From 049dfd45259be5f2878990e743b69bf9cb48aa63 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 28 Jul 2023 04:00:31 +0000 Subject: [PATCH] Auto-Update: 2023-07-28T04:00:27.689294+00:00 --- CVE-2022/CVE-2022-288xx/CVE-2022-28860.json | 8 +- CVE-2022/CVE-2022-288xx/CVE-2022-28861.json | 8 +- CVE-2022/CVE-2022-314xx/CVE-2022-31454.json | 24 ++++++ CVE-2023/CVE-2023-383xx/CVE-2023-38331.json | 24 ++++++ CVE-2023/CVE-2023-39xx/CVE-2023-3984.json | 84 +++++++++++++++++++++ README.md | 21 +++--- 6 files changed, 154 insertions(+), 15 deletions(-) create mode 100644 CVE-2022/CVE-2022-314xx/CVE-2022-31454.json create mode 100644 CVE-2023/CVE-2023-383xx/CVE-2023-38331.json create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3984.json diff --git a/CVE-2022/CVE-2022-288xx/CVE-2022-28860.json b/CVE-2022/CVE-2022-288xx/CVE-2022-28860.json index a53220667f1..08a8fdd99cb 100644 --- a/CVE-2022/CVE-2022-288xx/CVE-2022-28860.json +++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28860.json @@ -2,8 +2,8 @@ "id": "CVE-2022-28860", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-21T16:15:08.943", - "lastModified": "2022-07-30T01:44:43.103", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-28T02:15:09.837", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -93,6 +93,10 @@ "tags": [ "Product" ] + }, + { + "url": "https://www.citilog.com/wp-content/uploads/2023/07/CitilogSAS_information_note_2021-10-18-English.pdf", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-288xx/CVE-2022-28861.json b/CVE-2022/CVE-2022-288xx/CVE-2022-28861.json index bc6c0f05c6a..cc818b80641 100644 --- a/CVE-2022/CVE-2022-288xx/CVE-2022-28861.json +++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28861.json @@ -2,8 +2,8 @@ "id": "CVE-2022-28861", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-21T16:15:08.987", - "lastModified": "2022-07-30T01:47:59.743", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-28T02:15:10.313", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -93,6 +93,10 @@ "tags": [ "Product" ] + }, + { + "url": "https://www.citilog.com/wp-content/uploads/2023/07/CitilogSAS_information_note_2021-10-18-English.pdf", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-314xx/CVE-2022-31454.json b/CVE-2022/CVE-2022-314xx/CVE-2022-31454.json new file mode 100644 index 00000000000..e2d2ad266a3 --- /dev/null +++ b/CVE-2022/CVE-2022-314xx/CVE-2022-31454.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-31454", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-28T02:15:10.400", + "lastModified": "2023-07-28T02:15:10.400", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://medium.com/@rohitgautam26/cve-2022-31454-8e8555c31fd3", + "source": "cve@mitre.org" + }, + { + "url": "https://www.acunetix.com/vulnerabilities/web/cross-site-scripting/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38331.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38331.json new file mode 100644 index 00000000000..9c04bccdfcb --- /dev/null +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38331.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38331", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-28T02:15:10.497", + "lastModified": "2023-07-28T02:15:10.497", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://manageengine.com", + "source": "cve@mitre.org" + }, + { + "url": "https://www.manageengine.com/products/service-desk/CVE-2023-38331.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3984.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3984.json new file mode 100644 index 00000000000..0bfbc870432 --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3984.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-3984", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-07-28T03:15:09.623", + "lastModified": "2023-07-28T03:15:09.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in phpscriptpoint RecipePoint 1.9. This affects an unknown part of the file /recipe-result. The manipulation of the argument text/category/type/difficulty/cuisine/cooking_method leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-235605 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.235605", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.235605", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index de69b32bba3..53c714b35d2 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-28T02:00:26.625988+00:00 +2023-07-28T04:00:27.689294+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-28T01:15:09.820000+00:00 +2023-07-28T03:15:09.623000+00:00 ``` ### Last Data Feed Release @@ -29,25 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -221181 +221184 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -* [CVE-2023-3774](CVE-2023/CVE-2023-37xx/CVE-2023-3774.json) (`2023-07-28T01:15:09.820`) +* [CVE-2022-31454](CVE-2022/CVE-2022-314xx/CVE-2022-31454.json) (`2023-07-28T02:15:10.400`) +* [CVE-2023-38331](CVE-2023/CVE-2023-383xx/CVE-2023-38331.json) (`2023-07-28T02:15:10.497`) +* [CVE-2023-3984](CVE-2023/CVE-2023-39xx/CVE-2023-3984.json) (`2023-07-28T03:15:09.623`) ### CVEs modified in the last Commit -Recently modified CVEs: `5` +Recently modified CVEs: `2` -* [CVE-2023-38633](CVE-2023/CVE-2023-386xx/CVE-2023-38633.json) (`2023-07-28T00:15:10.020`) -* [CVE-2023-3799](CVE-2023/CVE-2023-37xx/CVE-2023-3799.json) (`2023-07-28T00:20:29.440`) -* [CVE-2023-3795](CVE-2023/CVE-2023-37xx/CVE-2023-3795.json) (`2023-07-28T00:21:29.717`) -* [CVE-2023-3794](CVE-2023/CVE-2023-37xx/CVE-2023-3794.json) (`2023-07-28T00:21:54.813`) -* [CVE-2023-3793](CVE-2023/CVE-2023-37xx/CVE-2023-3793.json) (`2023-07-28T00:22:52.543`) +* [CVE-2022-28860](CVE-2022/CVE-2022-288xx/CVE-2022-28860.json) (`2023-07-28T02:15:09.837`) +* [CVE-2022-28861](CVE-2022/CVE-2022-288xx/CVE-2022-28861.json) (`2023-07-28T02:15:10.313`) ## Download and Usage