admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-24T21:02:04.877275+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-24 21:02:08 +00:00
parent 0aa4301a40
commit cd809802dc
17 changed files with 799 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
CVE-2023/CVE-2023-263xx/CVE-2023-26364.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-26364",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-17T14:15:21.083",
"lastModified": "2023-11-17T17:28:23.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T19:28:52.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges."
},
{
"lang": "es",
"value": "@adobe/css-tools versi\u00f3n 4.3.0 y anteriores se ven afectados por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar una denegaci\u00f3n menor de servicio al intentar analizar CSS. La explotaci\u00f3n de este problema no requiere interacci\u00f3n ni privilegios del usuario."
}
],
"metrics": {
@ -35,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -46,10 +60,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:css-tools:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "4.3.1",
"matchCriteriaId": "F9094691-0347-4E4A-9781-7204190B42C2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-467xx/CVE-2023-46734.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46734",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-10T18:15:09.360",
"lastModified": "2023-11-16T23:39:46.127",
"vulnStatus": "Analyzed",
"lastModified": "2023-11-24T20:15:07.190",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -61,7 +61,7 @@
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"type": "Primary",
"description": [
{
"lang": "en",
@ -145,6 +145,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html",
"source": "security-advisories@github.com"
}
]
}

51
CVE-2023/CVE-2023-472xx/CVE-2023-47243.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47243",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-18T22:15:07.100",
"lastModified": "2023-11-20T00:02:59.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T19:28:52.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop ???? ????? \u2013 MSHOP MY SITE.This issue affects ???? ????? \u2013 MSHOP MY SITE: from n/a through 1.1.6.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en CodeMShop \u2013 MSHOP MY SITE. Este problema afecta MSHOP MY SITE: desde n/a hasta 1.1.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codemshop:mshop_my_site:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.6",
"matchCriteriaId": "E999B17D-92C7-476F-AAF2-06EAD0D0BAF9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mshop-mysite/wordpress-mshop-my-site-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-475xx/CVE-2023-47519.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47519",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-18T22:15:07.297",
"lastModified": "2023-11-20T00:02:51.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T19:28:40.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite.This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WC Product Table WooCommerce Product Table Lite. Este problema afecta a WooCommerce Product Table Lite: desde n/a hasta 2.6.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wcproducttable:woocommerce_product_table_lite:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6.2",
"matchCriteriaId": "EE0C838C-2E8C-42BC-8A9B-0295F06BC92F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wc-product-table-lite/wordpress-woocommerce-product-table-lite-plugin-2-6-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-475xx/CVE-2023-47531.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47531",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-18T22:15:07.477",
"lastModified": "2023-11-20T00:02:51.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T19:28:13.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Dark Mode.This issue affects Droit Dark Mode: from n/a through 1.1.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en DroitThemes Droit Dark Mode. Este problema afecta al Droit Dark Mode: desde n/a hasta 1.1.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:droitthemes:droit_dark_mode:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.2",
"matchCriteriaId": "14A6379B-CFB6-4005-8EFA-AB245269C4E9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/droit-dark-mode/wordpress-droit-dark-mode-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-475xx/CVE-2023-47551.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47551",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-18T22:15:07.670",
"lastModified": "2023-11-20T00:02:51.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T19:08:13.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy \u2013 Smart Donations.This issue affects Donations Made Easy \u2013 Smart Donations: from n/a through 4.0.12.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en RedNao Donations Made Easy \u2013 Smart Donations. Este problema afecta a Donations Made Easy \u2013 Smart Donations: desde n/a hasta 4.0.12."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rednao:donations_made_easy_-_smart_donations:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.0.12",
"matchCriteriaId": "CF2CF4D9-CEA8-405C-AF65-15499E991E4F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/smart-donations/wordpress-donations-made-easy-smart-donations-plugin-4-0-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-475xx/CVE-2023-47556.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47556",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-18T22:15:08.217",
"lastModified": "2023-11-20T00:02:51.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T19:23:37.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Device Theme Switcher.This issue affects Device Theme Switcher: from n/a through 3.0.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en James Mehorter Device Theme Switcher. Este problema afecta a Device Theme Switcher: desde n/a hasta 3.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jamesmehorter:device_theme_switcher:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0.2",
"matchCriteriaId": "9E2C30D4-5082-4661-A624-E73FED0BD531"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/device-theme-switcher/wordpress-plugin-name-device-theme-switcher-plugin-3-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-476xx/CVE-2023-47670.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47670",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-18T21:15:09.510",
"lastModified": "2023-11-20T00:02:59.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T19:32:36.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.This issue affects Korea SNS: from n/a through 1.6.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Jongmyoung Kim Korea SNS. Este problema afecta a Korea SNS: desde n/a hasta 1.6.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icansoft:korea_sns:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.3",
"matchCriteriaId": "3FFC7D3F-8652-4783-868B-37F3AEE71573"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/korea-sns/wordpress-korea-sns-plugin-1-6-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-476xx/CVE-2023-47671.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47671",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-18T21:15:09.767",
"lastModified": "2023-11-20T00:02:59.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T19:32:26.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent.This issue affects Vertical scroll recent post: from n/a through 14.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Gopi Ramasamy Vertical scroll recent. Este problema afecta a Vertical scroll recent post: desde n/a hasta 14.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gopiplus:vertical_scroll_recent_registered_user:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "9.1",
"matchCriteriaId": "2A72A15B-E11C-44DC-BC2E-2067EA7F4320"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/vertical-scroll-recent-post/wordpress-vertical-scroll-recent-post-plugin-14-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-476xx/CVE-2023-47672.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47672",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-18T21:15:09.960",
"lastModified": "2023-11-20T00:02:59.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T19:31:58.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget.This issue affects WP Category Post List Widget: from n/a through 2.0.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Swashata WP Category Post List Widget. Este problema afecta a WP Category Post List Widget: desde n/a hasta 2.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:swashata:wp_category_post_list_widget:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.3",
"matchCriteriaId": "43E99C01-2141-467B-979A-8356FDA95E2F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-category-posts-list/wordpress-wp-category-post-list-widget-plugin-2-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-476xx/CVE-2023-47685.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47685",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-18T21:15:10.147",
"lastModified": "2023-11-20T00:02:59.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T19:31:48.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Lukman Nakib Preloader Matrix. Este problema afecta a Preloader Matrix: desde n/a hasta 2.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nkb-bd:preloader_matrix:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.1",
"matchCriteriaId": "75FA841F-1E11-4F0C-8307-7B4F2AF81BD1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/matrix-pre-loader/wordpress-preloader-matrix-plugin-2-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-47xx/CVE-2023-4799.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-4799",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-11-20T19:15:09.433",
"lastModified": "2023-11-21T09:15:07.360",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T19:20:55.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Magic Embeds WordPress plugin before 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
},
{
"lang": "es",
"value": "El complemento Magic Embeds de WordPress anterior a 3.1.2 no valida ni escapa algunos de sus atributos de c\u00f3digo corto antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde se incrusta el c\u00f3digo corto, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superiores realizar ataques de Cross-Site Scripting Almacenado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpembedfb:magic_embeds:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.2",
"matchCriteriaId": "732CAFAB-FAF9-4A1D-B708-5B4FF2E1ACCD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/04c71873-5ae7-4f94-8ba9-03e03ff55180",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-48xx/CVE-2023-4824.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-4824",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-11-20T19:15:09.537",
"lastModified": "2023-11-20T19:18:46.073",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T19:20:38.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"
},
{
"lang": "es",
"value": "El tema WooHoo Newspaper Magazine no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bdaia:woohoo_newspaper_magazine_theme:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.4.3",
"matchCriteriaId": "531BA0C5-B46E-43E1-87DE-1670E15819A4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/71c616ff-0a7e-4f6d-950b-79c469a28263",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

36
CVE-2023/CVE-2023-492xx/CVE-2023-49298.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-49298",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-24T19:15:07.587",
"lastModified": "2023-11-24T19:15:07.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions."
}
],
"metrics": {},
"references": [
{
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/openzfs/zfs/issues/15526",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/openzfs/zfs/pull/15571",
"source": "cve@mitre.org"
},
{
"url": "https://news.ycombinator.com/item?id=38405731",
"source": "cve@mitre.org"
},
{
"url": "https://web.archive.org/web/20231124172959/https://www.ibm.com/support/pages/how-remove-missing%C2%A0newline%C2%A0or%C2%A0line%C2%A0too%C2%A0long-error-etchostsallow%C2%A0and%C2%A0etchostsdeny-files",
"source": "cve@mitre.org"
}
]
}

67
CVE-2023/CVE-2023-62xx/CVE-2023-6277.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-6277",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-24T19:15:07.643",
"lastModified": "2023-11-24T19:15:07.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6277",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251311",
"source": "secalert@redhat.com"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/614",
"source": "secalert@redhat.com"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/545",
"source": "secalert@redhat.com"
}
]
}

59
CVE-2023/CVE-2023-62xx/CVE-2023-6293.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6293",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-24T20:15:07.293",
"lastModified": "2023-11-24T20:15:07.293",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
],
"references": [
{
"url": "https://github.com/robinbuschmann/sequelize-typescript/commit/5ce8afdd1671b08c774ce106b000605ba8fccf78",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/36a7ecbf-4d3d-462e-86a3-cda7b1ec64e2",
"source": "security@huntr.dev"
}
]
}

49
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-24T19:00:48.663549+00:00
2023-11-24T21:02:04.877275+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-24T18:59:18.123000+00:00
2023-11-24T20:15:07.293000+00:00
```
### Last Data Feed Release
@ -29,42 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231482
231485
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `3`
* [CVE-2023-48711](CVE-2023/CVE-2023-487xx/CVE-2023-48711.json) (`2023-11-24T17:15:07.563`)
* [CVE-2023-48712](CVE-2023/CVE-2023-487xx/CVE-2023-48712.json) (`2023-11-24T17:15:08.453`)
* [CVE-2023-48312](CVE-2023/CVE-2023-483xx/CVE-2023-48312.json) (`2023-11-24T18:15:07.127`)
* [CVE-2023-48707](CVE-2023/CVE-2023-487xx/CVE-2023-48707.json) (`2023-11-24T18:15:07.327`)
* [CVE-2023-48708](CVE-2023/CVE-2023-487xx/CVE-2023-48708.json) (`2023-11-24T18:15:07.520`)
* [CVE-2023-49298](CVE-2023/CVE-2023-492xx/CVE-2023-49298.json) (`2023-11-24T19:15:07.587`)
* [CVE-2023-6277](CVE-2023/CVE-2023-62xx/CVE-2023-6277.json) (`2023-11-24T19:15:07.643`)
* [CVE-2023-6293](CVE-2023/CVE-2023-62xx/CVE-2023-6293.json) (`2023-11-24T20:15:07.293`)
### CVEs modified in the last Commit
Recently modified CVEs: `18`
Recently modified CVEs: `13`
* [CVE-2023-36008](CVE-2023/CVE-2023-360xx/CVE-2023-36008.json) (`2023-11-24T17:48:44.297`)
* [CVE-2023-39547](CVE-2023/CVE-2023-395xx/CVE-2023-39547.json) (`2023-11-24T17:56:56.657`)
* [CVE-2023-48235](CVE-2023/CVE-2023-482xx/CVE-2023-48235.json) (`2023-11-24T18:20:58.407`)
* [CVE-2023-39548](CVE-2023/CVE-2023-395xx/CVE-2023-39548.json) (`2023-11-24T18:22:13.360`)
* [CVE-2023-39546](CVE-2023/CVE-2023-395xx/CVE-2023-39546.json) (`2023-11-24T18:24:30.423`)
* [CVE-2023-39545](CVE-2023/CVE-2023-395xx/CVE-2023-39545.json) (`2023-11-24T18:24:50.303`)
* [CVE-2023-39544](CVE-2023/CVE-2023-395xx/CVE-2023-39544.json) (`2023-11-24T18:25:04.833`)
* [CVE-2023-4218](CVE-2023/CVE-2023-42xx/CVE-2023-4218.json) (`2023-11-24T18:25:48.900`)
* [CVE-2023-48231](CVE-2023/CVE-2023-482xx/CVE-2023-48231.json) (`2023-11-24T18:26:24.193`)
* [CVE-2023-48237](CVE-2023/CVE-2023-482xx/CVE-2023-48237.json) (`2023-11-24T18:27:43.777`)
* [CVE-2023-48236](CVE-2023/CVE-2023-482xx/CVE-2023-48236.json) (`2023-11-24T18:35:53.927`)
* [CVE-2023-48234](CVE-2023/CVE-2023-482xx/CVE-2023-48234.json) (`2023-11-24T18:36:37.530`)
* [CVE-2023-48233](CVE-2023/CVE-2023-482xx/CVE-2023-48233.json) (`2023-11-24T18:39:13.307`)
* [CVE-2023-48232](CVE-2023/CVE-2023-482xx/CVE-2023-48232.json) (`2023-11-24T18:39:43.887`)
* [CVE-2023-47553](CVE-2023/CVE-2023-475xx/CVE-2023-47553.json) (`2023-11-24T18:48:25.417`)
* [CVE-2023-47552](CVE-2023/CVE-2023-475xx/CVE-2023-47552.json) (`2023-11-24T18:49:15.377`)
* [CVE-2023-5140](CVE-2023/CVE-2023-51xx/CVE-2023-5140.json) (`2023-11-24T18:49:51.220`)
* [CVE-2023-4970](CVE-2023/CVE-2023-49xx/CVE-2023-4970.json) (`2023-11-24T18:59:18.123`)
* [CVE-2023-47551](CVE-2023/CVE-2023-475xx/CVE-2023-47551.json) (`2023-11-24T19:08:13.707`)
* [CVE-2023-4824](CVE-2023/CVE-2023-48xx/CVE-2023-4824.json) (`2023-11-24T19:20:38.407`)
* [CVE-2023-4799](CVE-2023/CVE-2023-47xx/CVE-2023-4799.json) (`2023-11-24T19:20:55.237`)
* [CVE-2023-47556](CVE-2023/CVE-2023-475xx/CVE-2023-47556.json) (`2023-11-24T19:23:37.167`)
* [CVE-2023-47531](CVE-2023/CVE-2023-475xx/CVE-2023-47531.json) (`2023-11-24T19:28:13.333`)
* [CVE-2023-47519](CVE-2023/CVE-2023-475xx/CVE-2023-47519.json) (`2023-11-24T19:28:40.537`)
* [CVE-2023-47243](CVE-2023/CVE-2023-472xx/CVE-2023-47243.json) (`2023-11-24T19:28:52.237`)
* [CVE-2023-26364](CVE-2023/CVE-2023-263xx/CVE-2023-26364.json) (`2023-11-24T19:28:52.777`)
* [CVE-2023-47685](CVE-2023/CVE-2023-476xx/CVE-2023-47685.json) (`2023-11-24T19:31:48.237`)
* [CVE-2023-47672](CVE-2023/CVE-2023-476xx/CVE-2023-47672.json) (`2023-11-24T19:31:58.587`)
* [CVE-2023-47671](CVE-2023/CVE-2023-476xx/CVE-2023-47671.json) (`2023-11-24T19:32:26.483`)
* [CVE-2023-47670](CVE-2023/CVE-2023-476xx/CVE-2023-47670.json) (`2023-11-24T19:32:36.557`)
* [CVE-2023-46734](CVE-2023/CVE-2023-467xx/CVE-2023-46734.json) (`2023-11-24T20:15:07.190`)
## Download and Usage