From ed995057afe251c16d9723911bb35500d277c3d7 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 16 Aug 2023 14:00:35 +0000 Subject: [PATCH] Auto-Update: 2023-08-16T14:00:31.746165+00:00 --- CVE-2020/CVE-2020-260xx/CVE-2020-26037.json | 28 ++++ CVE-2022/CVE-2022-47xx/CVE-2022-4782.json | 32 +++++ CVE-2023/CVE-2023-00xx/CVE-2023-0058.json | 36 ++++++ CVE-2023/CVE-2023-02xx/CVE-2023-0274.json | 32 +++++ CVE-2023/CVE-2023-05xx/CVE-2023-0551.json | 36 ++++++ CVE-2023/CVE-2023-05xx/CVE-2023-0579.json | 32 +++++ CVE-2023/CVE-2023-11xx/CVE-2023-1110.json | 32 +++++ CVE-2023/CVE-2023-14xx/CVE-2023-1465.json | 32 +++++ CVE-2023/CVE-2023-19xx/CVE-2023-1977.json | 32 +++++ CVE-2023/CVE-2023-205xx/CVE-2023-20560.json | 4 +- CVE-2023/CVE-2023-205xx/CVE-2023-20564.json | 4 +- CVE-2023/CVE-2023-21xx/CVE-2023-2122.json | 32 +++++ CVE-2023/CVE-2023-21xx/CVE-2023-2123.json | 36 ++++++ CVE-2023/CVE-2023-22xx/CVE-2023-2225.json | 32 +++++ CVE-2023/CVE-2023-22xx/CVE-2023-2254.json | 32 +++++ CVE-2023/CVE-2023-22xx/CVE-2023-2271.json | 32 +++++ CVE-2023/CVE-2023-22xx/CVE-2023-2272.json | 32 +++++ CVE-2023/CVE-2023-261xx/CVE-2023-26140.json | 4 +- CVE-2023/CVE-2023-304xx/CVE-2023-30473.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30779.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30782.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30784.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30785.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30786.json | 4 +- CVE-2023/CVE-2023-308xx/CVE-2023-30871.json | 4 +- CVE-2023/CVE-2023-314xx/CVE-2023-31448.json | 6 +- CVE-2023/CVE-2023-314xx/CVE-2023-31449.json | 6 +- CVE-2023/CVE-2023-314xx/CVE-2023-31450.json | 6 +- CVE-2023/CVE-2023-314xx/CVE-2023-31452.json | 6 +- CVE-2023/CVE-2023-324xx/CVE-2023-32494.json | 55 ++++++++ CVE-2023/CVE-2023-325xx/CVE-2023-32560.json | 61 ++++++++- CVE-2023/CVE-2023-325xx/CVE-2023-32561.json | 61 ++++++++- CVE-2023/CVE-2023-327xx/CVE-2023-32781.json | 6 +- CVE-2023/CVE-2023-327xx/CVE-2023-32782.json | 6 +- CVE-2023/CVE-2023-365xx/CVE-2023-36530.json | 47 ++++++- CVE-2023/CVE-2023-375xx/CVE-2023-37581.json | 6 +- CVE-2023/CVE-2023-395xx/CVE-2023-39507.json | 4 +- CVE-2023/CVE-2023-398xx/CVE-2023-39849.json | 4 +- CVE-2023/CVE-2023-398xx/CVE-2023-39850.json | 4 +- CVE-2023/CVE-2023-398xx/CVE-2023-39851.json | 4 +- CVE-2023/CVE-2023-399xx/CVE-2023-39962.json | 131 ++++++++++++++++++- CVE-2023/CVE-2023-399xx/CVE-2023-39963.json | 136 +++++++++++++++++++- CVE-2023/CVE-2023-39xx/CVE-2023-3958.json | 4 +- CVE-2023/CVE-2023-402xx/CVE-2023-40224.json | 63 ++++++++- CVE-2023/CVE-2023-42xx/CVE-2023-4241.json | 4 +- CVE-2023/CVE-2023-43xx/CVE-2023-4374.json | 4 +- CVE-2023/CVE-2023-43xx/CVE-2023-4381.json | 59 +++++++++ README.md | 60 +++++++-- 48 files changed, 1181 insertions(+), 90 deletions(-) create mode 100644 CVE-2020/CVE-2020-260xx/CVE-2020-26037.json create mode 100644 CVE-2022/CVE-2022-47xx/CVE-2022-4782.json create mode 100644 CVE-2023/CVE-2023-00xx/CVE-2023-0058.json create mode 100644 CVE-2023/CVE-2023-02xx/CVE-2023-0274.json create mode 100644 CVE-2023/CVE-2023-05xx/CVE-2023-0551.json create mode 100644 CVE-2023/CVE-2023-05xx/CVE-2023-0579.json create mode 100644 CVE-2023/CVE-2023-11xx/CVE-2023-1110.json create mode 100644 CVE-2023/CVE-2023-14xx/CVE-2023-1465.json create mode 100644 CVE-2023/CVE-2023-19xx/CVE-2023-1977.json create mode 100644 CVE-2023/CVE-2023-21xx/CVE-2023-2122.json create mode 100644 CVE-2023/CVE-2023-21xx/CVE-2023-2123.json create mode 100644 CVE-2023/CVE-2023-22xx/CVE-2023-2225.json create mode 100644 CVE-2023/CVE-2023-22xx/CVE-2023-2254.json create mode 100644 CVE-2023/CVE-2023-22xx/CVE-2023-2271.json create mode 100644 CVE-2023/CVE-2023-22xx/CVE-2023-2272.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32494.json create mode 100644 CVE-2023/CVE-2023-43xx/CVE-2023-4381.json diff --git a/CVE-2020/CVE-2020-260xx/CVE-2020-26037.json b/CVE-2020/CVE-2020-260xx/CVE-2020-26037.json new file mode 100644 index 00000000000..c034bc119bd --- /dev/null +++ b/CVE-2020/CVE-2020-260xx/CVE-2020-26037.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2020-26037", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-16T13:15:10.413", + "lastModified": "2023-08-16T13:15:10.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://even.com", + "source": "cve@mitre.org" + }, + { + "url": "http://punkbuster.com", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/@prizmant/hacking-punkbuster-e22e6cf2f36e", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-47xx/CVE-2022-4782.json b/CVE-2022/CVE-2022-47xx/CVE-2022-4782.json new file mode 100644 index 00000000000..10e560f84d3 --- /dev/null +++ b/CVE-2022/CVE-2022-47xx/CVE-2022-4782.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2022-4782", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:11.540", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/d3a0468a-8405-4b6c-800f-abd5ce5387b5", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0058.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0058.json new file mode 100644 index 00000000000..355a4c9b83d --- /dev/null +++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0058.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-0058", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:11.977", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/0e677df9-2c49-42f0-a8e2-dbcf85bfc1a2", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-02xx/CVE-2023-0274.json b/CVE-2023/CVE-2023-02xx/CVE-2023-0274.json new file mode 100644 index 00000000000..88a0197fbe9 --- /dev/null +++ b/CVE-2023/CVE-2023-02xx/CVE-2023-0274.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-0274", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:12.067", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/4f6197b6-6d4c-4986-b54c-453b17e94812", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-05xx/CVE-2023-0551.json b/CVE-2023/CVE-2023-05xx/CVE-2023-0551.json new file mode 100644 index 00000000000..c582ccb0152 --- /dev/null +++ b/CVE-2023/CVE-2023-05xx/CVE-2023-0551.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-0551", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:12.150", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/de162a46-1fdb-47b9-9a61-f12a2c655a7d", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-05xx/CVE-2023-0579.json b/CVE-2023/CVE-2023-05xx/CVE-2023-0579.json new file mode 100644 index 00000000000..ca6c5008f2e --- /dev/null +++ b/CVE-2023/CVE-2023-05xx/CVE-2023-0579.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-0579", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:12.233", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/574f7607-96d8-4ef8-b96c-0425ad7e7690", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1110.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1110.json new file mode 100644 index 00000000000..e82ad5cead6 --- /dev/null +++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1110.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-1110", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:12.337", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/1830e829-4a43-4d98-8214-eecec6bef694", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1465.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1465.json new file mode 100644 index 00000000000..4b673a5277c --- /dev/null +++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1465.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-1465", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:12.420", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/13f59eb4-0744-4fdb-94b5-886ee6bdd867", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1977.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1977.json new file mode 100644 index 00000000000..bbe346aa705 --- /dev/null +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1977.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-1977", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:12.510", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/842f3b1f-395a-4ea2-b7df-a36f70e8c790", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20560.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20560.json index 1ac92e56776..6da5cc3dd40 100644 --- a/CVE-2023/CVE-2023-205xx/CVE-2023-20560.json +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20560.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20560", "sourceIdentifier": "psirt@amd.com", "published": "2023-08-15T22:15:09.827", - "lastModified": "2023-08-15T22:15:09.827", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20564.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20564.json index 256498a937f..f0928eefaf3 100644 --- a/CVE-2023/CVE-2023-205xx/CVE-2023-20564.json +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20564.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20564", "sourceIdentifier": "psirt@amd.com", "published": "2023-08-15T22:15:11.597", - "lastModified": "2023-08-15T22:15:11.597", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2122.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2122.json new file mode 100644 index 00000000000..b7d693d3cbc --- /dev/null +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2122.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2122", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:12.607", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/936fd93a-428d-4744-a4fc-c8da78dcbe78", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2123.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2123.json new file mode 100644 index 00000000000..d73f6041f29 --- /dev/null +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2123.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-2123", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:12.700", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/daniloalbuqrque/poc-cve-xss-encoded-wp-inventory-manager-plugin", + "source": "contact@wpscan.com" + }, + { + "url": "https://wpscan.com/vulnerability/44448888-cd5d-482e-859e-123e442ce5c1", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2225.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2225.json new file mode 100644 index 00000000000..5188bf0d5b1 --- /dev/null +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2225.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2225", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:12.797", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/0af475ba-5c02-4f62-876d-6235a745bbd6", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2254.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2254.json new file mode 100644 index 00000000000..e8949fd5ca6 --- /dev/null +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2254.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2254", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:12.887", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/8886ec5f-8465-448f-adbd-68a3e84c5dec", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2271.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2271.json new file mode 100644 index 00000000000..323dea436e5 --- /dev/null +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2271.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2271", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:12.967", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/31512f33-c310-4b36-b665-19293097cc8b", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2272.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2272.json new file mode 100644 index 00000000000..ee75229ee2f --- /dev/null +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2272.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2272", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-08-16T12:15:13.053", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/dba60216-2753-40b7-8f2b-6caeba684b2e", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26140.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26140.json index a0fdd565315..6e59e042b07 100644 --- a/CVE-2023/CVE-2023-261xx/CVE-2023-26140.json +++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26140.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26140", "sourceIdentifier": "report@snyk.io", "published": "2023-08-16T05:15:09.810", - "lastModified": "2023-08-16T05:15:09.810", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30473.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30473.json index c04ae70d84a..793001f2754 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30473.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30473.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30473", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-16T10:15:18.813", - "lastModified": "2023-08-16T10:15:18.813", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30779.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30779.json index 6e42f6aec42..65a9926a7ff 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30779.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30779.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30779", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-16T11:15:10.617", - "lastModified": "2023-08-16T11:15:10.617", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30782.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30782.json index 8fc81f13cca..794c70713e6 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30782.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30782.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30782", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-16T10:15:20.897", - "lastModified": "2023-08-16T10:15:20.897", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30784.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30784.json index ce0ce61469b..4ba485c7597 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30784.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30784.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30784", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-16T10:15:21.073", - "lastModified": "2023-08-16T10:15:21.073", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30785.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30785.json index 8354d7f943f..be6b67334da 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30785.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30785.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30785", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-16T10:15:21.230", - "lastModified": "2023-08-16T10:15:21.230", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30786.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30786.json index 174170d43e2..fd13676c300 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30786.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30786.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30786", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-16T10:15:21.380", - "lastModified": "2023-08-16T10:15:21.380", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30871.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30871.json index 04a9162a628..26500cb2537 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30871.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30871.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30871", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-16T11:15:11.100", - "lastModified": "2023-08-16T11:15:11.100", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31448.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31448.json index 216a4e99fb3..abe0599232a 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31448.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31448.json @@ -2,12 +2,12 @@ "id": "CVE-2023-31448", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-09T12:15:09.647", - "lastModified": "2023-08-15T17:35:56.743", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T12:15:13.193", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a HL7 Sensor. When creating this sensor, the user can set the HL7 message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system." + "value": "A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31449.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31449.json index 8a919289b43..6f5fbd54882 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31449.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31449.json @@ -2,12 +2,12 @@ "id": "CVE-2023-31449", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-09T12:15:09.823", - "lastModified": "2023-08-15T17:36:07.090", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T12:15:13.380", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a WMI Custom Sensor. When creating this sensor, the user can set the WQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system." + "value": "A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31450.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31450.json index 395499b92da..ee476b94783 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31450.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31450.json @@ -2,12 +2,12 @@ "id": "CVE-2023-31450", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-09T12:15:09.897", - "lastModified": "2023-08-15T17:35:48.010", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T12:15:13.460", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a SQL Sensor. When creating this sensor, the user can set the SQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. They will be transmitted over the internet to the attacker's machine." + "value": "A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the SQL v2 sensors into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31452.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31452.json index 25104786401..a0ae7035750 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31452.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31452.json @@ -2,12 +2,12 @@ "id": "CVE-2023-31452", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-09T12:15:09.970", - "lastModified": "2023-08-14T17:08:45.520", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T12:15:13.540", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. The NetApp Volume Sensor transmits cleartext credentials over the network when the HTTP protocol is selected. This can be triggered remotely via a CSRF by simply sending a controls/addsensor3.htm link to a logged-in victim." + "value": "A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32494.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32494.json new file mode 100644 index 00000000000..d0c09f0ad4e --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32494.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32494", + "sourceIdentifier": "security_alert@emc.com", + "published": "2023-08-16T13:15:10.867", + "lastModified": "2023-08-16T13:15:10.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nDell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-274" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32560.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32560.json index be8a84b7c4a..1a1f7f89fb2 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32560.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32560.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32560", "sourceIdentifier": "support@hackerone.com", "published": "2023-08-10T20:15:10.200", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T13:04:36.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "support@hackerone.com", @@ -34,10 +56,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.4.1", + "matchCriteriaId": "E1BB2A71-2815-4982-825E-3546E2A7FE83" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32561.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32561.json index 7e434a16ef4..6fdc2aceafa 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32561.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32561.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32561", "sourceIdentifier": "support@hackerone.com", "published": "2023-08-10T20:15:10.287", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T13:04:53.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "support@hackerone.com", @@ -34,10 +56,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.4.1", + "matchCriteriaId": "E1BB2A71-2815-4982-825E-3546E2A7FE83" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32781.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32781.json index f08f6945450..cbda0625f8c 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32781.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32781.json @@ -2,12 +2,12 @@ "id": "CVE-2023-32781", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-09T12:15:10.047", - "lastModified": "2023-08-15T17:36:12.360", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T12:15:13.637", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the HL7 sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution." + "value": "A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32782.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32782.json index c8bb97848ee..1c31809aa6f 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32782.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32782.json @@ -2,12 +2,12 @@ "id": "CVE-2023-32782", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-09T12:15:10.127", - "lastModified": "2023-08-15T17:37:04.170", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T12:15:13.717", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the DICOM sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution." + "value": "A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36530.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36530.json index 9f9541f3210..7ea8ac62ac4 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36530.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36530.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36530", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-10T12:15:11.347", - "lastModified": "2023-08-10T12:43:50.693", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T13:59:24.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:smartypantsplugins:sp_project_\\&_document_manager:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.67", + "matchCriteriaId": "F903DBFE-156F-4E2C-9D68-64C1505CA6D1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manager-plugin-4-67-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37581.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37581.json index 396e7af9478..26bba4f87b2 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37581.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37581.json @@ -2,7 +2,7 @@ "id": "CVE-2023-37581", "sourceIdentifier": "security@apache.org", "published": "2023-08-06T08:15:09.013", - "lastModified": "2023-08-16T09:15:11.027", + "lastModified": "2023-08-16T12:15:13.800", "vulnStatus": "Modified", "descriptions": [ { @@ -75,6 +75,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/1", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/n9mjhhlm7z7b7to646tkvf3otkf21flp", "source": "security@apache.org", diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39507.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39507.json index f3a8ce8a0ea..f352975757d 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39507.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39507.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39507", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-08-16T09:15:11.793", - "lastModified": "2023-08-16T09:15:11.793", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-398xx/CVE-2023-39849.json b/CVE-2023/CVE-2023-398xx/CVE-2023-39849.json index f7d48e3ca82..6838ec47b67 100644 --- a/CVE-2023/CVE-2023-398xx/CVE-2023-39849.json +++ b/CVE-2023/CVE-2023-398xx/CVE-2023-39849.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39849", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-15T22:15:13.937", - "lastModified": "2023-08-15T22:15:13.937", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-398xx/CVE-2023-39850.json b/CVE-2023/CVE-2023-398xx/CVE-2023-39850.json index d50d8bc0891..2f6f59497bc 100644 --- a/CVE-2023/CVE-2023-398xx/CVE-2023-39850.json +++ b/CVE-2023/CVE-2023-398xx/CVE-2023-39850.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39850", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-15T22:15:14.357", - "lastModified": "2023-08-15T22:15:14.357", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-398xx/CVE-2023-39851.json b/CVE-2023/CVE-2023-398xx/CVE-2023-39851.json index 6b571991524..5e13800cf83 100644 --- a/CVE-2023/CVE-2023-398xx/CVE-2023-39851.json +++ b/CVE-2023/CVE-2023-398xx/CVE-2023-39851.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39851", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-15T22:15:14.407", - "lastModified": "2023-08-15T22:15:14.407", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39962.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39962.json index 75eb5e28918..fa5be7f68fa 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39962.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39962.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39962", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-10T18:15:10.603", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T13:54:56.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,119 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "19.0.0", + "versionEndExcluding": "19.0.13.10", + "matchCriteriaId": "D1FB21B8-187A-4F19-AE87-C5A08BA69616" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "20.0.0", + "versionEndExcluding": "20.0.14.15", + "matchCriteriaId": "F5FE3DB7-0047-4B58-879D-43FDDBEAD546" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "21.0.0", + "versionEndExcluding": "21.0.9.13", + "matchCriteriaId": "14CB262E-1288-40F8-ACC3-2F2E507B4362" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "22.0.0", + "versionEndExcluding": "22.2.10.14", + "matchCriteriaId": "916FDFBE-023F-4EC1-947B-8B2F2A0E5E84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "23.0.0", + "versionEndExcluding": "23.0.12.9", + "matchCriteriaId": "881A0D0D-1888-43D8-A22C-FD38D28EB601" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.0.12.5", + "matchCriteriaId": "B2AF81DA-6377-4051-AF70-141FC50E049F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.9", + "matchCriteriaId": "623D58E0-57A0-42B3-8ED6-DF3B988633AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.9", + "matchCriteriaId": "D60D3184-C289-49E8-9FBE-EDA8B927131A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.4", + "matchCriteriaId": "CA187E45-EB4B-468A-9291-FD66B360B2D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.4", + "matchCriteriaId": "2D0FA653-A595-4EC8-9F77-0AD1A4699B07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:*", + "matchCriteriaId": "13650329-BCD1-4FDB-9446-5133C0EDC905" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "DB1974B0-31C5-4E22-9E8C-BD40C6B54D0C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xwxx-2752-w3xm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/nextcloud/server/pull/39323", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://hackerone.com/reports/2047168", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39963.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39963.json index 1134f25f1e5..356f4539609 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39963.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39963.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39963", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-10T18:15:10.813", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T13:39:48.010", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +76,112 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "20.0.0", + "versionEndExcluding": "20.0.14.15", + "matchCriteriaId": "F5FE3DB7-0047-4B58-879D-43FDDBEAD546" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "21.0.0", + "versionEndExcluding": "21.0.9.13", + "matchCriteriaId": "14CB262E-1288-40F8-ACC3-2F2E507B4362" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "22.0.0", + "versionEndExcluding": "22.2.10.14", + "matchCriteriaId": "916FDFBE-023F-4EC1-947B-8B2F2A0E5E84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "23.0.0", + "versionEndExcluding": "23.0.12.9", + "matchCriteriaId": "881A0D0D-1888-43D8-A22C-FD38D28EB601" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.0.12.5", + "matchCriteriaId": "B2AF81DA-6377-4051-AF70-141FC50E049F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.9", + "matchCriteriaId": "623D58E0-57A0-42B3-8ED6-DF3B988633AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.9", + "matchCriteriaId": "D60D3184-C289-49E8-9FBE-EDA8B927131A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.4", + "matchCriteriaId": "CA187E45-EB4B-468A-9291-FD66B360B2D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.4", + "matchCriteriaId": "2D0FA653-A595-4EC8-9F77-0AD1A4699B07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:*", + "matchCriteriaId": "13650329-BCD1-4FDB-9446-5133C0EDC905" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "DB1974B0-31C5-4E22-9E8C-BD40C6B54D0C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j4qm-5q5x-54m5", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/nextcloud/server/pull/39416", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://hackerone.com/reports/2067572", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3958.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3958.json index b662af9369e..2ccd0656003 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3958.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3958.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3958", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-16T05:15:10.220", - "lastModified": "2023-08-16T05:15:10.220", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40224.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40224.json index b0669e2094b..c0c9ff82ff1 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40224.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40224.json @@ -2,19 +2,74 @@ "id": "CVE-2023-40224", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-10T20:15:11.010", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T13:40:53.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "MISP 2.4174 allows XSS in app/View/Events/index.ctp." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:misp:misp:2.4.174:*:*:*:*:*:*:*", + "matchCriteriaId": "41B6B5F0-5F19-48A8-BD25-08E4D3FD7665" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MISP/MISP/commit/0274f8b6332e82317c9529b583d03897adf5883e", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4241.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4241.json index 1f0b17ff53f..adedcba8167 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4241.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4241.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4241", "sourceIdentifier": "cna@cloudflare.com", "published": "2023-08-16T11:15:11.377", - "lastModified": "2023-08-16T11:15:11.377", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4374.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4374.json index 51dacf769b1..461e3abe7c0 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4374.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4374.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4374", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-16T05:15:10.357", - "lastModified": "2023-08-16T05:15:10.357", - "vulnStatus": "Received", + "lastModified": "2023-08-16T12:02:41.873", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4381.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4381.json new file mode 100644 index 00000000000..ff17352cd52 --- /dev/null +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4381.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4381", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-08-16T12:15:13.973", + "lastModified": "2023-08-16T12:16:08.247", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-620" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/instantsoft/icms2/commit/58f8b9941b53b606a1b15a4364005cd2b1965507", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/666c2617-e3e9-4955-9c97-2f8ed5262cc3", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 38d02094b51..7c7a97eace7 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-16T12:00:29.517485+00:00 +2023-08-16T14:00:31.746165+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-16T11:15:11.377000+00:00 +2023-08-16T13:59:24.893000+00:00 ``` ### Last Data Feed Release @@ -29,27 +29,61 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222779 +222796 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `17` -* [CVE-2023-30473](CVE-2023/CVE-2023-304xx/CVE-2023-30473.json) (`2023-08-16T10:15:18.813`) -* [CVE-2023-30782](CVE-2023/CVE-2023-307xx/CVE-2023-30782.json) (`2023-08-16T10:15:20.897`) -* [CVE-2023-30784](CVE-2023/CVE-2023-307xx/CVE-2023-30784.json) (`2023-08-16T10:15:21.073`) -* [CVE-2023-30785](CVE-2023/CVE-2023-307xx/CVE-2023-30785.json) (`2023-08-16T10:15:21.230`) -* [CVE-2023-30786](CVE-2023/CVE-2023-307xx/CVE-2023-30786.json) (`2023-08-16T10:15:21.380`) -* [CVE-2023-30779](CVE-2023/CVE-2023-307xx/CVE-2023-30779.json) (`2023-08-16T11:15:10.617`) -* [CVE-2023-30871](CVE-2023/CVE-2023-308xx/CVE-2023-30871.json) (`2023-08-16T11:15:11.100`) -* [CVE-2023-4241](CVE-2023/CVE-2023-42xx/CVE-2023-4241.json) (`2023-08-16T11:15:11.377`) +* [CVE-2020-26037](CVE-2020/CVE-2020-260xx/CVE-2020-26037.json) (`2023-08-16T13:15:10.413`) +* [CVE-2022-4782](CVE-2022/CVE-2022-47xx/CVE-2022-4782.json) (`2023-08-16T12:15:11.540`) +* [CVE-2023-0058](CVE-2023/CVE-2023-00xx/CVE-2023-0058.json) (`2023-08-16T12:15:11.977`) +* [CVE-2023-0274](CVE-2023/CVE-2023-02xx/CVE-2023-0274.json) (`2023-08-16T12:15:12.067`) +* [CVE-2023-0551](CVE-2023/CVE-2023-05xx/CVE-2023-0551.json) (`2023-08-16T12:15:12.150`) +* [CVE-2023-0579](CVE-2023/CVE-2023-05xx/CVE-2023-0579.json) (`2023-08-16T12:15:12.233`) +* [CVE-2023-1110](CVE-2023/CVE-2023-11xx/CVE-2023-1110.json) (`2023-08-16T12:15:12.337`) +* [CVE-2023-1465](CVE-2023/CVE-2023-14xx/CVE-2023-1465.json) (`2023-08-16T12:15:12.420`) +* [CVE-2023-1977](CVE-2023/CVE-2023-19xx/CVE-2023-1977.json) (`2023-08-16T12:15:12.510`) +* [CVE-2023-2122](CVE-2023/CVE-2023-21xx/CVE-2023-2122.json) (`2023-08-16T12:15:12.607`) +* [CVE-2023-2123](CVE-2023/CVE-2023-21xx/CVE-2023-2123.json) (`2023-08-16T12:15:12.700`) +* [CVE-2023-2225](CVE-2023/CVE-2023-22xx/CVE-2023-2225.json) (`2023-08-16T12:15:12.797`) +* [CVE-2023-2254](CVE-2023/CVE-2023-22xx/CVE-2023-2254.json) (`2023-08-16T12:15:12.887`) +* [CVE-2023-2271](CVE-2023/CVE-2023-22xx/CVE-2023-2271.json) (`2023-08-16T12:15:12.967`) +* [CVE-2023-2272](CVE-2023/CVE-2023-22xx/CVE-2023-2272.json) (`2023-08-16T12:15:13.053`) +* [CVE-2023-4381](CVE-2023/CVE-2023-43xx/CVE-2023-4381.json) (`2023-08-16T12:15:13.973`) +* [CVE-2023-32494](CVE-2023/CVE-2023-324xx/CVE-2023-32494.json) (`2023-08-16T13:15:10.867`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `30` +* [CVE-2023-26140](CVE-2023/CVE-2023-261xx/CVE-2023-26140.json) (`2023-08-16T12:02:41.873`) +* [CVE-2023-3958](CVE-2023/CVE-2023-39xx/CVE-2023-3958.json) (`2023-08-16T12:02:41.873`) +* [CVE-2023-4374](CVE-2023/CVE-2023-43xx/CVE-2023-4374.json) (`2023-08-16T12:02:41.873`) +* [CVE-2023-39507](CVE-2023/CVE-2023-395xx/CVE-2023-39507.json) (`2023-08-16T12:02:41.873`) +* [CVE-2023-30473](CVE-2023/CVE-2023-304xx/CVE-2023-30473.json) (`2023-08-16T12:02:41.873`) +* [CVE-2023-30782](CVE-2023/CVE-2023-307xx/CVE-2023-30782.json) (`2023-08-16T12:02:41.873`) +* [CVE-2023-30784](CVE-2023/CVE-2023-307xx/CVE-2023-30784.json) (`2023-08-16T12:02:41.873`) +* [CVE-2023-30785](CVE-2023/CVE-2023-307xx/CVE-2023-30785.json) (`2023-08-16T12:02:41.873`) +* [CVE-2023-30786](CVE-2023/CVE-2023-307xx/CVE-2023-30786.json) (`2023-08-16T12:02:41.873`) +* [CVE-2023-30779](CVE-2023/CVE-2023-307xx/CVE-2023-30779.json) (`2023-08-16T12:02:41.873`) +* [CVE-2023-30871](CVE-2023/CVE-2023-308xx/CVE-2023-30871.json) (`2023-08-16T12:02:41.873`) +* [CVE-2023-4241](CVE-2023/CVE-2023-42xx/CVE-2023-4241.json) (`2023-08-16T12:02:41.873`) +* [CVE-2023-31448](CVE-2023/CVE-2023-314xx/CVE-2023-31448.json) (`2023-08-16T12:15:13.193`) +* [CVE-2023-31449](CVE-2023/CVE-2023-314xx/CVE-2023-31449.json) (`2023-08-16T12:15:13.380`) +* [CVE-2023-31450](CVE-2023/CVE-2023-314xx/CVE-2023-31450.json) (`2023-08-16T12:15:13.460`) +* [CVE-2023-31452](CVE-2023/CVE-2023-314xx/CVE-2023-31452.json) (`2023-08-16T12:15:13.540`) +* [CVE-2023-32781](CVE-2023/CVE-2023-327xx/CVE-2023-32781.json) (`2023-08-16T12:15:13.637`) +* [CVE-2023-32782](CVE-2023/CVE-2023-327xx/CVE-2023-32782.json) (`2023-08-16T12:15:13.717`) +* [CVE-2023-37581](CVE-2023/CVE-2023-375xx/CVE-2023-37581.json) (`2023-08-16T12:15:13.800`) +* [CVE-2023-32560](CVE-2023/CVE-2023-325xx/CVE-2023-32560.json) (`2023-08-16T13:04:36.617`) +* [CVE-2023-32561](CVE-2023/CVE-2023-325xx/CVE-2023-32561.json) (`2023-08-16T13:04:53.757`) +* [CVE-2023-39963](CVE-2023/CVE-2023-399xx/CVE-2023-39963.json) (`2023-08-16T13:39:48.010`) +* [CVE-2023-40224](CVE-2023/CVE-2023-402xx/CVE-2023-40224.json) (`2023-08-16T13:40:53.350`) +* [CVE-2023-39962](CVE-2023/CVE-2023-399xx/CVE-2023-39962.json) (`2023-08-16T13:54:56.917`) +* [CVE-2023-36530](CVE-2023/CVE-2023-365xx/CVE-2023-36530.json) (`2023-08-16T13:59:24.893`) ## Download and Usage