admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-31T06:00:24.992806+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-05-31 06:00:28 +00:00
parent f06901437a
commit e9d146dfae
8 changed files with 382 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2023/CVE-2023-16xx/CVE-2023-1661.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-1661",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T04:15:09.893",
"lastModified": "2023-05-31T04:15:09.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/display-metadata/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f90c0d8-ede6-4f24-870f-19e888238e93?source=cve",
"source": "security@wordfence.com"
}
]
}

67
CVE-2023/CVE-2023-23xx/CVE-2023-2304.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-2304",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T05:15:10.260",
"lastModified": "2023-05-31T05:15:10.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/favorites/tags/2.3.2/app/API/Shortcodes/UserFavoritesShortcode.php#L57",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/favorites/tags/2.3.2/assets/js/favorites.js#L421",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2919192%40favorites&old=2805323%40favorites&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5bd03cd0-34f0-491c-8247-79656eba32a8?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-24xx/CVE-2023-2434.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2434",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T04:15:10.070",
"lastModified": "2023-05-31T04:15:10.070",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-nested-pages/tags/3.2.3/app/Form/Listeners/ResetSettings.php#L12",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2919175%40wp-nested-pages&old=2814681%40wp-nested-pages&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c3e61e9-3610-41b5-9820-28012dc657fd?source=cve",
"source": "security@wordfence.com"
}
]
}

55
CVE-2023/CVE-2023-255xx/CVE-2023-25539.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25539",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-05-31T05:15:09.537",
"lastModified": "2023-05-31T05:15:09.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability",
"source": "security_alert@emc.com"
}
]
}

59
CVE-2023/CVE-2023-261xx/CVE-2023-26131.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-26131",
"sourceIdentifier": "report@snyk.io",
"published": "2023-05-31T05:15:10.180",
"lastModified": "2023-05-31T05:15:10.180",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the themes.NoPage(filename, theme) function due to improper user input sanitization. Exploiting this vulnerability is possible when a file/resource is not found.\r\r"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/engine/handlers.go%23L512",
"source": "report@snyk.io"
},
{
"url": "https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/engine/handlers.go%23L514",
"source": "report@snyk.io"
},
{
"url": "https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/themes/html.go%23L145",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMXYPROTOALGERNONENGINE-3312111",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMXYPROTOALGERNONTHEMES-3312112",
"source": "report@snyk.io"
}
]
}

6
CVE-2023/CVE-2023-284xx/CVE-2023-28488.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28488",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-12T16:15:19.353",
"lastModified": "2023-04-21T19:15:07.030",
"lastModified": "2023-05-31T04:15:09.993",
"vulnStatus": "Modified",
"descriptions": [
{
@ -85,6 +85,10 @@
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00024.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5416",
"source": "cve@mitre.org"
}
]
}

63
CVE-2023/CVE-2023-28xx/CVE-2023-2836.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2836",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T04:15:10.200",
"lastModified": "2023-05-31T04:15:10.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Don-H50/wp-vul/blob/main/CPF-xss-exploit.md",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2917582/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de11636b-a051-4e76-bc26-ed76f66fe0df?source=cve",
"source": "security@wordfence.com"
}
]
}

24
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-31T04:00:24.996249+00:00
2023-05-31T06:00:24.992806+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-31T03:15:09.713000+00:00
2023-05-31T05:15:10.260000+00:00
```
### Last Data Feed Release
@ -29,28 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
216476
216482
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `6`
* [CVE-2014-125103](CVE-2014/CVE-2014-1251xx/CVE-2014-125103.json) (`2023-05-31T03:15:09.077`)
* [CVE-2015-10107](CVE-2015/CVE-2015-101xx/CVE-2015-10107.json) (`2023-05-31T03:15:09.157`)
* [CVE-2023-2435](CVE-2023/CVE-2023-24xx/CVE-2023-2435.json) (`2023-05-31T03:15:09.313`)
* [CVE-2023-2436](CVE-2023/CVE-2023-24xx/CVE-2023-2436.json) (`2023-05-31T03:15:09.380`)
* [CVE-2023-2545](CVE-2023/CVE-2023-25xx/CVE-2023-2545.json) (`2023-05-31T03:15:09.443`)
* [CVE-2023-2547](CVE-2023/CVE-2023-25xx/CVE-2023-2547.json) (`2023-05-31T03:15:09.510`)
* [CVE-2023-2549](CVE-2023/CVE-2023-25xx/CVE-2023-2549.json) (`2023-05-31T03:15:09.577`)
* [CVE-2023-2987](CVE-2023/CVE-2023-29xx/CVE-2023-2987.json) (`2023-05-31T03:15:09.643`)
* [CVE-2023-1661](CVE-2023/CVE-2023-16xx/CVE-2023-1661.json) (`2023-05-31T04:15:09.893`)
* [CVE-2023-2434](CVE-2023/CVE-2023-24xx/CVE-2023-2434.json) (`2023-05-31T04:15:10.070`)
* [CVE-2023-2836](CVE-2023/CVE-2023-28xx/CVE-2023-2836.json) (`2023-05-31T04:15:10.200`)
* [CVE-2023-25539](CVE-2023/CVE-2023-255xx/CVE-2023-25539.json) (`2023-05-31T05:15:09.537`)
* [CVE-2023-26131](CVE-2023/CVE-2023-261xx/CVE-2023-26131.json) (`2023-05-31T05:15:10.180`)
* [CVE-2023-2304](CVE-2023/CVE-2023-23xx/CVE-2023-2304.json) (`2023-05-31T05:15:10.260`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
* [CVE-2023-32700](CVE-2023/CVE-2023-327xx/CVE-2023-32700.json) (`2023-05-31T03:15:09.713`)
* [CVE-2023-28488](CVE-2023/CVE-2023-284xx/CVE-2023-28488.json) (`2023-05-31T04:15:09.993`)
## Download and Usage