From edc2c64a29c6cf61e9772994be114fb4944abf13 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 19 Jun 2023 14:00:35 +0000 Subject: [PATCH] Auto-Update: 2023-06-19T14:00:32.040321+00:00 --- CVE-2022/CVE-2022-302xx/CVE-2022-30256.json | 6 +- CVE-2022/CVE-2022-468xx/CVE-2022-46850.json | 55 ++++++++++++++ CVE-2022/CVE-2022-475xx/CVE-2022-47586.json | 55 ++++++++++++++ CVE-2023/CVE-2023-279xx/CVE-2023-27992.json | 55 ++++++++++++++ CVE-2023/CVE-2023-29xx/CVE-2023-2907.json | 55 ++++++++++++++ CVE-2023/CVE-2023-30xx/CVE-2023-3047.json | 6 +- CVE-2023/CVE-2023-30xx/CVE-2023-3048.json | 6 +- CVE-2023/CVE-2023-30xx/CVE-2023-3049.json | 6 +- CVE-2023/CVE-2023-30xx/CVE-2023-3050.json | 6 +- CVE-2023/CVE-2023-311xx/CVE-2023-31137.json | 6 +- CVE-2023/CVE-2023-332xx/CVE-2023-33213.json | 55 ++++++++++++++ CVE-2023/CVE-2023-33xx/CVE-2023-3316.json | 55 ++++++++++++++ CVE-2023/CVE-2023-33xx/CVE-2023-3318.json | 84 +++++++++++++++++++++ CVE-2023/CVE-2023-343xx/CVE-2023-34373.json | 55 ++++++++++++++ README.md | 49 +++++------- 15 files changed, 518 insertions(+), 36 deletions(-) create mode 100644 CVE-2022/CVE-2022-468xx/CVE-2022-46850.json create mode 100644 CVE-2022/CVE-2022-475xx/CVE-2022-47586.json create mode 100644 CVE-2023/CVE-2023-279xx/CVE-2023-27992.json create mode 100644 CVE-2023/CVE-2023-29xx/CVE-2023-2907.json create mode 100644 CVE-2023/CVE-2023-332xx/CVE-2023-33213.json create mode 100644 CVE-2023/CVE-2023-33xx/CVE-2023-3316.json create mode 100644 CVE-2023/CVE-2023-33xx/CVE-2023-3318.json create mode 100644 CVE-2023/CVE-2023-343xx/CVE-2023-34373.json diff --git a/CVE-2022/CVE-2022-302xx/CVE-2022-30256.json b/CVE-2022/CVE-2022-302xx/CVE-2022-30256.json index ee4da8eb79a..68664d12ba5 100644 --- a/CVE-2022/CVE-2022-302xx/CVE-2022-30256.json +++ b/CVE-2022/CVE-2022-302xx/CVE-2022-30256.json @@ -2,7 +2,7 @@ "id": "CVE-2022-30256", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-19T00:15:10.497", - "lastModified": "2023-05-25T04:15:10.027", + "lastModified": "2023-06-19T13:15:09.320", "vulnStatus": "Modified", "descriptions": [ { @@ -72,6 +72,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00019.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VSMLJX25MXGQ6A7UPOGK7VPUVDESPHL/", "source": "cve@mitre.org" diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46850.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46850.json new file mode 100644 index 00000000000..f6d1dbbff15 --- /dev/null +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46850.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-46850", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-19T13:15:09.493", + "lastModified": "2023-06-19T13:15:09.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <=\u00a00.1.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/easy-media-replace/wordpress-easy-media-replace-plugin-0-1-3-arbitrary-file-deletion?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47586.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47586.json new file mode 100644 index 00000000000..e870ce0a1cf --- /dev/null +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47586.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47586", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-19T12:15:09.340", + "lastModified": "2023-06-19T12:15:09.340", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <=\u00a03.1.23 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ultimate-addons-for-contact-form-7/wordpress-ultimate-addons-for-contact-form-7-plugin-3-1-23-sql-injection?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27992.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27992.json new file mode 100644 index 00000000000..f975daebf2d --- /dev/null +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27992.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-27992", + "sourceIdentifier": "security@zyxel.com.tw", + "published": "2023-06-19T12:15:09.433", + "lastModified": "2023-06-19T12:15:09.433", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to\u00a0V5.21(AAZF.14)C0, NAS540 firmware versions prior to\u00a0V5.21(AATB.11)C0, and NAS542\u00a0firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@zyxel.com.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products", + "source": "security@zyxel.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2907.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2907.json new file mode 100644 index 00000000000..70dc91129ac --- /dev/null +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2907.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-2907", + "sourceIdentifier": "cve@usom.gov.tr", + "published": "2023-06-19T13:15:09.580", + "lastModified": "2023-06-19T13:15:09.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0363", + "source": "cve@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3047.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3047.json index 804af5452b9..11121bc9131 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3047.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3047.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3047", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-06-13T12:15:09.477", - "lastModified": "2023-06-13T13:00:37.647", + "lastModified": "2023-06-19T13:15:09.893", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "https://fordefence.com/cve-2023-3047-tmt-lockcell-sql-injection/", + "source": "cve@usom.gov.tr" + }, { "url": "https://www.usom.gov.tr/bildirim/tr-23-0345", "source": "cve@usom.gov.tr" diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3048.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3048.json index 98be2becb25..45df1fdfbc2 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3048.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3048.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3048", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-06-13T12:15:09.573", - "lastModified": "2023-06-13T13:00:37.647", + "lastModified": "2023-06-19T13:15:09.967", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "https://fordefence.com/cve-2023-3048-authorization-bypass-through-user-controlled-key-vulnerability-allows-authentication-abuse-authentication-bypass/", + "source": "cve@usom.gov.tr" + }, { "url": "https://www.usom.gov.tr/bildirim/tr-23-0345", "source": "cve@usom.gov.tr" diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3049.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3049.json index b266ebc99f9..78451a5b1c2 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3049.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3049.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3049", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-06-13T12:15:09.667", - "lastModified": "2023-06-13T13:00:37.647", + "lastModified": "2023-06-19T13:15:10.037", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "https://fordefence.com/cve-2023-3049-unrestricted-upload-of-file-with-dangerous-type-vulnerability-allows-command-injection/", + "source": "cve@usom.gov.tr" + }, { "url": "https://www.usom.gov.tr/bildirim/tr-23-0345", "source": "cve@usom.gov.tr" diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3050.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3050.json index ef1880a7569..35063371622 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3050.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3050.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3050", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-06-13T12:15:09.750", - "lastModified": "2023-06-13T13:00:37.647", + "lastModified": "2023-06-19T13:15:10.107", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "https://fordefence.com/cve-2023-3050-reliance-on-cookies-without-validation-and-integrity-checking-in-a-security-decision-vulnerability-in-tmt-lockcell-allows-privilege-abuse-authentication-bypass/", + "source": "cve@usom.gov.tr" + }, { "url": "https://www.usom.gov.tr/bildirim/tr-23-0345", "source": "cve@usom.gov.tr" diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31137.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31137.json index 7c2785da765..c0b2841ecc8 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31137.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31137.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31137", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-09T14:15:13.607", - "lastModified": "2023-05-25T04:15:10.313", + "lastModified": "2023-06-19T13:15:09.647", "vulnStatus": "Modified", "descriptions": [ { @@ -106,6 +106,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00019.html", + "source": "security-advisories@github.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VSMLJX25MXGQ6A7UPOGK7VPUVDESPHL/", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33213.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33213.json new file mode 100644 index 00000000000..6e6149ba8aa --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33213.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33213", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-19T13:15:09.743", + "lastModified": "2023-06-19T13:15:09.743", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields \u2013 wpView plugin <=\u00a01.3.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wpview/wordpress-wpview-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3316.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3316.json new file mode 100644 index 00000000000..f99a3ce1057 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3316.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3316", + "sourceIdentifier": "reefs@jfrog.com", + "published": "2023-06-19T12:15:09.520", + "lastModified": "2023-06-19T12:15:09.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "reefs@jfrog.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "reefs@jfrog.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/", + "source": "reefs@jfrog.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3318.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3318.json new file mode 100644 index 00000000000..2adf0e72799 --- /dev/null +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3318.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-3318", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-19T13:15:10.173", + "lastModified": "2023-06-19T13:15:10.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231937 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.231937", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.231937", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34373.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34373.json new file mode 100644 index 00000000000..e639a483835 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34373.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34373", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-19T13:15:09.813", + "lastModified": "2023-06-19T13:15:09.813", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <=\u00a03.3.93 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/zephyr-project-manager/wordpress-zephyr-project-manager-plugin-3-3-93-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 63b75e42d86..367cda57371 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-19T12:00:26.464934+00:00 +2023-06-19T14:00:32.040321+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-19T11:15:11.067000+00:00 +2023-06-19T13:15:10.173000+00:00 ``` ### Last Data Feed Release @@ -29,44 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -218059 +218067 ``` ### CVEs added in the last Commit -Recently added CVEs: `38` +Recently added CVEs: `8` -* [CVE-2023-29534](CVE-2023/CVE-2023-295xx/CVE-2023-29534.json) (`2023-06-19T11:15:09.797`) -* [CVE-2023-29542](CVE-2023/CVE-2023-295xx/CVE-2023-29542.json) (`2023-06-19T11:15:09.847`) -* [CVE-2023-29545](CVE-2023/CVE-2023-295xx/CVE-2023-29545.json) (`2023-06-19T11:15:09.890`) -* [CVE-2023-29546](CVE-2023/CVE-2023-295xx/CVE-2023-29546.json) (`2023-06-19T11:15:09.943`) -* [CVE-2023-2221](CVE-2023/CVE-2023-22xx/CVE-2023-2221.json) (`2023-06-19T11:15:09.987`) -* [CVE-2023-2359](CVE-2023/CVE-2023-23xx/CVE-2023-2359.json) (`2023-06-19T11:15:10.043`) -* [CVE-2023-2399](CVE-2023/CVE-2023-23xx/CVE-2023-2399.json) (`2023-06-19T11:15:10.100`) -* [CVE-2023-2401](CVE-2023/CVE-2023-24xx/CVE-2023-2401.json) (`2023-06-19T11:15:10.153`) -* [CVE-2023-2492](CVE-2023/CVE-2023-24xx/CVE-2023-2492.json) (`2023-06-19T11:15:10.213`) -* [CVE-2023-2527](CVE-2023/CVE-2023-25xx/CVE-2023-2527.json) (`2023-06-19T11:15:10.270`) -* [CVE-2023-2600](CVE-2023/CVE-2023-26xx/CVE-2023-2600.json) (`2023-06-19T11:15:10.327`) -* [CVE-2023-2654](CVE-2023/CVE-2023-26xx/CVE-2023-2654.json) (`2023-06-19T11:15:10.380`) -* [CVE-2023-2684](CVE-2023/CVE-2023-26xx/CVE-2023-2684.json) (`2023-06-19T11:15:10.433`) -* [CVE-2023-2719](CVE-2023/CVE-2023-27xx/CVE-2023-2719.json) (`2023-06-19T11:15:10.487`) -* [CVE-2023-2742](CVE-2023/CVE-2023-27xx/CVE-2023-2742.json) (`2023-06-19T11:15:10.543`) -* [CVE-2023-2751](CVE-2023/CVE-2023-27xx/CVE-2023-2751.json) (`2023-06-19T11:15:10.600`) -* [CVE-2023-2779](CVE-2023/CVE-2023-27xx/CVE-2023-2779.json) (`2023-06-19T11:15:10.653`) -* [CVE-2023-2805](CVE-2023/CVE-2023-28xx/CVE-2023-2805.json) (`2023-06-19T11:15:10.710`) -* [CVE-2023-2811](CVE-2023/CVE-2023-28xx/CVE-2023-2811.json) (`2023-06-19T11:15:10.763`) -* [CVE-2023-2812](CVE-2023/CVE-2023-28xx/CVE-2023-2812.json) (`2023-06-19T11:15:10.813`) -* [CVE-2023-2899](CVE-2023/CVE-2023-28xx/CVE-2023-2899.json) (`2023-06-19T11:15:10.867`) -* [CVE-2023-34414](CVE-2023/CVE-2023-344xx/CVE-2023-34414.json) (`2023-06-19T11:15:10.927`) -* [CVE-2023-34415](CVE-2023/CVE-2023-344xx/CVE-2023-34415.json) (`2023-06-19T11:15:10.980`) -* [CVE-2023-34416](CVE-2023/CVE-2023-344xx/CVE-2023-34416.json) (`2023-06-19T11:15:11.023`) -* [CVE-2023-34417](CVE-2023/CVE-2023-344xx/CVE-2023-34417.json) (`2023-06-19T11:15:11.067`) +* [CVE-2022-47586](CVE-2022/CVE-2022-475xx/CVE-2022-47586.json) (`2023-06-19T12:15:09.340`) +* [CVE-2022-46850](CVE-2022/CVE-2022-468xx/CVE-2022-46850.json) (`2023-06-19T13:15:09.493`) +* [CVE-2023-27992](CVE-2023/CVE-2023-279xx/CVE-2023-27992.json) (`2023-06-19T12:15:09.433`) +* [CVE-2023-3316](CVE-2023/CVE-2023-33xx/CVE-2023-3316.json) (`2023-06-19T12:15:09.520`) +* [CVE-2023-2907](CVE-2023/CVE-2023-29xx/CVE-2023-2907.json) (`2023-06-19T13:15:09.580`) +* [CVE-2023-33213](CVE-2023/CVE-2023-332xx/CVE-2023-33213.json) (`2023-06-19T13:15:09.743`) +* [CVE-2023-34373](CVE-2023/CVE-2023-343xx/CVE-2023-34373.json) (`2023-06-19T13:15:09.813`) +* [CVE-2023-3318](CVE-2023/CVE-2023-33xx/CVE-2023-3318.json) (`2023-06-19T13:15:10.173`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `6` +* [CVE-2022-30256](CVE-2022/CVE-2022-302xx/CVE-2022-30256.json) (`2023-06-19T13:15:09.320`) +* [CVE-2023-31137](CVE-2023/CVE-2023-311xx/CVE-2023-31137.json) (`2023-06-19T13:15:09.647`) +* [CVE-2023-3047](CVE-2023/CVE-2023-30xx/CVE-2023-3047.json) (`2023-06-19T13:15:09.893`) +* [CVE-2023-3048](CVE-2023/CVE-2023-30xx/CVE-2023-3048.json) (`2023-06-19T13:15:09.967`) +* [CVE-2023-3049](CVE-2023/CVE-2023-30xx/CVE-2023-3049.json) (`2023-06-19T13:15:10.037`) +* [CVE-2023-3050](CVE-2023/CVE-2023-30xx/CVE-2023-3050.json) (`2023-06-19T13:15:10.107`) ## Download and Usage