diff --git a/CVE-2022/CVE-2022-417xx/CVE-2022-41766.json b/CVE-2022/CVE-2022-417xx/CVE-2022-41766.json index 036fa46f74b..b5e43356202 100644 --- a/CVE-2022/CVE-2022-417xx/CVE-2022-41766.json +++ b/CVE-2022/CVE-2022-417xx/CVE-2022-41766.json @@ -2,19 +2,91 @@ "id": "CVE-2022-41766", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-29T21:15:09.757", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:24:03.163", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.35.8", + "matchCriteriaId": "8641E8E6-E89C-4EE1-A4C2-7DB79F8FCF4A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.36.0", + "versionEndExcluding": "1.37.5", + "matchCriteriaId": "44F278DA-D150-4A87-AEE8-82A52D0DFE3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.38.0", + "versionEndExcluding": "1.38.3", + "matchCriteriaId": "0582934E-BEE2-4D9B-8160-9BF5E1EFD1BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://phabricator.wikimedia.org/T307278", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-46xx/CVE-2022-4676.json b/CVE-2022/CVE-2022-46xx/CVE-2022-4676.json index 526bba4f2a2..2efc3a79f35 100644 --- a/CVE-2022/CVE-2022-46xx/CVE-2022-4676.json +++ b/CVE-2022/CVE-2022-46xx/CVE-2022-4676.json @@ -2,15 +2,38 @@ "id": "CVE-2022-4676", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:09.307", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:27:49.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openstreetmap:openstreetmap:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.01", + "matchCriteriaId": "5CF96C18-0D31-4141-B275-EC1F97B5515D" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/1df3c17c-990d-4074-b1d5-b26da880d88e", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4946.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4946.json new file mode 100644 index 00000000000..56784dc4cf1 --- /dev/null +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4946.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2022-4946", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-05T14:15:09.577", + "lastModified": "2023-06-05T14:22:20.397", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/6e222018-a3e0-4af0-846c-6f00b67dfbc0", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0152.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0152.json new file mode 100644 index 00000000000..e76d09aad37 --- /dev/null +++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0152.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-0152", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-05T14:15:09.660", + "lastModified": "2023-06-05T14:22:20.397", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/8281fce2-6f24-4d3f-895f-4d8694806609", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-04xx/CVE-2023-0443.json b/CVE-2023/CVE-2023-04xx/CVE-2023-0443.json index 84c3f8577d4..d96cf7c3a02 100644 --- a/CVE-2023/CVE-2023-04xx/CVE-2023-0443.json +++ b/CVE-2023/CVE-2023-04xx/CVE-2023-0443.json @@ -2,15 +2,38 @@ "id": "CVE-2023-0443", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:09.460", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:29:56.740", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpvibes:anywhere_elementor:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.8", + "matchCriteriaId": "1347BA0D-58FB-42BB-BA60-5A778E00CF7A" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-05xx/CVE-2023-0545.json b/CVE-2023/CVE-2023-05xx/CVE-2023-0545.json new file mode 100644 index 00000000000..c7014c8183a --- /dev/null +++ b/CVE-2023/CVE-2023-05xx/CVE-2023-0545.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-0545", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-05T14:15:09.727", + "lastModified": "2023-06-05T14:22:20.397", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/b604afc8-61d0-4e98-8950-f3d29f9e9ee1", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0733.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0733.json index 05e716b923d..47a93bc7224 100644 --- a/CVE-2023/CVE-2023-07xx/CVE-2023-0733.json +++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0733.json @@ -2,15 +2,38 @@ "id": "CVE-2023-0733", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:09.523", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:44:50.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:newsletter_popup_project:newsletter_popup:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2", + "matchCriteriaId": "E576E32F-C7DC-4B4D-8F09-026DF0BBEF91" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/fed1e184-ff56-44fe-9876-d17c0156447a", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0766.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0766.json index 6d236440b93..f55ef0282b0 100644 --- a/CVE-2023/CVE-2023-07xx/CVE-2023-0766.json +++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0766.json @@ -2,15 +2,38 @@ "id": "CVE-2023-0766", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:09.590", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:45:46.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wp_newsletter_show_localrecord page is not protected with a nonce." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:newsletter_popup_project:newsletter_popup:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2", + "matchCriteriaId": "E576E32F-C7DC-4B4D-8F09-026DF0BBEF91" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/90a1976c-0348-41ea-90b4-f7a5d9306c88", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0900.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0900.json new file mode 100644 index 00000000000..901e9d46ac5 --- /dev/null +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0900.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-0900", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-05T14:15:09.793", + "lastModified": "2023-06-05T14:22:20.397", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/f601e637-a486-4f3a-9077-4f294ace7ea1", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1524.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1524.json index 88e2d64002b..32fbd9bc262 100644 --- a/CVE-2023/CVE-2023-15xx/CVE-2023-1524.json +++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1524.json @@ -2,15 +2,38 @@ "id": "CVE-2023-1524", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:09.657", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:48:29.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file's password." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdownloadmanager:download_manager:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.2.71", + "matchCriteriaId": "87A3B49E-E8EE-44E0-8216-B895F2263524" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1938.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1938.json index f9167f6523c..0985423b5cc 100644 --- a/CVE-2023/CVE-2023-19xx/CVE-2023-1938.json +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1938.json @@ -2,15 +2,38 @@ "id": "CVE-2023-1938", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:09.713", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:51:30.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind SSRF issue" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.5", + "matchCriteriaId": "C838E3D4-2F7D-4B34-BE77-1E3AEEC21872" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/92b1c6d8-51db-46aa-bde6-abdfb091aab5", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2023.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2023.json index b02ae4419b8..1bc7e8b6394 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2023.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2023.json @@ -2,18 +2,41 @@ "id": "CVE-2023-2023", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:09.787", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:50:11.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -21,12 +44,43 @@ "value": "CWE-79" } ] + }, + { + "source": "contact@wpscan.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:custom_404_pro_project:custom_404_pro:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.7.3", + "matchCriteriaId": "A807E07F-3064-4E3D-82F5-33C7B2ACA0A5" + } + ] + } + ] } ], "references": [ { "url": "https://wpscan.com/vulnerability/8859843a-a8c2-4f7a-8372-67049d6ea317", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2111.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2111.json index 01e8c8741eb..d650687421c 100644 --- a/CVE-2023/CVE-2023-21xx/CVE-2023-2111.json +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2111.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2111", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:09.837", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:50:50.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:groundhogg:hollerbox:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.1.4", + "matchCriteriaId": "FD569333-A885-41BE-BC64-C8AEB8A3FCD1" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/7a0bdd47-c339-489d-9443-f173a83447f2", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2113.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2113.json index a611e8a808a..8e31d19616b 100644 --- a/CVE-2023/CVE-2023-21xx/CVE-2023-2113.json +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2113.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2113", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:09.900", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:52:13.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is disabled, such as in a multisite setup." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autoptimize:autoptimize:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.1.7", + "matchCriteriaId": "EAC8D23A-6712-41A5-832F-0CAC590533A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/ddb4c95d-bbee-4095-aed6-25f6b8e63011", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2117.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2117.json index f5cd55cee2d..af27b337371 100644 --- a/CVE-2023/CVE-2023-21xx/CVE-2023-2117.json +++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2117.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2117", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:09.963", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:52:52.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:10web:image_optimizer:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.27", + "matchCriteriaId": "48C35DA0-C199-4319-A6AB-7EBDB7969E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/44024299-ba40-4da7-81e1-bd44d10846f3", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2223.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2223.json index 53705a61194..655c29c792d 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2223.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2223.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2223", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:10.030", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:53:35.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:12net:login_rebuilder:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.8.1", + "matchCriteriaId": "9C06D0D4-92FB-462E-B05C-078A286D3A34" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/7b356b82-5d03-4f70-b4ce-f1405304bb52", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2224.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2224.json new file mode 100644 index 00000000000..36696b915da --- /dev/null +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2224.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2224", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-05T14:15:09.977", + "lastModified": "2023-06-05T14:22:20.397", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/a76b6d22-1e00-428a-8a04-12162bd0d992", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2256.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2256.json index 95bab06687a..9ef08dfe8cc 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2256.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2256.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2256", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:10.097", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:53:59.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themeisle:product_addons_\\&_fields_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "32.0.7", + "matchCriteriaId": "3C3C9605-32E3-499F-9BBC-E4E92BFBC741" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/1187e041-3be2-4613-8d56-c2394fcc75fb", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2287.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2287.json index 964ae080f4a..30ab86460c9 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2287.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2287.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2287", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:10.157", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:55:48.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themeisle:orbitfox:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.10.24", + "matchCriteriaId": "B83C4892-D1BB-4408-8A25-EDCA9D7E2CD9" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/1b36a184-2138-4a65-8940-07e7764669bb", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2288.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2288.json index 741bff1fce2..cfb845a0a9e 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2288.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2288.json @@ -2,18 +2,41 @@ "id": "CVE-2023-2288", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:10.217", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:57:07.243", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -21,12 +44,43 @@ "value": "CWE-502" } ] + }, + { + "source": "contact@wpscan.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themeisle:otter:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.2.6", + "matchCriteriaId": "8EA26D1F-4E7C-4C53-9132-22838DB5F877" + } + ] + } + ] } ], "references": [ { "url": "https://wpscan.com/vulnerability/93acb4ee-1053-48e1-8b69-c09dc3b2f302", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2296.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2296.json index 3379f0001ee..b116737c168 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2296.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2296.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2296", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:10.280", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:57:38.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:loginizer:loginizer:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.7.9", + "matchCriteriaId": "A221A5D9-7826-4564-959A-E796928B70B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/8126ff73-c0e5-4c1b-ba10-2e51f690521e", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23694.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23694.json index b29ec978fa6..23aff52693c 100644 --- a/CVE-2023/CVE-2023-236xx/CVE-2023-23694.json +++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23694.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23694", "sourceIdentifier": "security_alert@emc.com", "published": "2023-05-23T07:15:10.317", - "lastModified": "2023-06-01T20:44:36.253", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-05T14:15:09.860", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -56,7 +56,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security_alert@emc.com", "type": "Primary", "description": [ { @@ -66,12 +66,12 @@ ] }, { - "source": "security_alert@emc.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-78" } ] } diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2337.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2337.json new file mode 100644 index 00000000000..1211d92dd80 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2337.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2337", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-05T14:15:10.040", + "lastModified": "2023-06-05T14:22:20.397", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/e5a6f834-80a4-406b-acae-57ffeec2e689", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2470.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2470.json index 8f817b422db..6f8cd1377bc 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2470.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2470.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2470", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:10.337", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:58:04.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:add_to_feedly_project:add_to_feedly:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.11", + "matchCriteriaId": "C15E89AC-EFA0-4B4E-ACB7-E91D7DF27B0A" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/de0adf26-8a0b-4b90-96d5-4bec6e770e04", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2472.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2472.json new file mode 100644 index 00000000000..edc589cc896 --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2472.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2472", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-05T14:15:10.110", + "lastModified": "2023-06-05T14:22:20.397", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/b0e7665a-c8c3-4132-b8d7-8677a90118df", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2488.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2488.json new file mode 100644 index 00000000000..ccded602a9b --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2488.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2488", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-05T14:15:10.173", + "lastModified": "2023-06-05T14:22:20.397", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/60226669-0b7b-441f-93d4-b5933e69478f", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2489.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2489.json new file mode 100644 index 00000000000..07560acd108 --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2489.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2489", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-05T14:15:10.243", + "lastModified": "2023-06-05T14:22:20.397", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/dcbe3334-357a-4744-b50c-309d10cca30d", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2503.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2503.json new file mode 100644 index 00000000000..b8e85a9bdd8 --- /dev/null +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2503.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2503", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-05T14:15:10.300", + "lastModified": "2023-06-05T14:22:20.397", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/07b1caf1-d00b-4075-b71a-0516d5604286", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2518.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2518.json index 9c28e4a301e..5980e9c4a70 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2518.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2518.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2518", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:10.390", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:59:11.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yikesinc:easy_forms_for_mailchimp:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.8.8", + "matchCriteriaId": "E2382E30-4FA0-4B0E-B3E2-0942C2BC17BD" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/ca120255-2c50-4906-97f3-ea660486db4c", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2571.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2571.json new file mode 100644 index 00000000000..a8c9c09a587 --- /dev/null +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2571.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2571", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-05T14:15:10.363", + "lastModified": "2023-06-05T14:22:20.397", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/2dc02e5c-1c89-4053-a6a7-29ee7b996183", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2572.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2572.json new file mode 100644 index 00000000000..6db81c69452 --- /dev/null +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2572.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2572", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-05T14:15:10.423", + "lastModified": "2023-06-05T14:22:20.397", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/2f7fe6e6-c3d0-4e27-8222-572d7a420153", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2634.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2634.json new file mode 100644 index 00000000000..ac0e91c6b4b --- /dev/null +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2634.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2634", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-05T14:15:10.483", + "lastModified": "2023-06-05T14:22:20.397", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/1df111aa-6057-47a2-8e8b-9ef5ec3bb472", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2973.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2973.json index babc2f8a07d..78c0639a856 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2973.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2973.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2973", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-30T11:15:09.457", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:59:58.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:students_online_internship_timesheet_system_project:students_online_internship_timesheet_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "52811AC6-44E2-4C1E-9C7A-4545CC7A71C5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ShallowDream888/VulnerabilityReport/blob/main/XSS.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.230204", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.230204", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30253.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30253.json index cc96cdb4b26..cd289b98c49 100644 --- a/CVE-2023/CVE-2023-302xx/CVE-2023-30253.json +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30253.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30253", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-29T21:15:09.813", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:26:28.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,82 @@ "value": "En la versiones anteriores a Dolibarr v17.0.1 se permite la ejecuci\u00f3n remota de c\u00f3digo por un usuario autenticado a trav\u00e9s de una manipulaci\u00f3n de may\u00fasculas, por ejemplo: \"" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.0.1", + "matchCriteriaId": "80E252F5-C5B9-4A86-9A43-2E1C474C6005" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Dolibarr/dolibarr", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.swascan.com/blog/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.swascan.com/security-advisory-dolibarr-17-0-0/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31128.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31128.json index 60168b55b75..26a51316ee2 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31128.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31128.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31128", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-26T22:15:14.797", - "lastModified": "2023-05-28T02:28:04.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:15:52.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,26 +76,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:cookbook:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.9.0", + "versionEndExcluding": "0.9.19", + "matchCriteriaId": "191FEC7E-1FA0-4040-A961-BF2BB5FB726E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/cookbook/blob/a14d6ffc4d45e1447556f68606129dfd6c1505cf/.github/workflows/pull-checks.yml#L67", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/nextcloud/cookbook/commit/489bb744", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/nextcloud/cookbook/commit/a46d98559e2c64292da9ffb06138cccc2e50ae1b", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/nextcloud/cookbook/security/advisories/GHSA-c5pc-mf2f-xq8h", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://securitylab.github.com/research/github-actions-untrusted-input/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32072.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32072.json index bf51b3a071d..3ca81adc662 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32072.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32072.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32072", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-29T21:15:09.893", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T15:42:16.773", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,22 +80,65 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*", + "versionEndExcluding": "14.7-7", + "matchCriteriaId": "0C6D58F3-A54E-4B32-93A9-C8D93855586F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*", + "versionEndExcluding": "14.8.99.60", + "matchCriteriaId": "24769828-A1C7-457C-B409-E0BCEE39CBDD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "14.8", + "versionEndExcluding": "14.8-3", + "matchCriteriaId": "171202C5-61A2-42C5-9A9E-505E2C29FB6D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Enalean/tuleap/commit/6840529def97f564844e810e5a7c5bf837cf58d5", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-6prc-j58r-fmjq", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=6840529def97f564844e810e5a7c5bf837cf58d5", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://tuleap.net/plugins/tracker/?aid=31929", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32676.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32676.json index 99059a3017c..ba8646c708e 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32676.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32676.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32676", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-26T23:15:18.647", - "lastModified": "2023-05-28T02:28:04.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T15:30:07.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:autolabproject:autolab:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.11.0", + "matchCriteriaId": "F025235E-3D41-4053-8167-1D8D94A645FF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/autolab/Autolab/commit/14f508484a8323eceb0cf3a128573b43eabbc80d", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/autolab/Autolab/security/advisories/GHSA-x9hj-r9q4-832c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32695.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32695.json index 18aa9497157..41d20e6849e 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32695.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32695.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32695", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-27T16:15:09.433", - "lastModified": "2023-05-28T02:28:04.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T15:54:48.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +76,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "3.4.0", + "versionEndExcluding": "3.4.3", + "matchCriteriaId": "1DC31C5F-524B-478D-A85F-0D4F4DCCFF28" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "4.0.4", + "versionEndExcluding": "4.2.3", + "matchCriteriaId": "994E08C3-8408-4FA3-AA7A-A2C13CD20AC9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32766.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32766.json new file mode 100644 index 00000000000..d28582951f7 --- /dev/null +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32766.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-32766", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-05T15:15:09.143", + "lastModified": "2023-06-05T15:15:09.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://app.safebase.io/portal/71ccd717-aa2d-4a1e-942e-c768d37e9e0c/preview?product=default&tcuUid=1d505bda-9a38-4ca5-8724-052e6337f34d", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/gitpod-io/gitpod/commit/6771283c3406586e352337675b79ff2ca50f191b", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/gitpod-io/gitpod/compare/release-2022.11.2...2022.11.3", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/gitpod-io/gitpod/pull/17559", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/gitpod-io/gitpod/releases/tag/2022.11.3", + "source": "cve@mitre.org" + }, + { + "url": "https://www.gitpod.io", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33199.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33199.json index 5e4ee2c12c0..c8f66af618f 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33199.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33199.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33199", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-26T23:15:18.960", - "lastModified": "2023-05-28T02:28:04.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-05T14:21:25.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-617" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:rekor:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.0", + "matchCriteriaId": "1C1976D1-6EB8-47F7-B8B9-DBBA7223E2C4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sigstore/rekor/commit/140c5add105179e5ffd9e3e114fd1b6b93aebbd4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/sigstore/rekor/security/advisories/GHSA-frqx-jfcm-6jjr", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33386.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33386.json new file mode 100644 index 00000000000..f86a079cdc8 --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33386.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-33386", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-05T15:15:09.197", + "lastModified": "2023-06-05T15:15:09.197", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/b1ackc4t/MarsCTF/blob/V1.2.1/src/main/java/com/b1ackc4t/marsctfserver/service/impl/CTFFileServiceImpl.java#L46", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/b1ackc4t/MarsCTF/issues/10", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33518.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33518.json new file mode 100644 index 00000000000..4ede967f9d2 --- /dev/null +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33518.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33518", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-05T15:15:09.247", + "lastModified": "2023-06-05T15:15:09.247", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/emoncms/emoncms/issues/1856", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json index 7d81eab7217..182fd55ca61 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json @@ -2,16 +2,24 @@ "id": "CVE-2023-34256", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-31T20:15:10.817", - "lastModified": "2023-06-01T01:17:03.663", + "lastModified": "2023-06-05T14:15:10.550", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset." + "value": "** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated \"When modifying the block device while it is mounted by the filesystem\" access." + }, + { + "lang": "es", + "value": "Se ha descubierto un problema en el kernel de Linux en las versiones anteriores a 6.3.3. Hay una lectura fuera de l\u00edmites en crc16 en \"lib/crc16.c\" cuando se llama dese \"fs/ext4/super.c\" porque \"ext4_group_desc_csum\" no comprueba correctamente un desplazamiento. " } ], "metrics": {}, "references": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1211895", + "source": "cve@mitre.org" + }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3", "source": "cve@mitre.org" diff --git a/README.md b/README.md index 850f1cb507f..32e247c4b7f 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-05T14:00:28.217196+00:00 +2023-06-05T16:00:53.707098+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-05T13:50:24.813000+00:00 +2023-06-05T15:54:48.487000+00:00 ``` ### Last Data Feed Release @@ -29,45 +29,60 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -216845 +216861 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `16` -* [CVE-2023-27989](CVE-2023/CVE-2023-279xx/CVE-2023-27989.json) (`2023-06-05T12:15:09.360`) +* [CVE-2022-4946](CVE-2022/CVE-2022-49xx/CVE-2022-4946.json) (`2023-06-05T14:15:09.577`) +* [CVE-2023-0152](CVE-2023/CVE-2023-01xx/CVE-2023-0152.json) (`2023-06-05T14:15:09.660`) +* [CVE-2023-0545](CVE-2023/CVE-2023-05xx/CVE-2023-0545.json) (`2023-06-05T14:15:09.727`) +* [CVE-2023-0900](CVE-2023/CVE-2023-09xx/CVE-2023-0900.json) (`2023-06-05T14:15:09.793`) +* [CVE-2023-2224](CVE-2023/CVE-2023-22xx/CVE-2023-2224.json) (`2023-06-05T14:15:09.977`) +* [CVE-2023-2337](CVE-2023/CVE-2023-23xx/CVE-2023-2337.json) (`2023-06-05T14:15:10.040`) +* [CVE-2023-2472](CVE-2023/CVE-2023-24xx/CVE-2023-2472.json) (`2023-06-05T14:15:10.110`) +* [CVE-2023-2488](CVE-2023/CVE-2023-24xx/CVE-2023-2488.json) (`2023-06-05T14:15:10.173`) +* [CVE-2023-2489](CVE-2023/CVE-2023-24xx/CVE-2023-2489.json) (`2023-06-05T14:15:10.243`) +* [CVE-2023-2503](CVE-2023/CVE-2023-25xx/CVE-2023-2503.json) (`2023-06-05T14:15:10.300`) +* [CVE-2023-2571](CVE-2023/CVE-2023-25xx/CVE-2023-2571.json) (`2023-06-05T14:15:10.363`) +* [CVE-2023-2572](CVE-2023/CVE-2023-25xx/CVE-2023-2572.json) (`2023-06-05T14:15:10.423`) +* [CVE-2023-2634](CVE-2023/CVE-2023-26xx/CVE-2023-2634.json) (`2023-06-05T14:15:10.483`) +* [CVE-2023-32766](CVE-2023/CVE-2023-327xx/CVE-2023-32766.json) (`2023-06-05T15:15:09.143`) +* [CVE-2023-33386](CVE-2023/CVE-2023-333xx/CVE-2023-33386.json) (`2023-06-05T15:15:09.197`) +* [CVE-2023-33518](CVE-2023/CVE-2023-335xx/CVE-2023-33518.json) (`2023-06-05T15:15:09.247`) ### CVEs modified in the last Commit -Recently modified CVEs: `57` +Recently modified CVEs: `27` -* [CVE-2023-32582](CVE-2023/CVE-2023-325xx/CVE-2023-32582.json) (`2023-06-05T13:03:03.327`) -* [CVE-2023-3086](CVE-2023/CVE-2023-30xx/CVE-2023-3086.json) (`2023-06-05T13:03:03.327`) -* [CVE-2023-3091](CVE-2023/CVE-2023-30xx/CVE-2023-3091.json) (`2023-06-05T13:03:03.327`) -* [CVE-2023-3094](CVE-2023/CVE-2023-30xx/CVE-2023-3094.json) (`2023-06-05T13:03:03.327`) -* [CVE-2023-3095](CVE-2023/CVE-2023-30xx/CVE-2023-3095.json) (`2023-06-05T13:03:03.327`) -* [CVE-2023-22862](CVE-2023/CVE-2023-228xx/CVE-2023-22862.json) (`2023-06-05T13:03:03.327`) -* [CVE-2023-27285](CVE-2023/CVE-2023-272xx/CVE-2023-27285.json) (`2023-06-05T13:03:03.327`) -* [CVE-2023-1297](CVE-2023/CVE-2023-12xx/CVE-2023-1297.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-2816](CVE-2023/CVE-2023-28xx/CVE-2023-2816.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-3044](CVE-2023/CVE-2023-30xx/CVE-2023-3044.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-2781](CVE-2023/CVE-2023-27xx/CVE-2023-2781.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-3051](CVE-2023/CVE-2023-30xx/CVE-2023-3051.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-3052](CVE-2023/CVE-2023-30xx/CVE-2023-3052.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-3053](CVE-2023/CVE-2023-30xx/CVE-2023-3053.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-3055](CVE-2023/CVE-2023-30xx/CVE-2023-3055.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-33143](CVE-2023/CVE-2023-331xx/CVE-2023-33143.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-0583](CVE-2023/CVE-2023-05xx/CVE-2023-0583.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-0584](CVE-2023/CVE-2023-05xx/CVE-2023-0584.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-2298](CVE-2023/CVE-2023-22xx/CVE-2023-2298.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-2299](CVE-2023/CVE-2023-22xx/CVE-2023-2299.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-2300](CVE-2023/CVE-2023-23xx/CVE-2023-2300.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-2301](CVE-2023/CVE-2023-23xx/CVE-2023-2301.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-2302](CVE-2023/CVE-2023-23xx/CVE-2023-2302.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-2303](CVE-2023/CVE-2023-23xx/CVE-2023-2303.json) (`2023-06-05T13:03:17.903`) -* [CVE-2023-33187](CVE-2023/CVE-2023-331xx/CVE-2023-33187.json) (`2023-06-05T13:50:24.813`) +* [CVE-2023-23694](CVE-2023/CVE-2023-236xx/CVE-2023-23694.json) (`2023-06-05T14:15:09.860`) +* [CVE-2023-34256](CVE-2023/CVE-2023-342xx/CVE-2023-34256.json) (`2023-06-05T14:15:10.550`) +* [CVE-2023-31128](CVE-2023/CVE-2023-311xx/CVE-2023-31128.json) (`2023-06-05T14:15:52.127`) +* [CVE-2023-33199](CVE-2023/CVE-2023-331xx/CVE-2023-33199.json) (`2023-06-05T14:21:25.877`) +* [CVE-2023-30253](CVE-2023/CVE-2023-302xx/CVE-2023-30253.json) (`2023-06-05T14:26:28.600`) +* [CVE-2023-0443](CVE-2023/CVE-2023-04xx/CVE-2023-0443.json) (`2023-06-05T14:29:56.740`) +* [CVE-2023-0733](CVE-2023/CVE-2023-07xx/CVE-2023-0733.json) (`2023-06-05T14:44:50.077`) +* [CVE-2023-0766](CVE-2023/CVE-2023-07xx/CVE-2023-0766.json) (`2023-06-05T14:45:46.990`) +* [CVE-2023-1524](CVE-2023/CVE-2023-15xx/CVE-2023-1524.json) (`2023-06-05T14:48:29.007`) +* [CVE-2023-2023](CVE-2023/CVE-2023-20xx/CVE-2023-2023.json) (`2023-06-05T14:50:11.437`) +* [CVE-2023-2111](CVE-2023/CVE-2023-21xx/CVE-2023-2111.json) (`2023-06-05T14:50:50.937`) +* [CVE-2023-1938](CVE-2023/CVE-2023-19xx/CVE-2023-1938.json) (`2023-06-05T14:51:30.440`) +* [CVE-2023-2113](CVE-2023/CVE-2023-21xx/CVE-2023-2113.json) (`2023-06-05T14:52:13.103`) +* [CVE-2023-2117](CVE-2023/CVE-2023-21xx/CVE-2023-2117.json) (`2023-06-05T14:52:52.937`) +* [CVE-2023-2223](CVE-2023/CVE-2023-22xx/CVE-2023-2223.json) (`2023-06-05T14:53:35.137`) +* [CVE-2023-2256](CVE-2023/CVE-2023-22xx/CVE-2023-2256.json) (`2023-06-05T14:53:59.733`) +* [CVE-2023-2287](CVE-2023/CVE-2023-22xx/CVE-2023-2287.json) (`2023-06-05T14:55:48.680`) +* [CVE-2023-2288](CVE-2023/CVE-2023-22xx/CVE-2023-2288.json) (`2023-06-05T14:57:07.243`) +* [CVE-2023-2296](CVE-2023/CVE-2023-22xx/CVE-2023-2296.json) (`2023-06-05T14:57:38.170`) +* [CVE-2023-2470](CVE-2023/CVE-2023-24xx/CVE-2023-2470.json) (`2023-06-05T14:58:04.267`) +* [CVE-2023-2518](CVE-2023/CVE-2023-25xx/CVE-2023-2518.json) (`2023-06-05T14:59:11.307`) +* [CVE-2023-2973](CVE-2023/CVE-2023-29xx/CVE-2023-2973.json) (`2023-06-05T14:59:58.683`) +* [CVE-2023-32676](CVE-2023/CVE-2023-326xx/CVE-2023-32676.json) (`2023-06-05T15:30:07.343`) +* [CVE-2023-32072](CVE-2023/CVE-2023-320xx/CVE-2023-32072.json) (`2023-06-05T15:42:16.773`) +* [CVE-2023-32695](CVE-2023/CVE-2023-326xx/CVE-2023-32695.json) (`2023-06-05T15:54:48.487`) ## Download and Usage