Auto-Update: 2023-11-17T03:00:19.686138+00:00

2025-12-19 02:46:10 +00:00 · 2023-11-17 03:00:24 +00:00 · 2023-11-17 03:00:24 +00:00 · d22450784b
commit d22450784b
parent f7d0285ea6
13 changed files with 221 additions and 55 deletions
--- a/CVE-2023/CVE-2023-265xx/CVE-2023-26543.json
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26543.json
@ -2,16 +2,40 @@
  "id": "CVE-2023-26543",
  "sourceIdentifier": "audit@patchstack.com",
  "published": "2023-11-13T01:15:07.610",
-  "lastModified": "2023-11-13T03:16:20.870",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-11-17T00:55:26.230",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin <=\u00a03.1.4 versions."
+    },
+    {
+      "lang": "es",
+      "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon en versiones &lt;= 3.1.4."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      },
      {
        "source": "audit@patchstack.com",
        "type": "Secondary",
@ -46,10 +70,31 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:wp-meteor:wp_meteor:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "3.1.4",
+              "matchCriteriaId": "F7FBCEF2-9329-4405-8ABA-CCC1E0A088A4"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://patchstack.com/database/vulnerability/wp-meteor/wordpress-wp-meteor-page-speed-optimization-topping-plugin-3-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
-      "source": "audit@patchstack.com"
+      "source": "audit@patchstack.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-274xx/CVE-2023-27434.json
+++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27434.json
@ -2,16 +2,40 @@
  "id": "CVE-2023-27434",
  "sourceIdentifier": "audit@patchstack.com",
  "published": "2023-11-13T00:15:08.350",
-  "lastModified": "2023-11-13T03:16:20.870",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-11-17T00:59:13.110",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Classic Editor and Classic Widgets plugin <=\u00a01.2.5 versions."
+    },
+    {
+      "lang": "es",
+      "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WPGrim Classic Editor and Classic Widgets en versiones &lt;= 1.2.5."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      },
      {
        "source": "audit@patchstack.com",
        "type": "Secondary",
@ -46,10 +70,31 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:wpgrim:classic_editor_and_classic_widgets:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "1.2.5",
+              "matchCriteriaId": "5BF9AE0E-76AF-4441-AFAF-A1CB8E4031FA"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://patchstack.com/database/vulnerability/classic-editor-and-classic-widgets/wordpress-classic-editor-and-classic-widgets-plugin-1-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
-      "source": "audit@patchstack.com"
+      "source": "audit@patchstack.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-453xx/CVE-2023-45382.json
+++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45382.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-45382",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-17T02:15:26.387",
+  "lastModified": "2023-11-17T02:15:26.387",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the module \"SoNice Retour\" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://common-services.com/fr/home-fr/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://security.friendsofpresta.org/modules/2023/11/16/sonice_retour.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-453xx/CVE-2023-45387.json
+++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45387.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-45387",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-17T02:15:26.460",
+  "lastModified": "2023-11-17T02:15:26.460",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the module \"Product Catalog (CSV, Excel, XML) Export PRO\" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://addons.prestashop.com/en/data-import-export/18662-product-catalog-csv-excel-xml-export-pro.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://security.friendsofpresta.org/modules/2023/11/16/exportproducts.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-480xx/CVE-2023-48031.json
+++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48031.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-48031",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-17T02:15:26.510",
+  "lastModified": "2023-11-17T02:15:26.510",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://bugplorer.github.io/cve-opensupports/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://nitipoom-jar.github.io/CVE-2023-48031/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-482xx/CVE-2023-48231.json
+++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48231.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-48231",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-11-16T23:15:08.607",
-  "lastModified": "2023-11-16T23:57:47.237",
+  "lastModified": "2023-11-17T01:15:07.273",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -47,6 +47,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/11/16/1",
+      "source": "security-advisories@github.com"
+    },
    {
      "url": "https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a",
      "source": "security-advisories@github.com"
--- a/CVE-2023/CVE-2023-482xx/CVE-2023-48232.json
+++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48232.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-48232",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-11-16T23:15:08.793",
-  "lastModified": "2023-11-16T23:57:47.237",
+  "lastModified": "2023-11-17T01:15:07.363",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -47,6 +47,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/11/16/1",
+      "source": "security-advisories@github.com"
+    },
    {
      "url": "https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce",
      "source": "security-advisories@github.com"
--- a/CVE-2023/CVE-2023-482xx/CVE-2023-48233.json
+++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48233.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-48233",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-11-16T23:15:08.997",
-  "lastModified": "2023-11-16T23:57:47.237",
+  "lastModified": "2023-11-17T01:15:07.440",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -47,6 +47,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/11/16/1",
+      "source": "security-advisories@github.com"
+    },
    {
      "url": "https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78",
      "source": "security-advisories@github.com"
--- a/CVE-2023/CVE-2023-482xx/CVE-2023-48234.json
+++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48234.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-48234",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-11-16T23:15:09.200",
-  "lastModified": "2023-11-16T23:57:47.237",
+  "lastModified": "2023-11-17T01:15:07.523",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -47,6 +47,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/11/16/1",
+      "source": "security-advisories@github.com"
+    },
    {
      "url": "https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca",
      "source": "security-advisories@github.com"
--- a/CVE-2023/CVE-2023-482xx/CVE-2023-48235.json
+++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48235.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-48235",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-11-16T23:15:09.380",
-  "lastModified": "2023-11-16T23:57:47.237",
+  "lastModified": "2023-11-17T01:15:07.600",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -47,6 +47,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/11/16/1",
+      "source": "security-advisories@github.com"
+    },
    {
      "url": "https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200",
      "source": "security-advisories@github.com"
--- a/CVE-2023/CVE-2023-482xx/CVE-2023-48236.json
+++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48236.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-48236",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-11-16T23:15:09.567",
-  "lastModified": "2023-11-16T23:57:47.237",
+  "lastModified": "2023-11-17T01:15:07.677",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -47,6 +47,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/11/16/1",
+      "source": "security-advisories@github.com"
+    },
    {
      "url": "https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968",
      "source": "security-advisories@github.com"
--- a/CVE-2023/CVE-2023-482xx/CVE-2023-48237.json
+++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48237.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-48237",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-11-16T23:15:09.753",
-  "lastModified": "2023-11-16T23:57:47.237",
+  "lastModified": "2023-11-17T01:15:07.760",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -47,6 +47,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/11/16/1",
+      "source": "security-advisories@github.com"
+    },
    {
      "url": "https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e",
      "source": "security-advisories@github.com"
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-11-17T00:55:18.455053+00:00
+2023-11-17T03:00:19.686138+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-11-17T00:48:36.687000+00:00
+2023-11-17T02:15:26.510000+00:00
 ```

 ### Last Data Feed Release
@ -23,61 +23,37 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2023-11-16T01:00:13.557671+00:00
+2023-11-17T01:00:13.542340+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-231004
+231007
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `11`
+Recently added CVEs: `3`

-* [CVE-2023-47025](CVE-2023/CVE-2023-470xx/CVE-2023-47025.json) (`2023-11-16T23:15:08.123`)
-* [CVE-2023-47686](CVE-2023/CVE-2023-476xx/CVE-2023-47686.json) (`2023-11-16T23:15:08.170`)
-* [CVE-2023-47687](CVE-2023/CVE-2023-476xx/CVE-2023-47687.json) (`2023-11-16T23:15:08.380`)
-* [CVE-2023-48231](CVE-2023/CVE-2023-482xx/CVE-2023-48231.json) (`2023-11-16T23:15:08.607`)
-* [CVE-2023-48232](CVE-2023/CVE-2023-482xx/CVE-2023-48232.json) (`2023-11-16T23:15:08.793`)
-* [CVE-2023-48233](CVE-2023/CVE-2023-482xx/CVE-2023-48233.json) (`2023-11-16T23:15:08.997`)
-* [CVE-2023-48234](CVE-2023/CVE-2023-482xx/CVE-2023-48234.json) (`2023-11-16T23:15:09.200`)
-* [CVE-2023-48235](CVE-2023/CVE-2023-482xx/CVE-2023-48235.json) (`2023-11-16T23:15:09.380`)
-* [CVE-2023-48236](CVE-2023/CVE-2023-482xx/CVE-2023-48236.json) (`2023-11-16T23:15:09.567`)
-* [CVE-2023-48237](CVE-2023/CVE-2023-482xx/CVE-2023-48237.json) (`2023-11-16T23:15:09.753`)
-* [CVE-2023-48078](CVE-2023/CVE-2023-480xx/CVE-2023-48078.json) (`2023-11-17T00:15:08.237`)
+* [CVE-2023-45382](CVE-2023/CVE-2023-453xx/CVE-2023-45382.json) (`2023-11-17T02:15:26.387`)
+* [CVE-2023-45387](CVE-2023/CVE-2023-453xx/CVE-2023-45387.json) (`2023-11-17T02:15:26.460`)
+* [CVE-2023-48031](CVE-2023/CVE-2023-480xx/CVE-2023-48031.json) (`2023-11-17T02:15:26.510`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `52`
+Recently modified CVEs: `9`

-* [CVE-2023-28621](CVE-2023/CVE-2023-286xx/CVE-2023-28621.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-32796](CVE-2023/CVE-2023-327xx/CVE-2023-32796.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-32957](CVE-2023/CVE-2023-329xx/CVE-2023-32957.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-34375](CVE-2023/CVE-2023-343xx/CVE-2023-34375.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-36008](CVE-2023/CVE-2023-360xx/CVE-2023-36008.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-36026](CVE-2023/CVE-2023-360xx/CVE-2023-36026.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-39926](CVE-2023/CVE-2023-399xx/CVE-2023-39926.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-46213](CVE-2023/CVE-2023-462xx/CVE-2023-46213.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-46214](CVE-2023/CVE-2023-462xx/CVE-2023-46214.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-6014](CVE-2023/CVE-2023-60xx/CVE-2023-6014.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-6020](CVE-2023/CVE-2023-60xx/CVE-2023-6020.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-40314](CVE-2023/CVE-2023-403xx/CVE-2023-40314.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-47112](CVE-2023/CVE-2023-471xx/CVE-2023-47112.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-47642](CVE-2023/CVE-2023-476xx/CVE-2023-47642.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-47688](CVE-2023/CVE-2023-476xx/CVE-2023-47688.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-48222](CVE-2023/CVE-2023-482xx/CVE-2023-48222.json) (`2023-11-16T23:57:47.237`)
-* [CVE-2023-46733](CVE-2023/CVE-2023-467xx/CVE-2023-46733.json) (`2023-11-16T23:57:53.847`)
-* [CVE-2023-28420](CVE-2023/CVE-2023-284xx/CVE-2023-28420.json) (`2023-11-17T00:00:39.740`)
-* [CVE-2023-26514](CVE-2023/CVE-2023-265xx/CVE-2023-26514.json) (`2023-11-17T00:02:44.783`)
-* [CVE-2023-5408](CVE-2023/CVE-2023-54xx/CVE-2023-5408.json) (`2023-11-17T00:15:08.287`)
-* [CVE-2023-26518](CVE-2023/CVE-2023-265xx/CVE-2023-26518.json) (`2023-11-17T00:30:26.887`)
-* [CVE-2023-26516](CVE-2023/CVE-2023-265xx/CVE-2023-26516.json) (`2023-11-17T00:35:53.427`)
-* [CVE-2023-26524](CVE-2023/CVE-2023-265xx/CVE-2023-26524.json) (`2023-11-17T00:40:48.467`)
-* [CVE-2023-46619](CVE-2023/CVE-2023-466xx/CVE-2023-46619.json) (`2023-11-17T00:47:22.077`)
-* [CVE-2023-46618](CVE-2023/CVE-2023-466xx/CVE-2023-46618.json) (`2023-11-17T00:48:36.687`)
+* [CVE-2023-26543](CVE-2023/CVE-2023-265xx/CVE-2023-26543.json) (`2023-11-17T00:55:26.230`)
+* [CVE-2023-27434](CVE-2023/CVE-2023-274xx/CVE-2023-27434.json) (`2023-11-17T00:59:13.110`)
+* [CVE-2023-48231](CVE-2023/CVE-2023-482xx/CVE-2023-48231.json) (`2023-11-17T01:15:07.273`)
+* [CVE-2023-48232](CVE-2023/CVE-2023-482xx/CVE-2023-48232.json) (`2023-11-17T01:15:07.363`)
+* [CVE-2023-48233](CVE-2023/CVE-2023-482xx/CVE-2023-48233.json) (`2023-11-17T01:15:07.440`)
+* [CVE-2023-48234](CVE-2023/CVE-2023-482xx/CVE-2023-48234.json) (`2023-11-17T01:15:07.523`)
+* [CVE-2023-48235](CVE-2023/CVE-2023-482xx/CVE-2023-48235.json) (`2023-11-17T01:15:07.600`)
+* [CVE-2023-48236](CVE-2023/CVE-2023-482xx/CVE-2023-48236.json) (`2023-11-17T01:15:07.677`)
+* [CVE-2023-48237](CVE-2023/CVE-2023-482xx/CVE-2023-48237.json) (`2023-11-17T01:15:07.760`)


 ## Download and Usage