admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-22T14:00:31.258845+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-22 14:00:34 +00:00
parent 8ff14d6fba
commit cf43be4bdc
27 changed files with 662 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
CVE-2023/CVE-2023-02xx/CVE-2023-0274.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-0274", "id": "CVE-2023-0274",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.067", "published": "2023-08-16T12:15:12.067",
"lastModified": "2023-08-16T12:16:08.247", "lastModified": "2023-08-22T13:07:47.103",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." "value": "The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:asandia:url_params:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5",
"matchCriteriaId": "C6E0B581-A566-4AE7-8500-EEC3A8BB200E"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/4f6197b6-6d4c-4986-b54c-453b17e94812", "url": "https://wpscan.com/vulnerability/4f6197b6-6d4c-4986-b54c-453b17e94812",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

53
CVE-2023/CVE-2023-05xx/CVE-2023-0579.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-0579", "id": "CVE-2023-0579",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.233", "published": "2023-08-16T12:15:12.233",
"lastModified": "2023-08-16T12:16:08.247", "lastModified": "2023-08-22T13:07:29.467",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks." "value": "The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yarpp:yarpp:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.30.3",
"matchCriteriaId": "BCE6D77C-4087-4EE1-801A-5E46F21ABA03"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/574f7607-96d8-4ef8-b96c-0425ad7e7690", "url": "https://wpscan.com/vulnerability/574f7607-96d8-4ef8-b96c-0425ad7e7690",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

53
CVE-2023/CVE-2023-11xx/CVE-2023-1110.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-1110", "id": "CVE-2023-1110",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.337", "published": "2023-08-16T12:15:12.337",
"lastModified": "2023-08-16T12:16:08.247", "lastModified": "2023-08-22T13:07:10.533",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" "value": "The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yellowyard:yellow_yard_searchbar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.8.12",
"matchCriteriaId": "5A3CEC43-0ECE-4961-9F57-05E90C96858A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/1830e829-4a43-4d98-8214-eecec6bef694", "url": "https://wpscan.com/vulnerability/1830e829-4a43-4d98-8214-eecec6bef694",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

53
CVE-2023/CVE-2023-14xx/CVE-2023-1465.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-1465", "id": "CVE-2023-1465",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-16T12:15:12.420", "published": "2023-08-16T12:15:12.420",
"lastModified": "2023-08-16T12:16:08.247", "lastModified": "2023-08-22T13:06:29.540",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin" "value": "The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpeasypay:wp_easypay:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.1",
"matchCriteriaId": "7A6F8061-778E-4A0C-957C-AE0AE7DA4EED"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/13f59eb4-0744-4fdb-94b5-886ee6bdd867", "url": "https://wpscan.com/vulnerability/13f59eb4-0744-4fdb-94b5-886ee6bdd867",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-259xx/CVE-2023-25913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25913", "id": "CVE-2023-25913",
"sourceIdentifier": "csirt@divd.nl", "sourceIdentifier": "csirt@divd.nl",
"published": "2023-08-21T21:15:07.993", "published": "2023-08-21T21:15:07.993",
"lastModified": "2023-08-21T21:15:07.993", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-259xx/CVE-2023-25914.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25914", "id": "CVE-2023-25914",
"sourceIdentifier": "csirt@divd.nl", "sourceIdentifier": "csirt@divd.nl",
"published": "2023-08-21T21:15:08.970", "published": "2023-08-21T21:15:08.970",
"lastModified": "2023-08-21T21:15:08.970", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-259xx/CVE-2023-25915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25915", "id": "CVE-2023-25915",
"sourceIdentifier": "csirt@divd.nl", "sourceIdentifier": "csirt@divd.nl",
"published": "2023-08-21T21:15:09.170", "published": "2023-08-21T21:15:09.170",
"lastModified": "2023-08-21T21:15:09.170", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

47
CVE-2023/CVE-2023-304xx/CVE-2023-30473.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30473", "id": "CVE-2023-30473",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-16T10:15:18.813", "published": "2023-08-16T10:15:18.813",
"lastModified": "2023-08-16T12:02:41.873", "lastModified": "2023-08-22T13:20:41.600",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icopydoc:yml_for_yandex_market:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.10.7",
"matchCriteriaId": "5CBE6EE1-0D75-40D0-8963-8773D9E85E08"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/yml-for-yandex-market/wordpress-yml-for-yandex-market-plugin-3-10-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/yml-for-yandex-market/wordpress-yml-for-yandex-market-plugin-3-10-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-307xx/CVE-2023-30782.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30782", "id": "CVE-2023-30782",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-16T10:15:20.897", "published": "2023-08-16T10:15:20.897",
"lastModified": "2023-08-16T12:02:41.873", "lastModified": "2023-08-22T13:19:16.573",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:churchadminplugin:church_admin:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.7.5",
"matchCriteriaId": "F79719E7-B08B-4926-8B36-8D870D9FF096"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-3-7-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-3-7-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-307xx/CVE-2023-30784.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30784", "id": "CVE-2023-30784",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-16T10:15:21.073", "published": "2023-08-16T10:15:21.073",
"lastModified": "2023-08-16T12:02:41.873", "lastModified": "2023-08-22T13:18:28.450",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kayastudio:kaya_qr_code_generator:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.2",
"matchCriteriaId": "B84184CC-F341-47C7-A06E-EA309EC58138"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/kaya-qr-code-generator/wordpress-kaya-qr-code-generator-plugin-1-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/kaya-qr-code-generator/wordpress-kaya-qr-code-generator-plugin-1-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-307xx/CVE-2023-30785.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30785", "id": "CVE-2023-30785",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-16T10:15:21.230", "published": "2023-08-16T10:15:21.230",
"lastModified": "2023-08-16T12:02:41.873", "lastModified": "2023-08-22T13:18:07.123",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i13websolution:video_grid:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.21",
"matchCriteriaId": "36B520BD-8A04-4FBA-9E87-7D72D079D003"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/video-grid/wordpress-video-grid-plugin-1-21-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/video-grid/wordpress-video-grid-plugin-1-21-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-367xx/CVE-2023-36787.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36787", "id": "CVE-2023-36787",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-21T20:15:08.637", "published": "2023-08-21T20:15:08.637",
"lastModified": "2023-08-21T20:15:08.637", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-381xx/CVE-2023-38158.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38158", "id": "CVE-2023-38158",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-21T20:15:08.737", "published": "2023-08-21T20:15:08.737",
"lastModified": "2023-08-21T20:15:08.737", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

64
CVE-2023/CVE-2023-388xx/CVE-2023-38850.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-38850", "id": "CVE-2023-38850",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:10.480", "published": "2023-08-15T17:15:10.480",
"lastModified": "2023-08-15T17:15:41.713", "lastModified": "2023-08-22T13:30:25.907",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an attacker to cause a denial of service via the codedoc.c:1742 comppnent." "value": "Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an attacker to cause a denial of service via the codedoc.c:1742 comppnent."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:msweet:codedoc:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B20B4BC-4E97-4EA9-AD35-BD6481E6062C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/michaelrsweet/codedoc/issues/15", "url": "https://github.com/michaelrsweet/codedoc/issues/15",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
} }
] ]
} }

76
CVE-2023/CVE-2023-388xx/CVE-2023-38896.json
View File

@ -2,27 +2,91 @@
"id": "CVE-2023-38896", "id": "CVE-2023-38896",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:12.027", "published": "2023-08-15T17:15:12.027",
"lastModified": "2023-08-15T17:15:41.713", "lastModified": "2023-08-22T13:30:00.137",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions." "value": "An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.0.194",
"matchCriteriaId": "684470ED-FCDD-4CE3-8BD5-7CCAB07F53B7"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/hwchase17/langchain/issues/5872", "url": "https://github.com/hwchase17/langchain/issues/5872",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}, },
{ {
"url": "https://github.com/hwchase17/langchain/pull/6003", "url": "https://github.com/hwchase17/langchain/pull/6003",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://twitter.com/llm_sec/status/1668711587287375876", "url": "https://twitter.com/llm_sec/status/1668711587287375876",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-389xx/CVE-2023-38906.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38906", "id": "CVE-2023-38906",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T00:15:07.920", "published": "2023-08-22T00:15:07.920",
"lastModified": "2023-08-22T00:15:07.920", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-389xx/CVE-2023-38908.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38908", "id": "CVE-2023-38908",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T01:15:08.153", "published": "2023-08-22T01:15:08.153",
"lastModified": "2023-08-22T01:15:08.153", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-389xx/CVE-2023-38909.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38909", "id": "CVE-2023-38909",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T01:15:08.537", "published": "2023-08-22T01:15:08.537",
"lastModified": "2023-08-22T01:15:08.537", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

8
CVE-2023/CVE-2023-403xx/CVE-2023-40352.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40352", "id": "CVE-2023-40352",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T19:15:08.607", "published": "2023-08-21T19:15:08.607",
"lastModified": "2023-08-21T19:15:08.607", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs." "value": "McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs."
},
{
"lang": "es",
"value": "McAfee Safe Connect anterior a la versi\u00f3n 2.16.1.126 puede permitir a un adversario con privilegios de sistema conseguir una escalada de privilegios cargando DLLs arbitrarias. "
} }
], ],
"metrics": {}, "metrics": {},

4
CVE-2023/CVE-2023-43xx/CVE-2023-4301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4301", "id": "CVE-2023-4301",
"sourceIdentifier": "security@opentext.com", "sourceIdentifier": "security@opentext.com",
"published": "2023-08-21T23:15:09.107", "published": "2023-08-21T23:15:09.107",
"lastModified": "2023-08-21T23:15:09.107", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-43xx/CVE-2023-4302.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4302", "id": "CVE-2023-4302",
"sourceIdentifier": "security@opentext.com", "sourceIdentifier": "security@opentext.com",
"published": "2023-08-21T23:15:09.247", "published": "2023-08-21T23:15:09.247",
"lastModified": "2023-08-21T23:15:09.247", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

8
CVE-2023/CVE-2023-43xx/CVE-2023-4303.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4303", "id": "CVE-2023-4303",
"sourceIdentifier": "security@opentext.com", "sourceIdentifier": "security@opentext.com",
"published": "2023-08-21T23:15:09.337", "published": "2023-08-21T23:15:09.337",
"lastModified": "2023-08-21T23:15:09.337", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.\n\n" "value": "Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.\n\n"
},
{
"lang": "es",
"value": "El plugin Jenkins Fortify v22.1.38 y anteriores no escapa el mensaje de error para un m\u00e9todo de validaci\u00f3n de formularios, lo que resulta en una vulnerabilidad de inyecci\u00f3n HTML. "
} }
], ],
"metrics": { "metrics": {

101
CVE-2023/CVE-2023-43xx/CVE-2023-4368.json
View File

@ -2,31 +2,118 @@
"id": "CVE-2023-4368", "id": "CVE-2023-4368",
"sourceIdentifier": "chrome-cve-admin@google.com", "sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-15T18:15:13.597", "published": "2023-08-15T18:15:13.597",
"lastModified": "2023-08-20T03:15:20.517", "lastModified": "2023-08-22T13:42:31.027",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)" "value": "Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "116.0.5845.96",
"matchCriteriaId": "40820217-BB18-474A-8520-109C1635D656"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html", "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html",
"source": "chrome-cve-admin@google.com" "source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://crbug.com/1467751", "url": "https://crbug.com/1467751",
"source": "chrome-cve-admin@google.com" "source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/",
"source": "chrome-cve-admin@google.com" "source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.debian.org/security/2023/dsa-5479", "url": "https://www.debian.org/security/2023/dsa-5479",
"source": "chrome-cve-admin@google.com" "source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-43xx/CVE-2023-4373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4373", "id": "CVE-2023-4373",
"sourceIdentifier": "security@devolutions.net", "sourceIdentifier": "security@devolutions.net",
"published": "2023-08-21T19:15:08.787", "published": "2023-08-21T19:15:08.787",
"lastModified": "2023-08-21T19:15:08.787", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-44xx/CVE-2023-4417.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4417", "id": "CVE-2023-4417",
"sourceIdentifier": "security@devolutions.net", "sourceIdentifier": "security@devolutions.net",
"published": "2023-08-21T19:15:09.187", "published": "2023-08-21T19:15:09.187",
"lastModified": "2023-08-21T19:15:09.187", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-44xx/CVE-2023-4459.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4459", "id": "CVE-2023-4459",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-21T19:15:09.373", "published": "2023-08-21T19:15:09.373",
"lastModified": "2023-08-21T19:15:09.373", "lastModified": "2023-08-22T12:41:26.783",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

34
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-08-22T04:00:33.919170+00:00 2023-08-22T14:00:31.258845+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-08-22T02:22:07.450000+00:00 2023-08-22T13:42:31.027000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -40,11 +40,33 @@ Recently added CVEs: `0`
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `3` Recently modified CVEs: `26`
* [CVE-2023-40283](CVE-2023/CVE-2023-402xx/CVE-2023-40283.json) (`2023-08-22T02:06:18.883`) * [CVE-2023-4373](CVE-2023/CVE-2023-43xx/CVE-2023-4373.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-35082](CVE-2023/CVE-2023-350xx/CVE-2023-35082.json) (`2023-08-22T02:16:30.973`) * [CVE-2023-4417](CVE-2023/CVE-2023-44xx/CVE-2023-4417.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-38860](CVE-2023/CVE-2023-388xx/CVE-2023-38860.json) (`2023-08-22T02:22:07.450`) * [CVE-2023-4459](CVE-2023/CVE-2023-44xx/CVE-2023-4459.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-36787](CVE-2023/CVE-2023-367xx/CVE-2023-36787.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-38158](CVE-2023/CVE-2023-381xx/CVE-2023-38158.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-25913](CVE-2023/CVE-2023-259xx/CVE-2023-25913.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-25914](CVE-2023/CVE-2023-259xx/CVE-2023-25914.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-25915](CVE-2023/CVE-2023-259xx/CVE-2023-25915.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-4301](CVE-2023/CVE-2023-43xx/CVE-2023-4301.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-4302](CVE-2023/CVE-2023-43xx/CVE-2023-4302.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-4303](CVE-2023/CVE-2023-43xx/CVE-2023-4303.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-38906](CVE-2023/CVE-2023-389xx/CVE-2023-38906.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-38908](CVE-2023/CVE-2023-389xx/CVE-2023-38908.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-38909](CVE-2023/CVE-2023-389xx/CVE-2023-38909.json) (`2023-08-22T12:41:26.783`)
* [CVE-2023-1465](CVE-2023/CVE-2023-14xx/CVE-2023-1465.json) (`2023-08-22T13:06:29.540`)
* [CVE-2023-1110](CVE-2023/CVE-2023-11xx/CVE-2023-1110.json) (`2023-08-22T13:07:10.533`)
* [CVE-2023-0579](CVE-2023/CVE-2023-05xx/CVE-2023-0579.json) (`2023-08-22T13:07:29.467`)
* [CVE-2023-0274](CVE-2023/CVE-2023-02xx/CVE-2023-0274.json) (`2023-08-22T13:07:47.103`)
* [CVE-2023-30785](CVE-2023/CVE-2023-307xx/CVE-2023-30785.json) (`2023-08-22T13:18:07.123`)
* [CVE-2023-30784](CVE-2023/CVE-2023-307xx/CVE-2023-30784.json) (`2023-08-22T13:18:28.450`)
* [CVE-2023-30782](CVE-2023/CVE-2023-307xx/CVE-2023-30782.json) (`2023-08-22T13:19:16.573`)
* [CVE-2023-30473](CVE-2023/CVE-2023-304xx/CVE-2023-30473.json) (`2023-08-22T13:20:41.600`)
* [CVE-2023-38896](CVE-2023/CVE-2023-388xx/CVE-2023-38896.json) (`2023-08-22T13:30:00.137`)
* [CVE-2023-38850](CVE-2023/CVE-2023-388xx/CVE-2023-38850.json) (`2023-08-22T13:30:25.907`)
* [CVE-2023-4368](CVE-2023/CVE-2023-43xx/CVE-2023-4368.json) (`2023-08-22T13:42:31.027`)
## Download and Usage ## Download and Usage