From fb46526e5626c370c942dedadbd96e1b247f8c08 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 22 Jun 2023 10:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-06-22T10:00:25.481123+00:00 --- CVE-2021/CVE-2021-253xx/CVE-2021-25315.json | 12 ++--- CVE-2022/CVE-2022-219xx/CVE-2022-21946.json | 12 ++--- CVE-2023/CVE-2023-274xx/CVE-2023-27413.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-276xx/CVE-2023-27612.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-276xx/CVE-2023-27618.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-276xx/CVE-2023-27629.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-276xx/CVE-2023-27631.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-281xx/CVE-2023-28166.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-281xx/CVE-2023-28171.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-284xx/CVE-2023-28423.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-284xx/CVE-2023-28496.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-285xx/CVE-2023-28534.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-286xx/CVE-2023-28695.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-319xx/CVE-2023-31975.json | 6 ++- README.md | 27 +++++++--- 15 files changed, 641 insertions(+), 21 deletions(-) create mode 100644 CVE-2023/CVE-2023-274xx/CVE-2023-27413.json create mode 100644 CVE-2023/CVE-2023-276xx/CVE-2023-27612.json create mode 100644 CVE-2023/CVE-2023-276xx/CVE-2023-27618.json create mode 100644 CVE-2023/CVE-2023-276xx/CVE-2023-27629.json create mode 100644 CVE-2023/CVE-2023-276xx/CVE-2023-27631.json create mode 100644 CVE-2023/CVE-2023-281xx/CVE-2023-28166.json create mode 100644 CVE-2023/CVE-2023-281xx/CVE-2023-28171.json create mode 100644 CVE-2023/CVE-2023-284xx/CVE-2023-28423.json create mode 100644 CVE-2023/CVE-2023-284xx/CVE-2023-28496.json create mode 100644 CVE-2023/CVE-2023-285xx/CVE-2023-28534.json create mode 100644 CVE-2023/CVE-2023-286xx/CVE-2023-28695.json diff --git a/CVE-2021/CVE-2021-253xx/CVE-2021-25315.json b/CVE-2021/CVE-2021-253xx/CVE-2021-25315.json index 2a15092f91e..c25cb92e8e7 100644 --- a/CVE-2021/CVE-2021-253xx/CVE-2021-25315.json +++ b/CVE-2021/CVE-2021-253xx/CVE-2021-25315.json @@ -2,12 +2,12 @@ "id": "CVE-2021-25315", "sourceIdentifier": "meissner@suse.de", "published": "2021-03-03T10:15:13.940", - "lastModified": "2022-10-25T18:08:51.200", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-22T09:15:09.793", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions." + "value": "CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions." }, { "lang": "es", @@ -85,7 +85,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "meissner@suse.de", "type": "Primary", "description": [ { @@ -95,12 +95,12 @@ ] }, { - "source": "meissner@suse.de", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-303" + "value": "CWE-287" } ] } diff --git a/CVE-2022/CVE-2022-219xx/CVE-2022-21946.json b/CVE-2022/CVE-2022-219xx/CVE-2022-21946.json index d8ba4972453..b0a3fd9a717 100644 --- a/CVE-2022/CVE-2022-219xx/CVE-2022-21946.json +++ b/CVE-2022/CVE-2022-219xx/CVE-2022-21946.json @@ -2,12 +2,12 @@ "id": "CVE-2022-21946", "sourceIdentifier": "meissner@suse.de", "published": "2022-03-16T10:15:08.340", - "lastModified": "2023-04-14T18:48:16.500", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-22T09:15:10.693", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A Improper Privilege Management vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions." + "value": "A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions." }, { "lang": "es", @@ -85,7 +85,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "meissner@suse.de", "type": "Primary", "description": [ { @@ -95,12 +95,12 @@ ] }, { - "source": "meissner@suse.de", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-269" + "value": "CWE-732" } ] } diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27413.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27413.json new file mode 100644 index 00000000000..305c44db688 --- /dev/null +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27413.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-27413", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T08:15:09.173", + "lastModified": "2023-06-22T08:15:09.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <=\u00a02.4.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/w4-post-list/wordpress-w4-post-list-plugin-2-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-276xx/CVE-2023-27612.json b/CVE-2023/CVE-2023-276xx/CVE-2023-27612.json new file mode 100644 index 00000000000..7b48be31ecc --- /dev/null +++ b/CVE-2023/CVE-2023-276xx/CVE-2023-27612.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-27612", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T08:15:09.277", + "lastModified": "2023-06-22T08:15:09.277", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <=\u00a06.5.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/site-reviews/wordpress-site-reviews-plugin-6-5-1-cross-site-scripting-xss-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-276xx/CVE-2023-27618.json b/CVE-2023/CVE-2023-276xx/CVE-2023-27618.json new file mode 100644 index 00000000000..4c911c8422d --- /dev/null +++ b/CVE-2023/CVE-2023-276xx/CVE-2023-27618.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-27618", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T09:15:10.873", + "lastModified": "2023-06-22T09:15:10.873", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <=\u00a01.4.9 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/agile-store-locator/wordpress-store-locator-wordpress-plugin-1-4-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-276xx/CVE-2023-27629.json b/CVE-2023/CVE-2023-276xx/CVE-2023-27629.json new file mode 100644 index 00000000000..96491bd06c2 --- /dev/null +++ b/CVE-2023/CVE-2023-276xx/CVE-2023-27629.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-27629", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T08:15:09.353", + "lastModified": "2023-06-22T08:15:09.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <=\u00a06.5.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/site-reviews/wordpress-site-reviews-plugin-6-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-276xx/CVE-2023-27631.json b/CVE-2023/CVE-2023-276xx/CVE-2023-27631.json new file mode 100644 index 00000000000..f5912f2c7db --- /dev/null +++ b/CVE-2023/CVE-2023-276xx/CVE-2023-27631.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-27631", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T08:15:09.433", + "lastModified": "2023-06-22T08:15:09.433", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <=\u00a02023.05.04 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/daily-prayer-time-for-mosques/wordpress-daily-prayer-time-plugin-2023-02-21-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28166.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28166.json new file mode 100644 index 00000000000..c9e8810a302 --- /dev/null +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28166.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28166", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T09:15:10.993", + "lastModified": "2023-06-22T09:15:10.993", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <=\u00a01.0.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/tags-cloud-manager/wordpress-tags-cloud-manager-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28171.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28171.json new file mode 100644 index 00000000000..18e67aa5e23 --- /dev/null +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28171.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28171", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T09:15:11.070", + "lastModified": "2023-06-22T09:15:11.070", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <=\u00a01.3.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/brilliance/wordpress-brilliance-theme-1-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28423.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28423.json new file mode 100644 index 00000000000..d0c7fd02f92 --- /dev/null +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28423.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28423", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T09:15:11.147", + "lastModified": "2023-06-22T09:15:11.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prism Tech Studios Modern Footnotes plugin <=\u00a01.4.15 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/modern-footnotes/wordpress-modern-footnotes-plugin-1-4-15-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28496.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28496.json new file mode 100644 index 00000000000..e4790de9771 --- /dev/null +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28496.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28496", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T09:15:11.217", + "lastModified": "2023-06-22T09:15:11.217", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP2GO \u2013 Email Made Easy plugin <=\u00a01.4.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/smtp2go/wordpress-smtp2go-plugin-1-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28534.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28534.json new file mode 100644 index 00000000000..d6f8bf2ee96 --- /dev/null +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28534.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28534", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T09:15:11.297", + "lastModified": "2023-06-22T09:15:11.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Job Portal WP Job Portal \u2013 A Complete Job Board plugin <=\u00a02.0.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-a-complete-job-board-plugin-1-1-9-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28695.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28695.json new file mode 100644 index 00000000000..abcc4a25318 --- /dev/null +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28695.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28695", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-22T09:15:11.373", + "lastModified": "2023-06-22T09:15:11.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Drew Phillips VigilanTor plugin <=\u00a01.3.10 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/vigilantor/wordpress-vigilantor-plugin-1-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json index 3ad0a1b0381..9412cd39b08 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31975", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-09T13:15:18.590", - "lastModified": "2023-06-22T06:15:09.457", + "lastModified": "2023-06-22T09:15:11.450", "vulnStatus": "Modified", "descriptions": [ { @@ -100,6 +100,10 @@ "url": "http://www.openwall.com/lists/oss-security/2023/06/22/1", "source": "cve@mitre.org" }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/06/22/3", + "source": "cve@mitre.org" + }, { "url": "https://github.com/yasm/yasm/issues/210", "source": "cve@mitre.org", diff --git a/README.md b/README.md index d53e26799da..7d464047c89 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-22T08:00:30.331019+00:00 +2023-06-22T10:00:25.481123+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-22T07:15:08.867000+00:00 +2023-06-22T09:15:11.450000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -218206 +218217 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `11` -* [CVE-2023-32449](CVE-2023/CVE-2023-324xx/CVE-2023-32449.json) (`2023-06-22T07:15:08.867`) +* [CVE-2023-27413](CVE-2023/CVE-2023-274xx/CVE-2023-27413.json) (`2023-06-22T08:15:09.173`) +* [CVE-2023-27612](CVE-2023/CVE-2023-276xx/CVE-2023-27612.json) (`2023-06-22T08:15:09.277`) +* [CVE-2023-27629](CVE-2023/CVE-2023-276xx/CVE-2023-27629.json) (`2023-06-22T08:15:09.353`) +* [CVE-2023-27631](CVE-2023/CVE-2023-276xx/CVE-2023-27631.json) (`2023-06-22T08:15:09.433`) +* [CVE-2023-27618](CVE-2023/CVE-2023-276xx/CVE-2023-27618.json) (`2023-06-22T09:15:10.873`) +* [CVE-2023-28166](CVE-2023/CVE-2023-281xx/CVE-2023-28166.json) (`2023-06-22T09:15:10.993`) +* [CVE-2023-28171](CVE-2023/CVE-2023-281xx/CVE-2023-28171.json) (`2023-06-22T09:15:11.070`) +* [CVE-2023-28423](CVE-2023/CVE-2023-284xx/CVE-2023-28423.json) (`2023-06-22T09:15:11.147`) +* [CVE-2023-28496](CVE-2023/CVE-2023-284xx/CVE-2023-28496.json) (`2023-06-22T09:15:11.217`) +* [CVE-2023-28534](CVE-2023/CVE-2023-285xx/CVE-2023-28534.json) (`2023-06-22T09:15:11.297`) +* [CVE-2023-28695](CVE-2023/CVE-2023-286xx/CVE-2023-28695.json) (`2023-06-22T09:15:11.373`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `3` -* [CVE-2023-31975](CVE-2023/CVE-2023-319xx/CVE-2023-31975.json) (`2023-06-22T06:15:09.457`) -* [CVE-2023-25940](CVE-2023/CVE-2023-259xx/CVE-2023-25940.json) (`2023-06-22T07:15:08.537`) +* [CVE-2021-25315](CVE-2021/CVE-2021-253xx/CVE-2021-25315.json) (`2023-06-22T09:15:09.793`) +* [CVE-2022-21946](CVE-2022/CVE-2022-219xx/CVE-2022-21946.json) (`2023-06-22T09:15:10.693`) +* [CVE-2023-31975](CVE-2023/CVE-2023-319xx/CVE-2023-31975.json) (`2023-06-22T09:15:11.450`) ## Download and Usage