admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-03T12:00:24.644117+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-03 12:00:28 +00:00
parent 4e35d25c42
commit faee24b4df
17 changed files with 877 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2022/CVE-2022-468xx/CVE-2022-46841.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-46841",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T11:15:25.093",
"lastModified": "2023-10-03T11:15:25.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <=\u00a04.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/oxygen/wordpress-oxygen-builder-plugin-4-6-2-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-08xx/CVE-2023-0828.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-0828",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-03T11:15:25.173",
"lastModified": "2023-10-03T11:15:25.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2023/CVE-2023-245xx/CVE-2023-24518.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24518",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-03T11:15:25.247",
"lastModified": "2023-10-03T11:15:25.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25463.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25463",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T11:15:25.310",
"lastModified": "2023-10-03T11:15:25.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <=\u00a07.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-tell-a-friend-popup-form/wordpress-wp-tell-a-friend-popup-form-plugin-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-378xx/CVE-2023-37891.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-37891",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T10:15:10.057",
"lastModified": "2023-10-03T10:15:10.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <=\u00a02.0.4 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en OptiMonk en el complemento OptiMonk: Popups, Personalization &amp; A/B Testing en versiones &lt;=&#xa0;2.0.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/exit-intent-popups-by-optimonk/wordpress-exit-popups-onsite-retargeting-by-optimonk-plugin-2-0-4-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-379xx/CVE-2023-37990.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37990",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T11:15:25.387",
"lastModified": "2023-10-03T11:15:25.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <=\u00a02.1.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/perelink/wordpress-perelink-pro-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-379xx/CVE-2023-37991.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-37991",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T10:15:10.270",
"lastModified": "2023-10-03T10:15:10.270",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <=\u00a00.6.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Monchito.Net WP Emoji One en versiones &lt;=&#xa0;0.6.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-emoji-one/wordpress-wp-emoji-one-plugin-0-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-379xx/CVE-2023-37992.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-37992",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T10:15:10.343",
"lastModified": "2023-10-03T10:15:10.343",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <=\u00a03.1.35 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Smarty de PressPage Entertainment Inc. para WordPress en versiones &lt;=&#xa0;3.1.35."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-379xx/CVE-2023-37996.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-37996",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T10:15:10.417",
"lastModified": "2023-10-03T10:15:10.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <=\u00a00.4.7 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en GTmetrix GTmetrix para el complemento de WordPress en versiones &lt;=&#xa0;0.4.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gtmetrix-for-wordpress/wordpress-gtmetrix-for-wordpress-plugin-0-4-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-379xx/CVE-2023-37998.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-37998",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T10:15:10.483",
"lastModified": "2023-10-03T10:15:10.483",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler plugin <=\u00a03.0.3 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Saas Disabler en versiones &lt;=&#xa0;3.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/disabler/wordpress-disabler-plugin-3-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-383xx/CVE-2023-38381.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-38381",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T10:15:10.550",
"lastModified": "2023-10-03T10:15:10.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <=\u00a06.46 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Cyle Conoly WP-FlyBox en versiones &lt;=&#xa0;6.46."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-flybox/wordpress-wp-flybox-plugin-6-46-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-383xx/CVE-2023-38390.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38390",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T11:15:25.457",
"lastModified": "2023-10-03T11:15:25.457",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <=\u00a03.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mobile-address-bar-changer/wordpress-mobile-address-bar-changer-plugin-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-383xx/CVE-2023-38396.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38396",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T11:15:25.527",
"lastModified": "2023-10-03T11:15:25.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <=\u00a03.1.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/google-map-shortcode/wordpress-google-map-shortcode-plugin-3-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-383xx/CVE-2023-38398.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38398",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T11:15:25.593",
"lastModified": "2023-10-03T11:15:25.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <=\u00a02.0.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/taboola/wordpress-taboola-plugin-2-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-40xx/CVE-2023-4097.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4097",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-03T11:15:25.663",
"lastModified": "2023-10-03T11:15:25.663",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-idm-sistemas-qsige",
"source": "cve-coordination@incibe.es"
}
]
}

14
CVE-2023/CVE-2023-50xx/CVE-2023-5009.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5009", "id": "CVE-2023-5009",
"sourceIdentifier": "cve@gitlab.com", "sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-19T08:16:07.203", "published": "2023-09-19T08:16:07.203",
"lastModified": "2023-09-21T18:44:15.703", "lastModified": "2023-10-03T10:15:10.627",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -41,19 +41,19 @@
"type": "Secondary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK", "attackVector": "NETWORK",
"attackComplexity": "LOW", "attackComplexity": "HIGH",
"privilegesRequired": "LOW", "privilegesRequired": "LOW",
"userInteraction": "NONE", "userInteraction": "NONE",
"scope": "CHANGED", "scope": "CHANGED",
"confidentialityImpact": "HIGH", "confidentialityImpact": "HIGH",
"integrityImpact": "HIGH", "integrityImpact": "HIGH",
"availabilityImpact": "NONE", "availabilityImpact": "NONE",
"baseScore": 9.6, "baseScore": 8.2,
"baseSeverity": "CRITICAL" "baseSeverity": "HIGH"
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 1.8,
"impactScore": 5.8 "impactScore": 5.8
} }
] ]

31
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-10-03T10:00:25.158484+00:00 2023-10-03T12:00:24.644117+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-10-03T09:15:10.247000+00:00 2023-10-03T11:15:25.663000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,24 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
226822 226837
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `5` Recently added CVEs: `15`
* [CVE-2023-3655](CVE-2023/CVE-2023-36xx/CVE-2023-3655.json) (`2023-10-03T08:15:35.680`) * [CVE-2022-46841](CVE-2022/CVE-2022-468xx/CVE-2022-46841.json) (`2023-10-03T11:15:25.093`)
* [CVE-2023-3656](CVE-2023/CVE-2023-36xx/CVE-2023-3656.json) (`2023-10-03T08:15:35.930`) * [CVE-2023-37891](CVE-2023/CVE-2023-378xx/CVE-2023-37891.json) (`2023-10-03T10:15:10.057`)
* [CVE-2023-44217](CVE-2023/CVE-2023-442xx/CVE-2023-44217.json) (`2023-10-03T08:15:36.000`) * [CVE-2023-37991](CVE-2023/CVE-2023-379xx/CVE-2023-37991.json) (`2023-10-03T10:15:10.270`)
* [CVE-2023-44218](CVE-2023/CVE-2023-442xx/CVE-2023-44218.json) (`2023-10-03T08:15:36.067`) * [CVE-2023-37992](CVE-2023/CVE-2023-379xx/CVE-2023-37992.json) (`2023-10-03T10:15:10.343`)
* [CVE-2023-3654](CVE-2023/CVE-2023-36xx/CVE-2023-3654.json) (`2023-10-03T09:15:10.247`) * [CVE-2023-37996](CVE-2023/CVE-2023-379xx/CVE-2023-37996.json) (`2023-10-03T10:15:10.417`)
* [CVE-2023-37998](CVE-2023/CVE-2023-379xx/CVE-2023-37998.json) (`2023-10-03T10:15:10.483`)
* [CVE-2023-38381](CVE-2023/CVE-2023-383xx/CVE-2023-38381.json) (`2023-10-03T10:15:10.550`)
* [CVE-2023-0828](CVE-2023/CVE-2023-08xx/CVE-2023-0828.json) (`2023-10-03T11:15:25.173`)
* [CVE-2023-24518](CVE-2023/CVE-2023-245xx/CVE-2023-24518.json) (`2023-10-03T11:15:25.247`)
* [CVE-2023-25463](CVE-2023/CVE-2023-254xx/CVE-2023-25463.json) (`2023-10-03T11:15:25.310`)
* [CVE-2023-37990](CVE-2023/CVE-2023-379xx/CVE-2023-37990.json) (`2023-10-03T11:15:25.387`)
* [CVE-2023-38390](CVE-2023/CVE-2023-383xx/CVE-2023-38390.json) (`2023-10-03T11:15:25.457`)
* [CVE-2023-38396](CVE-2023/CVE-2023-383xx/CVE-2023-38396.json) (`2023-10-03T11:15:25.527`)
* [CVE-2023-38398](CVE-2023/CVE-2023-383xx/CVE-2023-38398.json) (`2023-10-03T11:15:25.593`)
* [CVE-2023-4097](CVE-2023/CVE-2023-40xx/CVE-2023-4097.json) (`2023-10-03T11:15:25.663`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `0` Recently modified CVEs: `1`
* [CVE-2023-5009](CVE-2023/CVE-2023-50xx/CVE-2023-5009.json) (`2023-10-03T10:15:10.627`)
## Download and Usage ## Download and Usage