28599.json) (`2023-06-13T17:15:14.537`)
* [CVE-2023-30179](CVE-2023/CVE-2023-301xx/CVE-2023-30179.json) (`2023-06-13T17:15:14.600`)
* [CVE-2023-31437](CVE-2023/CVE-2023-314xx/CVE-2023-31437.json) (`2023-06-13T17:15:14.657`)
* [CVE-2023-31438](CVE-2023/CVE-2023-314xx/CVE-2023-31438.json) (`2023-06-13T17:15:14.707`)
* [CVE-2023-31439](CVE-2023/CVE-2023-314xx/CVE-2023-31439.json) (`2023-06-13T17:15:14.753`)
* [CVE-2023-31541](CVE-2023/CVE-2023-315xx/CVE-2023-31541.json) (`2023-06-13T17:15:14.810`)
* [CVE-2023-33620](CVE-2023/CVE-2023-336xx/CVE-2023-33620.json) (`2023-06-13T17:15:14.863`)
* [CVE-2023-34247](CVE-2023/CVE-2023-342xx/CVE-2023-34247.json) (`2023-06-13T17:15:14.920`)
* [CVE-2023-34249](CVE-2023/CVE-2023-342xx/CVE-2023-34249.json) (`2023-06-13T17:15:15.003`)
* [CVE-2022-43684](CVE-2022/CVE-2022-436xx/CVE-2022-43684.json) (`2023-06-13T19:15:09.243`)
* [CVE-2023-1707](CVE-2023/CVE-2023-17xx/CVE-2023-1707.json) (`2023-06-13T18:15:21.450`)
* [CVE-2023-28600](CVE-2023/CVE-2023-286xx/CVE-2023-28600.json) (`2023-06-13T18:15:21.533`)
* [CVE-2023-28601](CVE-2023/CVE-2023-286xx/CVE-2023-28601.json) (`2023-06-13T18:15:21.613`)
* [CVE-2023-28602](CVE-2023/CVE-2023-286xx/CVE-2023-28602.json) (`2023-06-13T18:15:21.683`)
* [CVE-2023-28603](CVE-2023/CVE-2023-286xx/CVE-2023-28603.json) (`2023-06-13T18:15:21.760`)
* [CVE-2023-34113](CVE-2023/CVE-2023-341xx/CVE-2023-34113.json) (`2023-06-13T18:15:21.840`)
* [CVE-2023-34120](CVE-2023/CVE-2023-341xx/CVE-2023-34120.json) (`2023-06-13T18:15:21.913`)
* [CVE-2023-34121](CVE-2023/CVE-2023-341xx/CVE-2023-34121.json) (`2023-06-13T18:15:21.987`)
* [CVE-2023-34122](CVE-2023/CVE-2023-341xx/CVE-2023-34122.json) (`2023-06-13T18:15:22.053`)
* [CVE-2023-3214](CVE-2023/CVE-2023-32xx/CVE-2023-3214.json) (`2023-06-13T18:15:22.170`)
* [CVE-2023-3215](CVE-2023/CVE-2023-32xx/CVE-2023-3215.json) (`2023-06-13T18:15:22.223`)
* [CVE-2023-3216](CVE-2023/CVE-2023-32xx/CVE-2023-3216.json) (`2023-06-13T18:15:22.273`)
* [CVE-2023-3217](CVE-2023/CVE-2023-32xx/CVE-2023-3217.json) (`2023-06-13T18:15:22.320`)
* [CVE-2023-27836](CVE-2023/CVE-2023-278xx/CVE-2023-27836.json) (`2023-06-13T19:15:09.317`)
* [CVE-2023-34114](CVE-2023/CVE-2023-341xx/CVE-2023-34114.json) (`2023-06-13T19:15:09.427`)
* [CVE-2023-34115](CVE-2023/CVE-2023-341xx/CVE-2023-34115.json) (`2023-06-13T19:15:09.500`)
* [CVE-2023-34965](CVE-2023/CVE-2023-349xx/CVE-2023-34965.json) (`2023-06-13T19:15:09.587`)
* [CVE-2023-3224](CVE-2023/CVE-2023-32xx/CVE-2023-3224.json) (`2023-06-13T18:15:22.370`)
### CVEs modified in the last Commit
Recently modified CVEs: `70`
Recently modified CVEs: `63`
* [CVE-2023-2183](CVE-2023/CVE-2023-21xx/CVE-2023-2183.json) (`2023-06-13T16:30:57.630`)
* [CVE-2023-32682](CVE-2023/CVE-2023-326xx/CVE-2023-32682.json) (`2023-06-13T16:32:56.227`)
* [CVE-2023-2801](CVE-2023/CVE-2023-28xx/CVE-2023-2801.json) (`2023-06-13T16:33:49.213`)
* [CVE-2023-34111](CVE-2023/CVE-2023-341xx/CVE-2023-34111.json) (`2023-06-13T16:35:51.807`)
* [CVE-2023-2132](CVE-2023/CVE-2023-21xx/CVE-2023-2132.json) (`2023-06-13T16:36:26.880`)
* [CVE-2023-3064](CVE-2023/CVE-2023-30xx/CVE-2023-3064.json) (`2023-06-13T16:41:22.930`)
* [CVE-2023-33476](CVE-2023/CVE-2023-334xx/CVE-2023-33476.json) (`2023-06-13T16:49:19.823`)
* [CVE-2023-2503](CVE-2023/CVE-2023-25xx/CVE-2023-2503.json) (`2023-06-13T16:50:13.987`)
* [CVE-2023-2571](CVE-2023/CVE-2023-25xx/CVE-2023-2571.json) (`2023-06-13T16:50:40.203`)
* [CVE-2023-23831](CVE-2023/CVE-2023-238xx/CVE-2023-23831.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-25964](CVE-2023/CVE-2023-259xx/CVE-2023-25964.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-26528](CVE-2023/CVE-2023-265xx/CVE-2023-26528.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-26538](CVE-2023/CVE-2023-265xx/CVE-2023-26538.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-28620](CVE-2023/CVE-2023-286xx/CVE-2023-28620.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-33568](CVE-2023/CVE-2023-335xx/CVE-2023-33568.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-35064](CVE-2023/CVE-2023-350xx/CVE-2023-35064.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-24880](CVE-2023/CVE-2023-248xx/CVE-2023-24880.json) (`2023-06-13T17:15:14.197`)
* [CVE-2023-34097](CVE-2023/CVE-2023-340xx/CVE-2023-34097.json) (`2023-06-13T17:20:19.417`)
* [CVE-2023-3065](CVE-2023/CVE-2023-30xx/CVE-2023-3065.json) (`2023-06-13T17:32:12.733`)
* [CVE-2023-28352](CVE-2023/CVE-2023-283xx/CVE-2023-28352.json) (`2023-06-13T17:32:41.937`)
* [CVE-2023-3096](CVE-2023/CVE-2023-30xx/CVE-2023-3096.json) (`2023-06-13T17:45:20.013`)
* [CVE-2023-3097](CVE-2023/CVE-2023-30xx/CVE-2023-3097.json) (`2023-06-13T17:46:09.980`)
* [CVE-2023-3098](CVE-2023/CVE-2023-30xx/CVE-2023-3098.json) (`2023-06-13T17:47:45.300`)
* [CVE-2023-3099](CVE-2023/CVE-2023-30xx/CVE-2023-3099.json) (`2023-06-13T17:49:43.407`)
* [CVE-2023-3044](CVE-2023/CVE-2023-30xx/CVE-2023-3044.json) (`2023-06-13T17:55:45.267`)
* [CVE-2023-3125](CVE-2023/CVE-2023-31xx/CVE-2023-3125.json) (`2023-06-13T18:48:26.397`)
* [CVE-2023-3126](CVE-2023/CVE-2023-31xx/CVE-2023-3126.json) (`2023-06-13T18:48:53.053`)
* [CVE-2023-0666](CVE-2023/CVE-2023-06xx/CVE-2023-0666.json) (`2023-06-13T18:50:23.657`)
* [CVE-2023-0667](CVE-2023/CVE-2023-06xx/CVE-2023-0667.json) (`2023-06-13T18:51:26.077`)
* [CVE-2023-0668](CVE-2023/CVE-2023-06xx/CVE-2023-0668.json) (`2023-06-13T18:51:48.703`)
* [CVE-2023-29631](CVE-2023/CVE-2023-296xx/CVE-2023-29631.json) (`2023-06-13T18:51:57.063`)
* [CVE-2023-29630](CVE-2023/CVE-2023-296xx/CVE-2023-29630.json) (`2023-06-13T18:52:24.427`)
* [CVE-2023-33536](CVE-2023/CVE-2023-335xx/CVE-2023-33536.json) (`2023-06-13T18:53:24.247`)
* [CVE-2023-33537](CVE-2023/CVE-2023-335xx/CVE-2023-33537.json) (`2023-06-13T18:53:45.007`)
* [CVE-2023-33538](CVE-2023/CVE-2023-335xx/CVE-2023-33538.json) (`2023-06-13T18:53:52.230`)
* [CVE-2023-0976](CVE-2023/CVE-2023-09xx/CVE-2023-0976.json) (`2023-06-13T18:56:11.973`)
* [CVE-2023-1388](CVE-2023/CVE-2023-13xx/CVE-2023-1388.json) (`2023-06-13T18:58:22.700`)
* [CVE-2023-32683](CVE-2023/CVE-2023-326xx/CVE-2023-32683.json) (`2023-06-13T19:01:46.477`)
* [CVE-2023-2253](CVE-2023/CVE-2023-22xx/CVE-2023-2253.json) (`2023-06-13T19:09:09.617`)
* [CVE-2023-31893](CVE-2023/CVE-2023-318xx/CVE-2023-31893.json) (`2023-06-13T19:12:30.960`)
* [CVE-2023-33477](CVE-2023/CVE-2023-334xx/CVE-2023-33477.json) (`2023-06-13T19:14:00.687`)
* [CVE-2023-33690](CVE-2023/CVE-2023-336xx/CVE-2023-33690.json) (`2023-06-13T19:27:31.120`)
* [CVE-2023-2157](CVE-2023/CVE-2023-21xx/CVE-2023-2157.json) (`2023-06-13T19:30:29.680`)
* [CVE-2023-1621](CVE-2023/CVE-2023-16xx/CVE-2023-1621.json) (`2023-06-13T19:36:25.590`)
* [CVE-2023-2405](CVE-2023/CVE-2023-24xx/CVE-2023-2405.json) (`2023-06-13T19:40:24.123`)
* [CVE-2023-2404](CVE-2023/CVE-2023-24xx/CVE-2023-2404.json) (`2023-06-13T19:40:27.617`)
* [CVE-2023-2416](CVE-2023/CVE-2023-24xx/CVE-2023-2416.json) (`2023-06-13T19:46:40.043`)
* [CVE-2023-2406](CVE-2023/CVE-2023-24xx/CVE-2023-2406.json) (`2023-06-13T19:50:09.870`)
* [CVE-2023-2407](CVE-2023/CVE-2023-24xx/CVE-2023-2407.json) (`2023-06-13T19:52:56.267`)
* [CVE-2023-0635](CVE-2023/CVE-2023-06xx/CVE-2023-0635.json) (`2023-06-13T19:55:26.553`)
## Download and Usage