diff --git a/CVE-2023/CVE-2023-02xx/CVE-2023-0274.json b/CVE-2023/CVE-2023-02xx/CVE-2023-0274.json index 88a0197fbe9..1d741e30aaf 100644 --- a/CVE-2023/CVE-2023-02xx/CVE-2023-0274.json +++ b/CVE-2023/CVE-2023-02xx/CVE-2023-0274.json @@ -2,15 +2,38 @@ "id": "CVE-2023-0274", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-16T12:15:12.067", - "lastModified": "2023-08-16T12:16:08.247", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T13:07:47.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:asandia:url_params:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.5", + "matchCriteriaId": "C6E0B581-A566-4AE7-8500-EEC3A8BB200E" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/4f6197b6-6d4c-4986-b54c-453b17e94812", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-05xx/CVE-2023-0579.json b/CVE-2023/CVE-2023-05xx/CVE-2023-0579.json index ca6c5008f2e..51fdcf8e09c 100644 --- a/CVE-2023/CVE-2023-05xx/CVE-2023-0579.json +++ b/CVE-2023/CVE-2023-05xx/CVE-2023-0579.json @@ -2,15 +2,38 @@ "id": "CVE-2023-0579", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-16T12:15:12.233", - "lastModified": "2023-08-16T12:16:08.247", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T13:07:29.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yarpp:yarpp:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.30.3", + "matchCriteriaId": "BCE6D77C-4087-4EE1-801A-5E46F21ABA03" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/574f7607-96d8-4ef8-b96c-0425ad7e7690", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1110.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1110.json index e82ad5cead6..e59b02d9c07 100644 --- a/CVE-2023/CVE-2023-11xx/CVE-2023-1110.json +++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1110.json @@ -2,15 +2,38 @@ "id": "CVE-2023-1110", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-16T12:15:12.337", - "lastModified": "2023-08-16T12:16:08.247", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T13:07:10.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yellowyard:yellow_yard_searchbar:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.8.12", + "matchCriteriaId": "5A3CEC43-0ECE-4961-9F57-05E90C96858A" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/1830e829-4a43-4d98-8214-eecec6bef694", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1465.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1465.json index 4b673a5277c..d1fd3f8592c 100644 --- a/CVE-2023/CVE-2023-14xx/CVE-2023-1465.json +++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1465.json @@ -2,15 +2,38 @@ "id": "CVE-2023-1465", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-16T12:15:12.420", - "lastModified": "2023-08-16T12:16:08.247", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T13:06:29.540", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpeasypay:wp_easypay:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.1", + "matchCriteriaId": "7A6F8061-778E-4A0C-957C-AE0AE7DA4EED" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/13f59eb4-0744-4fdb-94b5-886ee6bdd867", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25913.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25913.json index afc1146ce3a..1400b026e6b 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25913.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25913.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25913", "sourceIdentifier": "csirt@divd.nl", "published": "2023-08-21T21:15:07.993", - "lastModified": "2023-08-21T21:15:07.993", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25914.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25914.json index 4377e2721a8..fdaad5fdb3c 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25914.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25914.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25914", "sourceIdentifier": "csirt@divd.nl", "published": "2023-08-21T21:15:08.970", - "lastModified": "2023-08-21T21:15:08.970", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25915.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25915.json index 4bc8770ce25..effaf9e0e62 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25915.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25915.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25915", "sourceIdentifier": "csirt@divd.nl", "published": "2023-08-21T21:15:09.170", - "lastModified": "2023-08-21T21:15:09.170", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30473.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30473.json index 793001f2754..541c07d4ba3 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30473.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30473.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30473", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-16T10:15:18.813", - "lastModified": "2023-08-16T12:02:41.873", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T13:20:41.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:icopydoc:yml_for_yandex_market:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.10.7", + "matchCriteriaId": "5CBE6EE1-0D75-40D0-8963-8773D9E85E08" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/yml-for-yandex-market/wordpress-yml-for-yandex-market-plugin-3-10-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30782.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30782.json index 794c70713e6..4fd53f1aa7f 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30782.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30782.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30782", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-16T10:15:20.897", - "lastModified": "2023-08-16T12:02:41.873", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T13:19:16.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:churchadminplugin:church_admin:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.7.5", + "matchCriteriaId": "F79719E7-B08B-4926-8B36-8D870D9FF096" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-3-7-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30784.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30784.json index 4ba485c7597..b0a8a3ff987 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30784.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30784.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30784", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-16T10:15:21.073", - "lastModified": "2023-08-16T12:02:41.873", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T13:18:28.450", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kayastudio:kaya_qr_code_generator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.2", + "matchCriteriaId": "B84184CC-F341-47C7-A06E-EA309EC58138" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/kaya-qr-code-generator/wordpress-kaya-qr-code-generator-plugin-1-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30785.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30785.json index be6b67334da..4fa1a5932b8 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30785.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30785.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30785", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-16T10:15:21.230", - "lastModified": "2023-08-16T12:02:41.873", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T13:18:07.123", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:i13websolution:video_grid:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.21", + "matchCriteriaId": "36B520BD-8A04-4FBA-9E87-7D72D079D003" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/video-grid/wordpress-video-grid-plugin-1-21-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36787.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36787.json index 466caaa95b7..8230a5393ed 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36787.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36787.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36787", "sourceIdentifier": "secure@microsoft.com", "published": "2023-08-21T20:15:08.637", - "lastModified": "2023-08-21T20:15:08.637", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38158.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38158.json index c79805fb483..8bca7226dcb 100644 --- a/CVE-2023/CVE-2023-381xx/CVE-2023-38158.json +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38158.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38158", "sourceIdentifier": "secure@microsoft.com", "published": "2023-08-21T20:15:08.737", - "lastModified": "2023-08-21T20:15:08.737", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38850.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38850.json index 77ce75d2957..b5eaf517a11 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38850.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38850.json @@ -2,19 +2,75 @@ "id": "CVE-2023-38850", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-15T17:15:10.480", - "lastModified": "2023-08-15T17:15:41.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T13:30:25.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an attacker to cause a denial of service via the codedoc.c:1742 comppnent." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:msweet:codedoc:3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "9B20B4BC-4E97-4EA9-AD35-BD6481E6062C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/michaelrsweet/codedoc/issues/15", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38896.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38896.json index 470daaab07e..f6cf9e23a47 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38896.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38896.json @@ -2,27 +2,91 @@ "id": "CVE-2023-38896", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-15T17:15:12.027", - "lastModified": "2023-08-15T17:15:41.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-22T13:30:00.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.0.194", + "matchCriteriaId": "684470ED-FCDD-4CE3-8BD5-7CCAB07F53B7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/hwchase17/langchain/issues/5872", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/hwchase17/langchain/pull/6003", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://twitter.com/llm_sec/status/1668711587287375876", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38906.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38906.json index c595af7f714..511f984fb28 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38906.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38906.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38906", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T00:15:07.920", - "lastModified": "2023-08-22T00:15:07.920", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38908.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38908.json index 3b10df6fafa..6e33a0cc3a3 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38908.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38908.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38908", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T01:15:08.153", - "lastModified": "2023-08-22T01:15:08.153", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38909.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38909.json index 9181cdff857..2de71f8ccb5 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38909.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38909.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38909", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T01:15:08.537", - "lastModified": "2023-08-22T01:15:08.537", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40352.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40352.json index 26a1aae79a2..df1766b3417 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40352.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40352.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40352", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-21T19:15:08.607", - "lastModified": "2023-08-21T19:15:08.607", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs." + }, + { + "lang": "es", + "value": "McAfee Safe Connect anterior a la versi\u00f3n 2.16.1.126 puede permitir a un adversario con privilegios de sistema conseguir una escalada de privilegios cargando DLLs arbitrarias. " } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4301.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4301.json index fbbdb9f6562..e356e5d5968 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4301.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4301.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4301", "sourceIdentifier": "security@opentext.com", "published": "2023-08-21T23:15:09.107", - "lastModified": "2023-08-21T23:15:09.107", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4302.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4302.json index 0878a4c8483..b754aae2631 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4302.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4302.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4302", "sourceIdentifier": "security@opentext.com", "published": "2023-08-21T23:15:09.247", - "lastModified": "2023-08-21T23:15:09.247", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4303.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4303.json index 0f438ff7ef2..9964892831d 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4303.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4303.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4303", "sourceIdentifier": "security@opentext.com", "published": "2023-08-21T23:15:09.337", - "lastModified": "2023-08-21T23:15:09.337", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.\n\n" + }, + { + "lang": "es", + "value": "El plugin Jenkins Fortify v22.1.38 y anteriores no escapa el mensaje de error para un m\u00e9todo de validaci\u00f3n de formularios, lo que resulta en una vulnerabilidad de inyecci\u00f3n HTML. " } ], "metrics": { diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4368.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4368.json index e1a8b5c0b2a..b3f6683323c 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4368.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4368.json @@ -2,31 +2,118 @@ "id": "CVE-2023-4368", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-15T18:15:13.597", - "lastModified": "2023-08-20T03:15:20.517", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-22T13:42:31.027", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.96", + "matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1467751", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5479", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4373.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4373.json index f5bd5f93dea..dfd8962940c 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4373.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4373.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4373", "sourceIdentifier": "security@devolutions.net", "published": "2023-08-21T19:15:08.787", - "lastModified": "2023-08-21T19:15:08.787", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4417.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4417.json index 3257182a9c5..16ddb7b7dbf 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4417.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4417.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4417", "sourceIdentifier": "security@devolutions.net", "published": "2023-08-21T19:15:09.187", - "lastModified": "2023-08-21T19:15:09.187", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json index 966d7d8a4a9..f38f4f7fd00 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4459", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-21T19:15:09.373", - "lastModified": "2023-08-21T19:15:09.373", - "vulnStatus": "Received", + "lastModified": "2023-08-22T12:41:26.783", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 8bcb7b810b0..0dea7dd6615 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-22T04:00:33.919170+00:00 +2023-08-22T14:00:31.258845+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-22T02:22:07.450000+00:00 +2023-08-22T13:42:31.027000+00:00 ``` ### Last Data Feed Release @@ -40,11 +40,33 @@ Recently added CVEs: `0` ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `26` -* [CVE-2023-40283](CVE-2023/CVE-2023-402xx/CVE-2023-40283.json) (`2023-08-22T02:06:18.883`) -* [CVE-2023-35082](CVE-2023/CVE-2023-350xx/CVE-2023-35082.json) (`2023-08-22T02:16:30.973`) -* [CVE-2023-38860](CVE-2023/CVE-2023-388xx/CVE-2023-38860.json) (`2023-08-22T02:22:07.450`) +* [CVE-2023-4373](CVE-2023/CVE-2023-43xx/CVE-2023-4373.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-4417](CVE-2023/CVE-2023-44xx/CVE-2023-4417.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-4459](CVE-2023/CVE-2023-44xx/CVE-2023-4459.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-36787](CVE-2023/CVE-2023-367xx/CVE-2023-36787.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-38158](CVE-2023/CVE-2023-381xx/CVE-2023-38158.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-25913](CVE-2023/CVE-2023-259xx/CVE-2023-25913.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-25914](CVE-2023/CVE-2023-259xx/CVE-2023-25914.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-25915](CVE-2023/CVE-2023-259xx/CVE-2023-25915.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-4301](CVE-2023/CVE-2023-43xx/CVE-2023-4301.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-4302](CVE-2023/CVE-2023-43xx/CVE-2023-4302.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-4303](CVE-2023/CVE-2023-43xx/CVE-2023-4303.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-38906](CVE-2023/CVE-2023-389xx/CVE-2023-38906.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-38908](CVE-2023/CVE-2023-389xx/CVE-2023-38908.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-38909](CVE-2023/CVE-2023-389xx/CVE-2023-38909.json) (`2023-08-22T12:41:26.783`) +* [CVE-2023-1465](CVE-2023/CVE-2023-14xx/CVE-2023-1465.json) (`2023-08-22T13:06:29.540`) +* [CVE-2023-1110](CVE-2023/CVE-2023-11xx/CVE-2023-1110.json) (`2023-08-22T13:07:10.533`) +* [CVE-2023-0579](CVE-2023/CVE-2023-05xx/CVE-2023-0579.json) (`2023-08-22T13:07:29.467`) +* [CVE-2023-0274](CVE-2023/CVE-2023-02xx/CVE-2023-0274.json) (`2023-08-22T13:07:47.103`) +* [CVE-2023-30785](CVE-2023/CVE-2023-307xx/CVE-2023-30785.json) (`2023-08-22T13:18:07.123`) +* [CVE-2023-30784](CVE-2023/CVE-2023-307xx/CVE-2023-30784.json) (`2023-08-22T13:18:28.450`) +* [CVE-2023-30782](CVE-2023/CVE-2023-307xx/CVE-2023-30782.json) (`2023-08-22T13:19:16.573`) +* [CVE-2023-30473](CVE-2023/CVE-2023-304xx/CVE-2023-30473.json) (`2023-08-22T13:20:41.600`) +* [CVE-2023-38896](CVE-2023/CVE-2023-388xx/CVE-2023-38896.json) (`2023-08-22T13:30:00.137`) +* [CVE-2023-38850](CVE-2023/CVE-2023-388xx/CVE-2023-38850.json) (`2023-08-22T13:30:25.907`) +* [CVE-2023-4368](CVE-2023/CVE-2023-43xx/CVE-2023-4368.json) (`2023-08-22T13:42:31.027`) ## Download and Usage