Auto-Update: 2023-08-30T04:00:25.101061+00:00

2025-05-08 19:47:09 +00:00 · 2023-08-30 04:00:28 +00:00 · 2023-08-30 04:00:28 +00:00 · d47f8b2ce6
commit d47f8b2ce6
parent aa418d788d
9 changed files with 272 additions and 32 deletions
--- a/CVE-2023/CVE-2023-373xx/CVE-2023-37369.json
+++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37369.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37369",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-08-20T07:15:08.963",
-  "lastModified": "2023-08-24T20:24:38.260",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-08-30T03:15:08.670",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -115,6 +115,14 @@
        "Mailing List",
        "Third Party Advisory"
      ]
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/",
+      "source": "cve@mitre.org"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-412xx/CVE-2023-41269.json
+++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41269.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-41269",
+  "sourceIdentifier": "PSIRT@samsung.com",
+  "published": "2023-08-30T02:15:08.350",
+  "lastModified": "2023-08-30T02:15:08.350",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2023/CVE-2023-45xx/CVE-2023-4525.json
+++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4525.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-4525",
+  "sourceIdentifier": "mandiant-cve@google.com",
+  "published": "2023-08-30T02:15:09.063",
+  "lastModified": "2023-08-30T02:15:09.063",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2023/CVE-2023-45xx/CVE-2023-4526.json
+++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4526.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-4526",
+  "sourceIdentifier": "mandiant-cve@google.com",
+  "published": "2023-08-30T02:15:09.210",
+  "lastModified": "2023-08-30T02:15:09.210",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2023/CVE-2023-45xx/CVE-2023-4596.json
+++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4596.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-4596",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-08-30T02:15:09.353",
+  "lastModified": "2023-08-30T02:15:09.353",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2954409/forminator/trunk/library/fields/postdata.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.exploit-db.com/exploits/51664",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-45xx/CVE-2023-4597.json
+++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4597.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-4597",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-08-30T02:15:09.660",
+  "lastModified": "2023-08-30T02:15:09.660",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.0.9/wp-slimstat.php#L892",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52aee4b8-f494-4eeb-8357-71ce8d5bc656?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-45xx/CVE-2023-4599.json
+++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4599.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-4599",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-08-30T02:15:09.870",
+  "lastModified": "2023-08-30T02:15:09.870",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.1.7/core/includes/classes/class-email-encoder-bundle-run.php#L529",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/2958823/email-encoder-bundle#file60",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e90f04e4-eb4c-4822-89c6-79f553987c37?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-46xx/CVE-2023-4609.json
+++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4609.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-4609",
+  "sourceIdentifier": "psirt@tigera.io",
+  "published": "2023-08-30T02:15:10.157",
+  "lastModified": "2023-08-30T02:15:10.157",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-08-30T02:00:24.992635+00:00
+2023-08-30T04:00:25.101061+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-08-30T01:15:37.417000+00:00
+2023-08-30T03:15:08.670000+00:00
 ```

 ### Last Data Feed Release
@ -29,44 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-223642
+223649
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `7`

+* [CVE-2023-41269](CVE-2023/CVE-2023-412xx/CVE-2023-41269.json) (`2023-08-30T02:15:08.350`)
+* [CVE-2023-4525](CVE-2023/CVE-2023-45xx/CVE-2023-4525.json) (`2023-08-30T02:15:09.063`)
+* [CVE-2023-4526](CVE-2023/CVE-2023-45xx/CVE-2023-4526.json) (`2023-08-30T02:15:09.210`)
+* [CVE-2023-4596](CVE-2023/CVE-2023-45xx/CVE-2023-4596.json) (`2023-08-30T02:15:09.353`)
+* [CVE-2023-4597](CVE-2023/CVE-2023-45xx/CVE-2023-4597.json) (`2023-08-30T02:15:09.660`)
+* [CVE-2023-4599](CVE-2023/CVE-2023-45xx/CVE-2023-4599.json) (`2023-08-30T02:15:09.870`)
+* [CVE-2023-4609](CVE-2023/CVE-2023-46xx/CVE-2023-4609.json) (`2023-08-30T02:15:10.157`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `35`
+Recently modified CVEs: `1`

-* [CVE-2021-43845](CVE-2021/CVE-2021-438xx/CVE-2021-43845.json) (`2023-08-30T01:15:29.180`)
-* [CVE-2022-21722](CVE-2022/CVE-2022-217xx/CVE-2022-21722.json) (`2023-08-30T01:15:29.397`)
-* [CVE-2022-21723](CVE-2022/CVE-2022-217xx/CVE-2022-21723.json) (`2023-08-30T01:15:30.153`)
-* [CVE-2022-23537](CVE-2022/CVE-2022-235xx/CVE-2022-23537.json) (`2023-08-30T01:15:30.337`)
-* [CVE-2022-23547](CVE-2022/CVE-2022-235xx/CVE-2022-23547.json) (`2023-08-30T01:15:32.280`)
-* [CVE-2022-23608](CVE-2022/CVE-2022-236xx/CVE-2022-23608.json) (`2023-08-30T01:15:32.583`)
-* [CVE-2022-24754](CVE-2022/CVE-2022-247xx/CVE-2022-24754.json) (`2023-08-30T01:15:35.427`)
-* [CVE-2022-24763](CVE-2022/CVE-2022-247xx/CVE-2022-24763.json) (`2023-08-30T01:15:35.717`)
-* [CVE-2022-24764](CVE-2022/CVE-2022-247xx/CVE-2022-24764.json) (`2023-08-30T01:15:36.040`)
-* [CVE-2022-24793](CVE-2022/CVE-2022-247xx/CVE-2022-24793.json) (`2023-08-30T01:15:36.227`)
-* [CVE-2022-31031](CVE-2022/CVE-2022-310xx/CVE-2022-31031.json) (`2023-08-30T01:15:36.573`)
-* [CVE-2022-39244](CVE-2022/CVE-2022-392xx/CVE-2022-39244.json) (`2023-08-30T01:15:36.887`)
-* [CVE-2023-40827](CVE-2023/CVE-2023-408xx/CVE-2023-40827.json) (`2023-08-29T23:56:57.150`)
-* [CVE-2023-40828](CVE-2023/CVE-2023-408xx/CVE-2023-40828.json) (`2023-08-29T23:57:26.907`)
-* [CVE-2023-34724](CVE-2023/CVE-2023-347xx/CVE-2023-34724.json) (`2023-08-30T00:27:00.350`)
-* [CVE-2023-34725](CVE-2023/CVE-2023-347xx/CVE-2023-34725.json) (`2023-08-30T00:27:32.253`)
-* [CVE-2023-39059](CVE-2023/CVE-2023-390xx/CVE-2023-39059.json) (`2023-08-30T00:30:06.513`)
-* [CVE-2023-40781](CVE-2023/CVE-2023-407xx/CVE-2023-40781.json) (`2023-08-30T00:30:27.107`)
-* [CVE-2023-40825](CVE-2023/CVE-2023-408xx/CVE-2023-40825.json) (`2023-08-30T00:32:16.193`)
-* [CVE-2023-41005](CVE-2023/CVE-2023-410xx/CVE-2023-41005.json) (`2023-08-30T00:33:41.410`)
-* [CVE-2023-41358](CVE-2023/CVE-2023-413xx/CVE-2023-41358.json) (`2023-08-30T00:44:34.590`)
-* [CVE-2023-41359](CVE-2023/CVE-2023-413xx/CVE-2023-41359.json) (`2023-08-30T00:44:45.430`)
-* [CVE-2023-41360](CVE-2023/CVE-2023-413xx/CVE-2023-41360.json) (`2023-08-30T00:44:54.753`)
-* [CVE-2023-41361](CVE-2023/CVE-2023-413xx/CVE-2023-41361.json) (`2023-08-30T00:45:03.640`)
-* [CVE-2023-27585](CVE-2023/CVE-2023-275xx/CVE-2023-27585.json) (`2023-08-30T01:15:37.417`)
+* [CVE-2023-37369](CVE-2023/CVE-2023-373xx/CVE-2023-37369.json) (`2023-08-30T03:15:08.670`)


 ## Download and Usage