From fdad9d05d54658f7b9ff6e16c3c63fd3b9297c5e Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 15 Nov 2023 19:00:22 +0000 Subject: [PATCH] Auto-Update: 2023-11-15T19:00:18.474903+00:00 --- CVE-2021/CVE-2021-238xx/CVE-2021-23886.json | 28 +- CVE-2021/CVE-2021-238xx/CVE-2021-23894.json | 33 +- CVE-2021/CVE-2021-318xx/CVE-2021-31831.json | 41 +- CVE-2021/CVE-2021-318xx/CVE-2021-31835.json | 23 +- CVE-2021/CVE-2021-318xx/CVE-2021-31836.json | 23 +- CVE-2021/CVE-2021-318xx/CVE-2021-31837.json | 23 +- CVE-2021/CVE-2021-318xx/CVE-2021-31841.json | 35 +- CVE-2022/CVE-2022-416xx/CVE-2022-41616.json | 56 ++- CVE-2022/CVE-2022-447xx/CVE-2022-44738.json | 56 ++- CVE-2023/CVE-2023-03xx/CVE-2023-0330.json | 25 +- CVE-2023/CVE-2023-227xx/CVE-2023-22719.json | 56 ++- CVE-2023/CVE-2023-236xx/CVE-2023-23678.json | 56 ++- CVE-2023/CVE-2023-237xx/CVE-2023-23796.json | 56 ++- CVE-2023/CVE-2023-259xx/CVE-2023-25983.json | 66 +++- CVE-2023/CVE-2023-294xx/CVE-2023-29426.json | 56 ++- CVE-2023/CVE-2023-294xx/CVE-2023-29428.json | 56 ++- CVE-2023/CVE-2023-294xx/CVE-2023-29440.json | 56 ++- CVE-2023/CVE-2023-304xx/CVE-2023-30478.json | 56 ++- CVE-2023/CVE-2023-310xx/CVE-2023-31078.json | 56 ++- CVE-2023/CVE-2023-310xx/CVE-2023-31086.json | 52 ++- CVE-2023/CVE-2023-310xx/CVE-2023-31088.json | 52 ++- CVE-2023/CVE-2023-310xx/CVE-2023-31093.json | 52 ++- CVE-2023/CVE-2023-312xx/CVE-2023-31235.json | 52 ++- CVE-2023/CVE-2023-320xx/CVE-2023-32092.json | 52 ++- CVE-2023/CVE-2023-320xx/CVE-2023-32093.json | 52 ++- CVE-2023/CVE-2023-321xx/CVE-2023-32125.json | 52 ++- CVE-2023/CVE-2023-325xx/CVE-2023-32500.json | 52 ++- CVE-2023/CVE-2023-325xx/CVE-2023-32501.json | 52 ++- CVE-2023/CVE-2023-325xx/CVE-2023-32502.json | 62 ++- CVE-2023/CVE-2023-325xx/CVE-2023-32587.json | 52 ++- CVE-2023/CVE-2023-325xx/CVE-2023-32592.json | 52 ++- CVE-2023/CVE-2023-326xx/CVE-2023-32602.json | 52 ++- CVE-2023/CVE-2023-327xx/CVE-2023-32739.json | 52 ++- CVE-2023/CVE-2023-327xx/CVE-2023-32744.json | 52 ++- CVE-2023/CVE-2023-327xx/CVE-2023-32745.json | 52 ++- CVE-2023/CVE-2023-327xx/CVE-2023-32794.json | 52 ++- CVE-2023/CVE-2023-338xx/CVE-2023-33873.json | 59 +++ CVE-2023/CVE-2023-340xx/CVE-2023-34024.json | 52 ++- CVE-2023/CVE-2023-340xx/CVE-2023-34025.json | 52 ++- CVE-2023/CVE-2023-349xx/CVE-2023-34982.json | 59 +++ CVE-2023/CVE-2023-360xx/CVE-2023-36014.json | 60 ++- CVE-2023/CVE-2023-360xx/CVE-2023-36024.json | 76 +++- CVE-2023/CVE-2023-365xx/CVE-2023-36527.json | 56 ++- CVE-2023/CVE-2023-366xx/CVE-2023-36667.json | 79 +++- CVE-2023/CVE-2023-452xx/CVE-2023-45269.json | 6 +- CVE-2023/CVE-2023-453xx/CVE-2023-45319.json | 61 ++- CVE-2023/CVE-2023-458xx/CVE-2023-45849.json | 61 ++- CVE-2023/CVE-2023-466xx/CVE-2023-46642.json | 56 ++- CVE-2023/CVE-2023-466xx/CVE-2023-46643.json | 56 ++- CVE-2023/CVE-2023-471xx/CVE-2023-47181.json | 56 ++- CVE-2023/CVE-2023-473xx/CVE-2023-47397.json | 69 +++- CVE-2023/CVE-2023-51xx/CVE-2023-5136.json | 405 +++++++++++++++++++- CVE-2023/CVE-2023-59xx/CVE-2023-5997.json | 24 ++ CVE-2023/CVE-2023-60xx/CVE-2023-6079.json | 15 + CVE-2023/CVE-2023-61xx/CVE-2023-6112.json | 24 ++ README.md | 68 ++-- 56 files changed, 2892 insertions(+), 253 deletions(-) create mode 100644 CVE-2023/CVE-2023-338xx/CVE-2023-33873.json create mode 100644 CVE-2023/CVE-2023-349xx/CVE-2023-34982.json create mode 100644 CVE-2023/CVE-2023-59xx/CVE-2023-5997.json create mode 100644 CVE-2023/CVE-2023-60xx/CVE-2023-6079.json create mode 100644 CVE-2023/CVE-2023-61xx/CVE-2023-6112.json diff --git a/CVE-2021/CVE-2021-238xx/CVE-2021-23886.json b/CVE-2021/CVE-2021-238xx/CVE-2021-23886.json index 6ced04b498c..0e866089cdf 100644 --- a/CVE-2021/CVE-2021-238xx/CVE-2021-23886.json +++ b/CVE-2021/CVE-2021-238xx/CVE-2021-23886.json @@ -2,8 +2,8 @@ "id": "CVE-2021-23886", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2021-04-15T08:15:14.620", - "lastModified": "2023-11-07T03:30:58.493", - "vulnStatus": "Modified", + "lastModified": "2023-11-15T18:46:23.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 3.6 }, { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "trellixpsirt@trellix.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -85,7 +85,17 @@ }, "weaknesses": [ { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + }, + { + "source": "trellixpsirt@trellix.com", "type": "Secondary", "description": [ { @@ -116,11 +126,17 @@ "references": [ { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10354", - "source": "trellixpsirt@trellix.com" + "source": "trellixpsirt@trellix.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10357", - "source": "trellixpsirt@trellix.com" + "source": "trellixpsirt@trellix.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-238xx/CVE-2021-23894.json b/CVE-2021/CVE-2021-238xx/CVE-2021-23894.json index ef23d5ab26b..b34b904bd2f 100644 --- a/CVE-2021/CVE-2021-238xx/CVE-2021-23894.json +++ b/CVE-2021/CVE-2021-238xx/CVE-2021-23894.json @@ -2,8 +2,8 @@ "id": "CVE-2021-23894", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2021-06-02T13:15:11.810", - "lastModified": "2023-11-07T03:31:00.427", - "vulnStatus": "Modified", + "lastModified": "2023-11-15T18:47:26.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,8 +21,8 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", @@ -30,14 +30,14 @@ "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "baseScore": 8.8, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.8, "impactScore": 5.9 }, { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "trellixpsirt@trellix.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -85,7 +85,17 @@ }, "weaknesses": [ { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, + { + "source": "trellixpsirt@trellix.com", "type": "Secondary", "description": [ { @@ -116,7 +126,10 @@ "references": [ { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10359", - "source": "trellixpsirt@trellix.com" + "source": "trellixpsirt@trellix.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-318xx/CVE-2021-31831.json b/CVE-2021/CVE-2021-318xx/CVE-2021-31831.json index 447d9f5cb86..702816dfbf4 100644 --- a/CVE-2021/CVE-2021-318xx/CVE-2021-31831.json +++ b/CVE-2021/CVE-2021-318xx/CVE-2021-31831.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31831", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2021-06-03T10:15:07.437", - "lastModified": "2023-11-07T03:35:01.657", - "vulnStatus": "Modified", + "lastModified": "2023-11-15T18:53:33.923", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,23 +21,23 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 + "exploitabilityScore": 2.1, + "impactScore": 3.4 }, { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "trellixpsirt@trellix.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -85,7 +85,17 @@ }, "weaknesses": [ { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + }, + { + "source": "trellixpsirt@trellix.com", "type": "Secondary", "description": [ { @@ -116,7 +126,10 @@ "references": [ { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10359", - "source": "trellixpsirt@trellix.com" + "source": "trellixpsirt@trellix.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-318xx/CVE-2021-31835.json b/CVE-2021/CVE-2021-318xx/CVE-2021-31835.json index b080e746e12..b62cc8ed964 100644 --- a/CVE-2021/CVE-2021-318xx/CVE-2021-31835.json +++ b/CVE-2021/CVE-2021-318xx/CVE-2021-31835.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31835", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2021-10-22T11:15:07.900", - "lastModified": "2023-11-07T03:35:03.420", - "vulnStatus": "Modified", + "lastModified": "2023-11-15T18:53:43.750", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 2.7 }, { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "trellixpsirt@trellix.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -85,7 +85,17 @@ }, "weaknesses": [ { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "trellixpsirt@trellix.com", "type": "Secondary", "description": [ { @@ -176,7 +186,10 @@ "references": [ { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", - "source": "trellixpsirt@trellix.com" + "source": "trellixpsirt@trellix.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-318xx/CVE-2021-31836.json b/CVE-2021/CVE-2021-318xx/CVE-2021-31836.json index 83b2c76516b..78666fd3f3f 100644 --- a/CVE-2021/CVE-2021-318xx/CVE-2021-31836.json +++ b/CVE-2021/CVE-2021-318xx/CVE-2021-31836.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31836", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2021-09-22T14:15:07.410", - "lastModified": "2023-11-07T03:35:03.823", - "vulnStatus": "Modified", + "lastModified": "2023-11-15T18:54:47.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 5.2 }, { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "trellixpsirt@trellix.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -85,7 +85,17 @@ }, "weaknesses": [ { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "trellixpsirt@trellix.com", "type": "Secondary", "description": [ { @@ -116,7 +126,10 @@ "references": [ { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10369", - "source": "trellixpsirt@trellix.com" + "source": "trellixpsirt@trellix.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-318xx/CVE-2021-31837.json b/CVE-2021/CVE-2021-318xx/CVE-2021-31837.json index 3b28ebb60bf..e21aa931f0e 100644 --- a/CVE-2021/CVE-2021-318xx/CVE-2021-31837.json +++ b/CVE-2021/CVE-2021-318xx/CVE-2021-31837.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31837", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2021-06-09T14:15:09.777", - "lastModified": "2023-11-07T03:35:04.160", - "vulnStatus": "Modified", + "lastModified": "2023-11-15T18:55:04.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "trellixpsirt@trellix.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -85,7 +85,17 @@ }, "weaknesses": [ { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "trellixpsirt@trellix.com", "type": "Secondary", "description": [ { @@ -116,7 +126,10 @@ "references": [ { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10363", - "source": "trellixpsirt@trellix.com" + "source": "trellixpsirt@trellix.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-318xx/CVE-2021-31841.json b/CVE-2021/CVE-2021-318xx/CVE-2021-31841.json index ce5a81fdacf..fae74482801 100644 --- a/CVE-2021/CVE-2021-318xx/CVE-2021-31841.json +++ b/CVE-2021/CVE-2021-318xx/CVE-2021-31841.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31841", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2021-09-22T14:15:07.497", - "lastModified": "2023-11-07T03:35:05.537", - "vulnStatus": "Modified", + "lastModified": "2023-11-15T18:59:19.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,23 +21,23 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 7.8, + "baseScore": 7.3, "baseSeverity": "HIGH" }, - "exploitabilityScore": 1.8, + "exploitabilityScore": 1.3, "impactScore": 5.9 }, { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "trellixpsirt@trellix.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -85,7 +85,21 @@ }, "weaknesses": [ { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + }, + { + "lang": "en", + "value": "CWE-426" + } + ] + }, + { + "source": "trellixpsirt@trellix.com", "type": "Secondary", "description": [ { @@ -120,7 +134,10 @@ "references": [ { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10369", - "source": "trellixpsirt@trellix.com" + "source": "trellixpsirt@trellix.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-416xx/CVE-2022-41616.json b/CVE-2022/CVE-2022-416xx/CVE-2022-41616.json index 71c6db51b54..c57669e9814 100644 --- a/CVE-2022/CVE-2022-416xx/CVE-2022-41616.json +++ b/CVE-2022/CVE-2022-416xx/CVE-2022-41616.json @@ -2,15 +2,42 @@ "id": "CVE-2022-41616", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-07T18:15:07.780", - "lastModified": "2023-11-07T19:07:44.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:05:43.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos de f\u00f3rmula en una vulnerabilidad de CSV File en Kaushik Kalathiya Export Users Data CSV. Este problema afecta a Export Users Data CSV: desde n/a hasta 2.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kaushikkalathiya:export_users_data:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1", + "matchCriteriaId": "1E53FBF9-6761-4CE4-991A-4A44EF6DE8CA" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/export-users-data-csv/wordpress-export-users-data-csv-plugin-2-1-auth-csv-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-447xx/CVE-2022-44738.json b/CVE-2022/CVE-2022-447xx/CVE-2022-44738.json index 8e88a5759ef..c7e634b7777 100644 --- a/CVE-2022/CVE-2022-447xx/CVE-2022-44738.json +++ b/CVE-2022/CVE-2022-447xx/CVE-2022-44738.json @@ -2,15 +2,42 @@ "id": "CVE-2022-44738", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-07T18:15:08.127", - "lastModified": "2023-11-07T19:07:44.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:19:21.970", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos de f\u00f3rmula en una vulnerabilidad de CSV File en Patrick Robrecht Posts and Users Stats. Este problema afecta Posts and Users Stats: desde n/a hasta 1.1.3." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:patrickrobrecht:posts_and_users_stats:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.4", + "matchCriteriaId": "DC88DE8B-A344-47B0-92FE-79D900B68C78" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/posts-and-users-stats/wordpress-posts-and-users-stats-plugin-1-1-3-csv-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-03xx/CVE-2023-0330.json b/CVE-2023/CVE-2023-03xx/CVE-2023-0330.json index 3dee2138b67..de9be1a0e9c 100644 --- a/CVE-2023/CVE-2023-03xx/CVE-2023-0330.json +++ b/CVE-2023/CVE-2023-03xx/CVE-2023-0330.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0330", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2023-03-06T23:15:11.457", - "lastModified": "2023-10-05T18:15:11.690", - "vulnStatus": "Modified", + "lastModified": "2023-11-15T17:14:05.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -103,12 +103,31 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] } ], "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html", - "source": "patrick@puiterwijk.org" + "source": "patrick@puiterwijk.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html", diff --git a/CVE-2023/CVE-2023-227xx/CVE-2023-22719.json b/CVE-2023/CVE-2023-227xx/CVE-2023-22719.json index e9f85cefb94..00a709324f0 100644 --- a/CVE-2023/CVE-2023-227xx/CVE-2023-22719.json +++ b/CVE-2023/CVE-2023-227xx/CVE-2023-22719.json @@ -2,15 +2,42 @@ "id": "CVE-2023-22719", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-07T16:15:28.140", - "lastModified": "2023-11-07T16:17:59.793", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:40:21.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos de f\u00f3rmula en una vulnerabilidad de CSV File en GiveWP. Este problema afecta a GiveWP: desde n/a hasta 2.25.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.25.1", + "matchCriteriaId": "6C4CDACF-6460-44AF-9F00-0D5E5E54E3E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-csv-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23678.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23678.json index 40640e6178a..9c538a2dbf1 100644 --- a/CVE-2023/CVE-2023-236xx/CVE-2023-23678.json +++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23678.json @@ -2,15 +2,42 @@ "id": "CVE-2023-23678", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-07T16:15:28.240", - "lastModified": "2023-11-07T16:17:59.793", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:43:43.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos de f\u00f3rmula en una vulnerabilidad de CSV File en WPEkaClub WP Cookie Consent (para GDPR, CCPA y ePrivacy). Este problema afecta al WP Cookie Consent (para GDPR, CCPA y ePrivacy): desde n/a hasta 2.2.5." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpeka:wp_cookie_consent:*:*:*:*:-:wordpress:*:*", + "versionEndIncluding": "2.2.5", + "matchCriteriaId": "CC2F05A4-9010-4B01-BF7A-B42723873A3E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/gdpr-cookie-consent/wordpress-wp-cookie-notice-for-gdpr-ccpa-eprivacy-consent-plugin-2-2-5-csv-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23796.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23796.json index eaf02b80ef7..24f196a5c78 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23796.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23796.json @@ -2,15 +2,42 @@ "id": "CVE-2023-23796", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-07T16:15:28.333", - "lastModified": "2023-11-07T16:17:59.793", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:47:20.180", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos de f\u00f3rmula en una vulnerabilidad de CSV File en Muneeb Form Builder | Create Responsive Contact Forms. Este problema afecta a Form Builder | Create Responsive Contact Forms: desde n/a hasta 1.9.9.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:web-settler:form_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.9.9.0", + "matchCriteriaId": "6B51798E-4A7B-4902-9672-07C67F897A68" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/contact-form-add/wordpress-form-builder-create-responsive-contact-forms-plugin-1-9-9-0-csv-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25983.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25983.json index 09da80ad152..622d8ed65aa 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25983.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25983.json @@ -2,16 +2,53 @@ "id": "CVE-2023-25983", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-07T16:15:28.433", - "lastModified": "2023-11-07T16:17:59.793", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:47:31.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos de f\u00f3rmula en una vulnerabilidad de CSV File en WPOmnia KB Support. Este problema afecta a KB Support: desde n/a hasta 1.5.84." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1236" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -23,10 +60,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liquidweb:kb_support:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.85", + "matchCriteriaId": "3C2CFE7D-0C1C-4395-A7F7-171A64E8A8A9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-wordpress-help-desk-plugin-1-5-84-csv-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29426.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29426.json index ddd5560645c..80d86a18c5d 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29426.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29426.json @@ -2,15 +2,42 @@ "id": "CVE-2023-29426", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-10T14:15:35.327", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T19:00:02.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <=\u00a01.6.5 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Spreadshop de Robert Schulz (sprd.Net AG) en versiones <= 1.6.5." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:spreadshop:spreadshop:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.5", + "matchCriteriaId": "7D7CAB21-0383-4A73-AD49-8B9FD0F5F565" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/spreadshop/wordpress-spreadshop-plugin-plugin-1-6-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29428.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29428.json index 8a861c6ba31..4b8396faf6f 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29428.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29428.json @@ -2,15 +2,42 @@ "id": "CVE-2023-29428", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-10T14:15:35.693", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:59:05.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin <=\u00a01.1.3 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress en versiones <= 1.1.3." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:superbthemes:superb_social_media_share_buttons_and_follow_buttons:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.3", + "matchCriteriaId": "0C83D9C5-8F2F-4FED-B19B-6BAA1C86F99C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/superb-social-share-and-follow-buttons/wordpress-superb-social-media-share-buttons-and-follow-buttons-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29440.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29440.json index 0e354d931e1..93d1f516cc6 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29440.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29440.json @@ -2,15 +2,42 @@ "id": "CVE-2023-29440", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-10T14:15:35.767", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:58:06.763", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <=\u00a02.10.3 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento PressTigers Simple Job Board en versiones <= 2.10.3." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:presstigers:simple_job_board:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.10.3", + "matchCriteriaId": "124338DC-AF2B-465B-A7B2-75759F4EAE3E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/simple-job-board/wordpress-simple-job-board-plugin-2-10-3-cross-site-request-forgery-csrf?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30478.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30478.json index 0b70d2fcc5e..95d5b79f99c 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30478.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30478.json @@ -2,15 +2,42 @@ "id": "CVE-2023-30478", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-10T14:15:35.850", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:57:55.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <=\u00a04.8.8 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Tribulant Newsletters en versiones <= 4.8.8." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribulant:newsletters:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.8.8", + "matchCriteriaId": "F855E484-EC13-416A-AEB7-13D5364F56D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-8-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31078.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31078.json index bedc335be98..890048a7801 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31078.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31078.json @@ -2,15 +2,42 @@ "id": "CVE-2023-31078", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-10T14:15:35.997", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:54:15.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <=\u00a04.4.1 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Marco Steinbrecher WP BrowserUpdate en versiones <= 4.4.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:browserupdate:wp_browserupdate:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.4.1", + "matchCriteriaId": "F02473C8-6549-4DEA-8AB1-6AE7991DA646" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-browser-update/wordpress-wp-browserupdate-plugin-4-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31086.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31086.json index e68df146248..cd891856ef7 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31086.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31086.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31086", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T23:15:09.000", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:49:30.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Igor Benic Simple Giveaways complemento: haga crecer su negocio, sus listas de correo electr\u00f3nico y su tr\u00e1fico con el complemento de concursos en versiones <= 2.46.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibenic:simple_giveaways:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.46.1", + "matchCriteriaId": "1E0EE6FA-08C1-4500-B7D8-1E25AF57C47D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/giveasap/wordpress-simple-giveaways-plugin-2-45-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31088.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31088.json index 686937bc7f9..2044e1ae905 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31088.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31088.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31088", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T23:15:09.067", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:49:16.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Faraz Quazi Floating Action Button en versiones <= 1.2.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:floating_action_button_project:floating_action_button:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.2", + "matchCriteriaId": "605DE979-71FB-4B24-8D02-36A9666C87D6" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/floating-action-button/wordpress-floating-action-button-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31093.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31093.json index 6002974c3e7..658c567ba5f 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31093.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31093.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31093", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T23:15:09.167", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:49:11.120", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Chronosly Chronosly Events Calendar en versiones <= 2.6.2." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:chronosly-events-calendar_project:chronosly-events-calendar:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.6.2", + "matchCriteriaId": "04EDF68F-9DFD-498A-8BD9-2F042DA25673" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/chronosly-events-calendar/wordpress-chronosly-events-calendar-plugin-2-6-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31235.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31235.json index 4886915a695..745dbc55de5 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31235.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31235.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31235", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T23:15:09.267", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:48:46.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Roland Barker, xnau webdesign Participants Database en versiones <= 2.4.9." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xnau:participants_database:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.5.0", + "matchCriteriaId": "A62A6F06-71C2-46BD-840A-F5ACF1B6E1E4" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/participants-database/wordpress-participants-database-plugin-2-4-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32092.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32092.json index c68b80d0a72..3fbd21ffeb3 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32092.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32092.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32092", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T23:15:09.357", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:48:53.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento PeepSo Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles en versiones <= 6.0.9.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:peepso:peepso:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.1.0.0", + "matchCriteriaId": "8E63D3E7-3924-48D1-8C9C-423E3C93C476" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-social-network-membership-registration-user-profiles-plugin-6-0-9-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32093.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32093.json index 418965ced51..081356d0b7a 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32093.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32093.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32093", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T23:15:09.447", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:48:41.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Criss Swaim TPG Redirect en versiones <= 1.0.7." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tpginc:tpg_redirect:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.8", + "matchCriteriaId": "57B39544-0240-4D4F-944A-0BB84AD7DE7E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/tpg-redirect/wordpress-tpg-redirect-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-321xx/CVE-2023-32125.json b/CVE-2023/CVE-2023-321xx/CVE-2023-32125.json index e1a8fd85d95..d78b3ec43e1 100644 --- a/CVE-2023/CVE-2023-321xx/CVE-2023-32125.json +++ b/CVE-2023/CVE-2023-321xx/CVE-2023-32125.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32125", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T23:15:09.540", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:48:36.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Daniel Powney Multi Rating en versiones <= 5.0.6." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:danielpowney:multi_rating:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.0.6", + "matchCriteriaId": "7D572B01-6EEF-4CE8-94F9-62107145B273" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/multi-rating/wordpress-multi-rating-plugin-5-0-6-cross-site-request-forgery-csrf?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32500.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32500.json index 65be665dfe9..5fc00047f32 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32500.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32500.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32500", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T23:15:09.633", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:48:31.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en xtemos WoodMart - Multipurpose WooCommerce Theme en versiones <= 7.1.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xtemos:woodmart:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "7.1.2", + "matchCriteriaId": "B3E20BB5-5495-4C0A-94A0-2FE9F321B7FC" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woodmart/wordpress-woodmart-theme-7-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32501.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32501.json index 6566e36b763..e90b712944b 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32501.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32501.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32501", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T23:15:09.733", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:48:07.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento E4J s.R.L. VikBooking Hotel Booking Engine & PMS en versiones <= 1.6.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vikwp:vikbooking_hotel_booking_engine_\\&_pms:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.6.2", + "matchCriteriaId": "07452FE3-7B9F-427B-8ADE-3E56D6A4DCB9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32502.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32502.json index c4307f14820..117562f40ca 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32502.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32502.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32502", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T23:15:09.823", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:47:55.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Sybre Waaijer Pro Mime Types \u2013 Manage file media types en versiones <= 1.0.7." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -27,10 +60,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cyberwire:pro_mime_types:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0.0", + "matchCriteriaId": "658CA6AD-9779-4454-8B4E-300EF1B17BA2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/pro-mime-types/wordpress-pro-mime-types-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32587.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32587.json index 49e87e03a9d..abe180dc1f9 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32587.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32587.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32587", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T22:15:10.817", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:49:26.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WP Reactions, LLC WP Reactions Lite en versiones <= 1.3.8." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpreactions:wp_reactions_lite:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.3.9", + "matchCriteriaId": "20068252-574A-423E-9E5F-D69FA281F6DC" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-reactions-lite/wordpress-wp-reactions-lite-plugin-1-3-8-cross-site-request-forgery-csrf?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32592.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32592.json index 9698c0dd90c..3d7af0644b3 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32592.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32592.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32592", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T22:15:10.900", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:49:21.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Palasthotel por Edward Bock, complemento Katharina Rompf Sunny Search en versiones <= 1.0.2." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fast-search-powered-by-solr_project:fast-search-powered-by-solr:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.2", + "matchCriteriaId": "29CCF16A-584B-4C2C-A47C-9C15D0A1AD5F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/fast-search-powered-by-solr/wordpress-sunny-search-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32602.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32602.json index 5b40018a8a2..cc57e1641bb 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32602.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32602.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32602", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T21:15:24.180", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:49:21.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento LOKALYZE CALL ME NOW en versiones <= 3.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lokalyze:call_me_now:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.0", + "matchCriteriaId": "46FD52B7-C428-4D27-9B64-62E5BBCC6A72" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/lokalyze-call-now/wordpress-call-me-now-plugin-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32739.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32739.json index 76215f4eeb6..16ab3c30e75 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32739.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32739.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32739", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T21:15:24.270", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:53:54.840", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Web_Trendy WP Custom Cursors | WordPress Cursor Plugin en versiones < 3.2." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hamidrezasepehr:custom_cursors:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.2", + "matchCriteriaId": "79AFC254-2DA3-47A3-8608-F2D5F00CA518" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-custom-cursors/wordpress-wp-custom-cursors-plugin-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32744.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32744.json index c4f944d9e38..5437123be61 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32744.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32744.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32744", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T21:15:24.370", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:52:04.750", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WooCommerce Product Recommendations en versiones <= 2.3.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:woocommerce:product_recommendations:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.3.0", + "matchCriteriaId": "D3E1832F-994A-406F-B9F9-B7DE7FA29CBC" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woocommerce-product-recommendations/wordpress-woocommerce-product-recommendations-plugin-2-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32745.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32745.json index 2634cc82e06..ab21f033252 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32745.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32745.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32745", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T21:15:24.463", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:51:55.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WooCommerce AutomateWoo en versiones <= 5.7.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:woocommerce:automatewoo:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.7.1", + "matchCriteriaId": "10FE0903-4EBF-4A9A-B63B-0BA3FC97D9E4" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/automatewoo/wordpress-automatewoo-plugin-5-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32794.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32794.json index 719cf9595fd..b9f3e0a04ab 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32794.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32794.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32794", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T21:15:24.553", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:51:46.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WooCommerce Product Add-Ons en versiones <= 6.1.3." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:woocommerce:product_addons:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.1.3", + "matchCriteriaId": "C4A56CCE-859D-4EE5-8817-F3954ECFC5F2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woocommerce-product-addons/wordpress-woocommerce-product-add-ons-plugin-6-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33873.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33873.json new file mode 100644 index 00000000000..a41838eaea8 --- /dev/null +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33873.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-33873", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-11-15T17:15:41.313", + "lastModified": "2023-11-15T17:15:41.313", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThis privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-250" + } + ] + } + ], + "references": [ + { + "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34024.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34024.json index bae4dad08ad..8854853dac9 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34024.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34024.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34024", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T21:15:24.647", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:51:36.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Guillemant David WP Full Auto Tags Manager en versiones <= 2.2." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:guillemantdavid:full_auto_tags_manager:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.2", + "matchCriteriaId": "9913B341-6918-4797-BDD1-86FC5ABA1367" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-full-auto-tags-manager/wordpress-wp-full-auto-tags-manager-plugin-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34025.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34025.json index 3fa27e507ae..f87d6af01c9 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34025.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34025.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34025", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-09T21:15:24.740", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:51:23.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento LWS LWS Hide Login en versiones <= 2.1.6." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lws:lws_hide_login:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.6", + "matchCriteriaId": "2765D206-2D8A-47D8-BC6F-C8A64D829DA5" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/lws-hide-login/wordpress-lws-hide-login-plugin-2-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34982.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34982.json new file mode 100644 index 00000000000..d3ae53a15d4 --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34982.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-34982", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-11-15T17:15:41.563", + "lastModified": "2023-11-15T17:15:41.563", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThis external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-73" + } + ] + } + ], + "references": [ + { + "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36014.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36014.json index 937ab2e6022..da1c333e89c 100644 --- a/CVE-2023/CVE-2023-360xx/CVE-2023-36014.json +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36014.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36014", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-10T00:15:08.640", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:47:42.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.5 + }, { "source": "secure@microsoft.com", "type": "Secondary", @@ -38,10 +58,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "119.0.2151.58", + "matchCriteriaId": "19B758D7-F31B-4FF7-AA43-D58BD270D5F8" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36024.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36024.json index ae0ad4a1a4b..f65d134eff2 100644 --- a/CVE-2023/CVE-2023-360xx/CVE-2023-36024.json +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36024.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36024", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-10T00:15:08.840", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:49:38.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + }, { "source": "secure@microsoft.com", "type": "Secondary", @@ -38,10 +58,60 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:extended_stable:*:*:*", + "versionEndExcluding": "118.0.2088.102", + "matchCriteriaId": "06209F61-ECBC-4FF8-B561-C932DA3DB2C8" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "119.0.2151.58", + "matchCriteriaId": "19B758D7-F31B-4FF7-AA43-D58BD270D5F8" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36024", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36527.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36527.json index 994c5f55994..9da9dd48805 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36527.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36527.json @@ -2,15 +2,42 @@ "id": "CVE-2023-36527", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-07T16:15:28.530", - "lastModified": "2023-11-07T16:17:59.793", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:47:49.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos de f\u00f3rmula en una vulnerabilidad de CSV File en BestWebSoft Post to CSV by BestWebSoft. Este problema afecta a Post to CSV by BestWebSoft: desde n/a hasta 1.4.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bestwebsoft:post_to_csv:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4.0", + "matchCriteriaId": "30F4EA90-3059-4A81-8C2E-2D834AF4C48F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/post-to-csv/wordpress-post-to-csv-by-bestwebsoft-plugin-1-4-0-csv-injection?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36667.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36667.json index af757dc1c23..c6520dec70c 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36667.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36667.json @@ -2,23 +2,92 @@ "id": "CVE-2023-36667", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-08T22:15:08.983", - "lastModified": "2023-11-09T13:46:19.893", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:55:06.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal." + }, + { + "lang": "es", + "value": "Couchbase Server 7.1.4 anterior a 7.1.5 y 7.2.0 anterior a 7.2.1 permite el cruce de directorios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "7.1.5", + "matchCriteriaId": "8CAEE598-4C6B-4C9D-A6E5-41C4D43DDAE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:couchbase:couchbase_server:7.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FBF7BB41-6DE4-45D5-81FE-A3CC055853F1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.couchbase.com/alerts/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45269.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45269.json index 0e49a0afdad..87e14e9e778 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45269.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45269.json @@ -2,12 +2,12 @@ "id": "CVE-2023-45269", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-13T16:15:12.853", - "lastModified": "2023-10-18T20:10:23.203", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-15T17:15:41.743", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <=\u00a02.0.23 versions." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <=\u00a02.0.25 versions." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45319.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45319.json index 79ee40b0abb..3252ebe6581 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45319.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45319.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45319", "sourceIdentifier": "security@puppet.com", "published": "2023-11-08T16:15:10.000", - "lastModified": "2023-11-08T17:25:02.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:31:29.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.\u00a0\n" + }, + { + "lang": "es", + "value": "En las versiones de Helix Core anteriores a 2023.2, se identific\u00f3 una Denegaci\u00f3n de Servicio (DoS) remota no autenticada a trav\u00e9s de la funci\u00f3n commit. Reportado por Jason Geffner." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@puppet.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security@puppet.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:perforce:helix_core:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2", + "matchCriteriaId": "A3D3C9B0-BDEA-4021-A6E5-22584345FD82" + } + ] + } + ] + } + ], "references": [ { "url": "https://perforce.com", - "source": "security@puppet.com" + "source": "security@puppet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45849.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45849.json index 20a5e1cdd48..3d32e7f3619 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45849.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45849.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45849", "sourceIdentifier": "security@puppet.com", "published": "2023-11-08T16:15:10.193", - "lastModified": "2023-11-08T17:25:02.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:24:38.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.\n" + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una ejecuci\u00f3n de c\u00f3digo arbitrario que resulta en una escalada de privilegios en versiones de Helix Core anteriores a 2023.2. Reportado por Jason Geffner." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@puppet.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + }, { "source": "security@puppet.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:perforce:helix_core:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2", + "matchCriteriaId": "A3D3C9B0-BDEA-4021-A6E5-22584345FD82" + } + ] + } + ] + } + ], "references": [ { "url": "https://perforce.com", - "source": "security@puppet.com" + "source": "security@puppet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46642.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46642.json index 016359dedfb..c060b5e0ce6 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46642.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46642.json @@ -2,15 +2,42 @@ "id": "CVE-2023-46642", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-08T17:15:07.780", - "lastModified": "2023-11-08T17:25:02.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:45:53.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahumedia SAHU TikTok Pixel for E-Commerce plugin <=\u00a01.2.2 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Autenticada (con permisos de admin o superiores) Almacenada en el complemento sahumedia SAHU TikTok Pixel for E-Commerce en versiones <= 1.2.2." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sahu:sahu_tiktok_pixel_for_e-commerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.2", + "matchCriteriaId": "4EE59CB1-B666-4C5D-8E38-E46955525191" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/sahu-tiktok-pixel/wordpress-sahu-tiktok-pixel-for-e-commerce-plugin-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46643.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46643.json index 772e333be88..9764f9f6835 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46643.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46643.json @@ -2,15 +2,42 @@ "id": "CVE-2023-46643", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-08T17:15:07.860", - "lastModified": "2023-11-08T17:25:02.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:37:46.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin <=\u00a03.2.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento GARY JEZORSKI CloudNet360 en versiones <= 3.2.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cloudnet360:cloudnet360:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.2.0", + "matchCriteriaId": "BDB7972B-EE4B-4E05-80F7-EA98EB7FFBF8" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cloudnet-sync/wordpress-cloudnet360-plugin-3-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47181.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47181.json index 5747b76bd75..8440a6d8097 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47181.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47181.json @@ -2,15 +2,42 @@ "id": "CVE-2023-47181", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-08T19:15:08.057", - "lastModified": "2023-11-09T13:46:24.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T17:31:40.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson IdeaPush plugin <=\u00a08.52 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Autenticada (con permisos de admin o superiores) Almacenada en el complemento Martin Gibson IdeaPush en versiones <= 8.52." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "audit@patchstack.com", @@ -23,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:northernbeacheswebsites:ideapush:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "8.52", + "matchCriteriaId": "B897473B-E8FF-48BC-979F-8D2E1A59002F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ideapush/wordpress-ideapush-plugin-8-46-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47397.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47397.json index a165f96336a..f89ccef1951 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47397.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47397.json @@ -2,19 +2,80 @@ "id": "CVE-2023-47397", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-08T16:15:11.017", - "lastModified": "2023-11-08T17:25:02.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:36:36.873", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php." + }, + { + "lang": "es", + "value": "WeBid en versiones <= 1.2.2 es vulnerable a la inyecci\u00f3n de c\u00f3digo a trav\u00e9s de admin/categoriestrans.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webidsupport:webid:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.2.2", + "matchCriteriaId": "9EAC0F5C-741F-49B1-B5E0-DE5CF6E1303B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://liotree.github.io/2023/webid.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5136.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5136.json index a161320ea4c..4a9baba3b5e 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5136.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5136.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5136", "sourceIdentifier": "security@ni.com", "published": "2023-11-08T16:15:11.067", - "lastModified": "2023-11-08T17:25:02.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-15T18:42:41.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.\n" + }, + { + "lang": "es", + "value": "Una asignaci\u00f3n de permiso incorrecta en TopoGrafix DataPlugin para GPX podr\u00eda resultar en la divulgaci\u00f3n de informaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad haciendo que un usuario abra un archivo de datos especialmente manipulado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security@ni.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + }, { "source": "security@ni.com", "type": "Secondary", @@ -46,10 +80,375 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:topografix_data_plugin:2023:-:*:*:*:gpx:*:*", + "matchCriteriaId": "15732407-23EA-4542-96A2-5C878FB8481F" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2014:*:*:*:*:*:*:*", + "matchCriteriaId": "1D2B3E07-5832-4ABE-B7F8-EDFFC91940E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2015:-:*:*:*:*:*:*", + "matchCriteriaId": "B3D7F82A-8406-4B50-A9BA-CCB34A974F87" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2015:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5CA88F99-AE0F-4B98-B86A-4B5289520DA0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2017:-:*:*:*:*:*:*", + "matchCriteriaId": "7A59840A-5F72-4FB9-8B67-A91439E7DA1E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2017:sp1:*:*:*:*:*:*", + "matchCriteriaId": "2DBC89AC-5BA4-432B-96D8-57A5E9B6A338" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2018:-:*:*:*:*:*:*", + "matchCriteriaId": "C853AE58-D3C8-4627-A0D8-542382650932" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2018:sp1:*:*:*:*:*:*", + "matchCriteriaId": "87C3A752-E66D-4F4C-B6FB-F572EAF092B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2019:-:*:*:*:*:*:*", + "matchCriteriaId": "3F41FF00-1098-43B3-822A-8AC92B991F20" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2019:sp1:*:*:*:*:*:*", + "matchCriteriaId": "3525F92B-30ED-4798-BF89-14D8EFCD7CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "7D3458A8-E460-4297-A69F-C4DDE1D232F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2020:sp1:*:*:*:*:*:*", + "matchCriteriaId": "49A24A9A-8601-49DA-8E7D-798D2E399273" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2021:-:*:*:*:*:*:*", + "matchCriteriaId": "4101C29B-BB75-47B6-9D2D-BC5491969EEB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2021:sp1:*:*:*:*:*:*", + "matchCriteriaId": "10D8EBAC-D4CF-4841-AE65-5F8A1121788C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2022:q2:*:*:*:*:*:*", + "matchCriteriaId": "7C10702F-B2C2-46FF-88FF-2A314B502ED4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2022:q4:*:*:*:*:*:*", + "matchCriteriaId": "8C05E9A6-7B7D-4928-A60E-24942D4D51F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:diadem:2023:q2:*:*:*:*:*:*", + "matchCriteriaId": "9044BC02-8801-4DBD-8529-49DB7F0D3452" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2013:sp1:*:*:*:*:*:*", + "matchCriteriaId": "F499514A-19DE-469D-9EF6-F7EC1E6810BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2014:*:*:*:*:*:*:*", + "matchCriteriaId": "D68D0C2C-C42D-4B8C-A3D6-93A136E5DD21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2015:-:*:*:*:*:*:*", + "matchCriteriaId": "29FA2254-FF6C-4FCA-8363-B36E4C38C6BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2015:sp1:*:*:*:*:*:*", + "matchCriteriaId": "18577799-88E6-44C1-9477-3261EA98ED4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2016:*:*:*:*:*:*:*", + "matchCriteriaId": "CA705301-337E-4162-8810-BF20B23CB9E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2017:*:*:*:*:*:*:*", + "matchCriteriaId": "B5F1303A-A8D9-4E60-BB96-3B00AAAAD8A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2018:-:*:*:*:*:*:*", + "matchCriteriaId": "4FAF54A5-268E-4A76-9C31-F3E2FE465464" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2018:sp1:*:*:*:*:*:*", + "matchCriteriaId": "E98B7755-005F-4036-AF81-002F113DBCD6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2019:-:*:*:*:*:*:*", + "matchCriteriaId": "55743F60-FA68-494E-87B9-8E22787EEF4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2019:r2:*:*:*:*:*:*", + "matchCriteriaId": "2CA4257E-5E97-46D6-BE97-205F6FC18CA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2019:r3:*:*:*:*:*:*", + "matchCriteriaId": "541008B0-5703-4937-9304-C09645454085" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2019:r3f1:*:*:*:*:*:*", + "matchCriteriaId": "5970C421-B8B1-459F-85DB-E74A0B31EDCB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2020:-:*:*:*:*:*:*", + "matchCriteriaId": "55ADD725-44EE-4F28-B9A3-923094352C4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2020:r2:*:*:*:*:*:*", + "matchCriteriaId": "58D19502-B3F2-4D43-A4D2-CF6CD2E41E48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2020:r3:*:*:*:*:*:*", + "matchCriteriaId": "AAF6DE83-A202-4A90-8B05-735D686FDB8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2020:r4:*:*:*:*:*:*", + "matchCriteriaId": "C90473FA-81CB-4984-8B4C-2EE907ED9DC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2020:r5:*:*:*:*:*:*", + "matchCriteriaId": "B09E4798-97D8-41B7-9E3C-A5D45F8C8CB5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2020:r6:*:*:*:*:*:*", + "matchCriteriaId": "03D1BFD1-E75E-4816-9D3B-380DACB50EFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2021:-:*:*:*:*:*:*", + "matchCriteriaId": "C0BC96D8-AB88-47BF-B956-818BF9C8E91E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2021:r2:*:*:*:*:*:*", + "matchCriteriaId": "CD0B65DD-E62E-4D7F-90C4-EE8EACE23F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2021:r3:*:*:*:*:*:*", + "matchCriteriaId": "006E30B2-90DC-475D-835B-030A5801332F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2023:q1:*:*:*:*:*:*", + "matchCriteriaId": "326C3FE1-6CE7-4FD4-9E8A-C14E1A0BE743" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2023:q2:*:*:*:*:*:*", + "matchCriteriaId": "406FE5DA-02BE-4981-8F0E-C77840C5CB5F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2023:q3:*:*:*:*:*:*", + "matchCriteriaId": "2B89A08C-C66E-400A-A224-DF6ED111D565" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:veristand:2023:q4:*:*:*:*:*:*", + "matchCriteriaId": "2A151AB1-BD09-4DF0-B7DD-4D8E1E7E026C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2018:r1:*:*:*:*:*:*", + "matchCriteriaId": "9C2C31C3-9D4C-4FEE-8457-31E9F66CD043" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2018:r2:*:*:*:*:*:*", + "matchCriteriaId": "F16894B6-5151-41DE-A1AC-7FB3C23DC05F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2018:r3:*:*:*:*:*:*", + "matchCriteriaId": "4BE623D6-DE16-40ED-82CF-3CCD975B5C92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2018:r4:*:*:*:*:*:*", + "matchCriteriaId": "0375EAF9-35F8-43AB-A26D-79B1C74E6055" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2019:r1:*:*:*:*:*:*", + "matchCriteriaId": "1E8E8A79-BCBA-42D0-A4D5-4134327FDB07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2019:r2:*:*:*:*:*:*", + "matchCriteriaId": "91A2082B-47F5-4DFD-A9CE-115DB223B4A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2019:r3:*:*:*:*:*:*", + "matchCriteriaId": "758C8631-05F4-415B-861A-FF47896756BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2019:r4:*:*:*:*:*:*", + "matchCriteriaId": "CA0E5A70-2CE4-485F-97BC-CEF8FC2C6C62" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2020:r1:*:*:*:*:*:*", + "matchCriteriaId": "852AC7E1-DE18-4EAD-9079-7E3DF5EAD9A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2020:r2:*:*:*:*:*:*", + "matchCriteriaId": "055A3E53-09AC-4CD4-8724-21E3F591550E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2020:r3:*:*:*:*:*:*", + "matchCriteriaId": "BEE4C627-4298-469E-91BA-08C711F7EE14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2020:r4:*:*:*:*:*:*", + "matchCriteriaId": "A7BB6592-DBC5-4D4C-96AD-CDE24E1F576A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2021:r1:*:*:*:*:*:*", + "matchCriteriaId": "008505B6-6295-46CE-A923-27958172F026" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2021:r2:*:*:*:*:*:*", + "matchCriteriaId": "CE96AE31-D36F-446A-96A5-46C762818A96" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2021:r3:*:*:*:*:*:*", + "matchCriteriaId": "336F1E07-92EE-4BF5-AA14-981BFB67965C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2021:r4:*:*:*:*:*:*", + "matchCriteriaId": "7D3A4BF7-5BF0-4EE5-BF7C-8C514D6238B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2022:q2:*:*:*:*:*:*", + "matchCriteriaId": "0213180D-04BD-4979-88BE-B21F385469CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2022:q4:*:*:*:*:*:*", + "matchCriteriaId": "A336AAE6-FA87-4900-AECD-12997D064A64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2023:q1:*:*:*:*:*:*", + "matchCriteriaId": "CBFBD9F4-9FFF-44B2-8E95-2DEAC4476A88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2023:q2:*:*:*:*:*:*", + "matchCriteriaId": "FA33AE39-F976-4C56-9A4B-8932BC6855C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2023:q3:*:*:*:*:*:*", + "matchCriteriaId": "21C2A279-F66F-49D3-A4A8-1D56FEF22B6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ni:flexlogger:2023:q4:*:*:*:*:*:*", + "matchCriteriaId": "08133BDF-895D-4D2A-8DAB-C02766DE86B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html", - "source": "security@ni.com" + "source": "security@ni.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5997.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5997.json new file mode 100644 index 00000000000..36326463780 --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5997.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-5997", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-11-15T18:15:06.873", + "lastModified": "2023-11-15T18:15:06.873", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1497997", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6079.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6079.json new file mode 100644 index 00000000000..ba26162af9e --- /dev/null +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6079.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2023-6079", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-11-15T17:15:41.840", + "lastModified": "2023-11-15T17:15:41.840", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: appears to be a duplicate of CVE-2023-40206" + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6112.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6112.json new file mode 100644 index 00000000000..f5c53154b6c --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6112.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-6112", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-11-15T18:15:06.933", + "lastModified": "2023-11-15T18:15:06.933", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1499298", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6140c4e1c07..57f9380c927 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-15T17:00:18.336068+00:00 +2023-11-15T19:00:18.474903+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-15T16:34:27.990000+00:00 +2023-11-15T19:00:02.927000+00:00 ``` ### Last Data Feed Release @@ -29,47 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -230850 +230855 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `5` -* [CVE-2023-48087](CVE-2023/CVE-2023-480xx/CVE-2023-48087.json) (`2023-11-15T15:15:07.453`) -* [CVE-2023-48088](CVE-2023/CVE-2023-480xx/CVE-2023-48088.json) (`2023-11-15T15:15:07.510`) -* [CVE-2023-48089](CVE-2023/CVE-2023-480xx/CVE-2023-48089.json) (`2023-11-15T15:15:07.553`) +* [CVE-2023-33873](CVE-2023/CVE-2023-338xx/CVE-2023-33873.json) (`2023-11-15T17:15:41.313`) +* [CVE-2023-34982](CVE-2023/CVE-2023-349xx/CVE-2023-34982.json) (`2023-11-15T17:15:41.563`) +* [CVE-2023-6079](CVE-2023/CVE-2023-60xx/CVE-2023-6079.json) (`2023-11-15T17:15:41.840`) +* [CVE-2023-5997](CVE-2023/CVE-2023-59xx/CVE-2023-5997.json) (`2023-11-15T18:15:06.873`) +* [CVE-2023-6112](CVE-2023/CVE-2023-61xx/CVE-2023-6112.json) (`2023-11-15T18:15:06.933`) ### CVEs modified in the last Commit -Recently modified CVEs: `39` +Recently modified CVEs: `50` -* [CVE-2023-32594](CVE-2023/CVE-2023-325xx/CVE-2023-32594.json) (`2023-11-15T15:39:23.877`) -* [CVE-2023-4956](CVE-2023/CVE-2023-49xx/CVE-2023-4956.json) (`2023-11-15T15:40:02.737`) -* [CVE-2023-4154](CVE-2023/CVE-2023-41xx/CVE-2023-4154.json) (`2023-11-15T15:40:50.033`) -* [CVE-2023-46243](CVE-2023/CVE-2023-462xx/CVE-2023-46243.json) (`2023-11-15T15:41:03.463`) -* [CVE-2023-5998](CVE-2023/CVE-2023-59xx/CVE-2023-5998.json) (`2023-11-15T15:41:50.257`) -* [CVE-2023-5309](CVE-2023/CVE-2023-53xx/CVE-2023-5309.json) (`2023-11-15T15:46:11.740`) -* [CVE-2023-46253](CVE-2023/CVE-2023-462xx/CVE-2023-46253.json) (`2023-11-15T15:47:04.770`) -* [CVE-2023-28499](CVE-2023/CVE-2023-284xx/CVE-2023-28499.json) (`2023-11-15T15:48:21.907`) -* [CVE-2023-5996](CVE-2023/CVE-2023-59xx/CVE-2023-5996.json) (`2023-11-15T15:48:42.877`) -* [CVE-2023-47229](CVE-2023/CVE-2023-472xx/CVE-2023-47229.json) (`2023-11-15T15:49:10.033`) -* [CVE-2023-46252](CVE-2023/CVE-2023-462xx/CVE-2023-46252.json) (`2023-11-15T15:52:36.240`) -* [CVE-2023-46765](CVE-2023/CVE-2023-467xx/CVE-2023-46765.json) (`2023-11-15T16:01:11.077`) -* [CVE-2023-46764](CVE-2023/CVE-2023-467xx/CVE-2023-46764.json) (`2023-11-15T16:16:19.310`) -* [CVE-2023-46763](CVE-2023/CVE-2023-467xx/CVE-2023-46763.json) (`2023-11-15T16:16:36.933`) -* [CVE-2023-44115](CVE-2023/CVE-2023-441xx/CVE-2023-44115.json) (`2023-11-15T16:16:46.917`) -* [CVE-2023-5801](CVE-2023/CVE-2023-58xx/CVE-2023-5801.json) (`2023-11-15T16:16:56.247`) -* [CVE-2023-35767](CVE-2023/CVE-2023-357xx/CVE-2023-35767.json) (`2023-11-15T16:17:04.597`) -* [CVE-2023-32298](CVE-2023/CVE-2023-322xx/CVE-2023-32298.json) (`2023-11-15T16:17:11.723`) -* [CVE-2023-46759](CVE-2023/CVE-2023-467xx/CVE-2023-46759.json) (`2023-11-15T16:17:22.023`) -* [CVE-2023-46758](CVE-2023/CVE-2023-467xx/CVE-2023-46758.json) (`2023-11-15T16:18:47.657`) -* [CVE-2023-46757](CVE-2023/CVE-2023-467xx/CVE-2023-46757.json) (`2023-11-15T16:19:03.930`) -* [CVE-2023-46756](CVE-2023/CVE-2023-467xx/CVE-2023-46756.json) (`2023-11-15T16:20:22.913`) -* [CVE-2023-47231](CVE-2023/CVE-2023-472xx/CVE-2023-47231.json) (`2023-11-15T16:21:11.800`) -* [CVE-2023-23368](CVE-2023/CVE-2023-233xx/CVE-2023-23368.json) (`2023-11-15T16:28:56.140`) -* [CVE-2023-23369](CVE-2023/CVE-2023-233xx/CVE-2023-23369.json) (`2023-11-15T16:29:27.060`) +* [CVE-2023-31086](CVE-2023/CVE-2023-310xx/CVE-2023-31086.json) (`2023-11-15T17:49:30.480`) +* [CVE-2023-36024](CVE-2023/CVE-2023-360xx/CVE-2023-36024.json) (`2023-11-15T17:49:38.517`) +* [CVE-2023-45849](CVE-2023/CVE-2023-458xx/CVE-2023-45849.json) (`2023-11-15T18:24:38.817`) +* [CVE-2023-45319](CVE-2023/CVE-2023-453xx/CVE-2023-45319.json) (`2023-11-15T18:31:29.637`) +* [CVE-2023-47397](CVE-2023/CVE-2023-473xx/CVE-2023-47397.json) (`2023-11-15T18:36:36.873`) +* [CVE-2023-22719](CVE-2023/CVE-2023-227xx/CVE-2023-22719.json) (`2023-11-15T18:40:21.427`) +* [CVE-2023-5136](CVE-2023/CVE-2023-51xx/CVE-2023-5136.json) (`2023-11-15T18:42:41.643`) +* [CVE-2023-23678](CVE-2023/CVE-2023-236xx/CVE-2023-23678.json) (`2023-11-15T18:43:43.703`) +* [CVE-2023-46642](CVE-2023/CVE-2023-466xx/CVE-2023-46642.json) (`2023-11-15T18:45:53.883`) +* [CVE-2023-23796](CVE-2023/CVE-2023-237xx/CVE-2023-23796.json) (`2023-11-15T18:47:20.180`) +* [CVE-2023-25983](CVE-2023/CVE-2023-259xx/CVE-2023-25983.json) (`2023-11-15T18:47:31.797`) +* [CVE-2023-36527](CVE-2023/CVE-2023-365xx/CVE-2023-36527.json) (`2023-11-15T18:47:49.703`) +* [CVE-2023-32602](CVE-2023/CVE-2023-326xx/CVE-2023-32602.json) (`2023-11-15T18:49:21.803`) +* [CVE-2023-34025](CVE-2023/CVE-2023-340xx/CVE-2023-34025.json) (`2023-11-15T18:51:23.390`) +* [CVE-2023-34024](CVE-2023/CVE-2023-340xx/CVE-2023-34024.json) (`2023-11-15T18:51:36.880`) +* [CVE-2023-32794](CVE-2023/CVE-2023-327xx/CVE-2023-32794.json) (`2023-11-15T18:51:46.473`) +* [CVE-2023-32745](CVE-2023/CVE-2023-327xx/CVE-2023-32745.json) (`2023-11-15T18:51:55.497`) +* [CVE-2023-32744](CVE-2023/CVE-2023-327xx/CVE-2023-32744.json) (`2023-11-15T18:52:04.750`) +* [CVE-2023-32739](CVE-2023/CVE-2023-327xx/CVE-2023-32739.json) (`2023-11-15T18:53:54.840`) +* [CVE-2023-31078](CVE-2023/CVE-2023-310xx/CVE-2023-31078.json) (`2023-11-15T18:54:15.437`) +* [CVE-2023-36667](CVE-2023/CVE-2023-366xx/CVE-2023-36667.json) (`2023-11-15T18:55:06.793`) +* [CVE-2023-30478](CVE-2023/CVE-2023-304xx/CVE-2023-30478.json) (`2023-11-15T18:57:55.753`) +* [CVE-2023-29440](CVE-2023/CVE-2023-294xx/CVE-2023-29440.json) (`2023-11-15T18:58:06.763`) +* [CVE-2023-29428](CVE-2023/CVE-2023-294xx/CVE-2023-29428.json) (`2023-11-15T18:59:05.663`) +* [CVE-2023-29426](CVE-2023/CVE-2023-294xx/CVE-2023-29426.json) (`2023-11-15T19:00:02.927`) ## Download and Usage