From 0d7b7c7bbbde95d7d851401dfed13afc42b25299 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 9 Aug 2023 06:00:35 +0000 Subject: [PATCH] Auto-Update: 2023-08-09T06:00:31.597772+00:00 --- CVE-2023/CVE-2023-29xx/CVE-2023-2905.json | 40 +++++++++++++ CVE-2023/CVE-2023-387xx/CVE-2023-38751.json | 24 ++++++++ CVE-2023/CVE-2023-387xx/CVE-2023-38752.json | 24 ++++++++ CVE-2023/CVE-2023-42xx/CVE-2023-4242.json | 59 +++++++++++++++++++ CVE-2023/CVE-2023-42xx/CVE-2023-4243.json | 63 +++++++++++++++++++++ README.md | 16 +++--- 6 files changed, 219 insertions(+), 7 deletions(-) create mode 100644 CVE-2023/CVE-2023-29xx/CVE-2023-2905.json create mode 100644 CVE-2023/CVE-2023-387xx/CVE-2023-38751.json create mode 100644 CVE-2023/CVE-2023-387xx/CVE-2023-38752.json create mode 100644 CVE-2023/CVE-2023-42xx/CVE-2023-4242.json create mode 100644 CVE-2023/CVE-2023-42xx/CVE-2023-4243.json diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2905.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2905.json new file mode 100644 index 00000000000..3f28349d660 --- /dev/null +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2905.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-2905", + "sourceIdentifier": "cve@takeonme.org", + "published": "2023-08-09T05:15:40.740", + "lastModified": "2023-08-09T05:15:40.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH\u00a0parsed message with a variable length header, Cesanta Mongoose, an\u00a0embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "cve@takeonme.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cesanta/mongoose/pull/2274", + "source": "cve@takeonme.org" + }, + { + "url": "https://github.com/cesanta/mongoose/releases/tag/7.11", + "source": "cve@takeonme.org" + }, + { + "url": "https://takeonme.org/cves/CVE-2023-2905.html", + "source": "cve@takeonme.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38751.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38751.json new file mode 100644 index 00000000000..c9e62153e85 --- /dev/null +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38751.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38751", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-08-09T04:15:10.047", + "lastModified": "2023-08-09T04:15:10.047", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as \"non-disclosure\" in the information provision operation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN83334799/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.jpcert.or.jp/press/2023/PR20230807_notice.html", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38752.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38752.json new file mode 100644 index 00000000000..f1a727155cb --- /dev/null +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38752.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38752", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-08-09T04:15:10.430", + "lastModified": "2023-08-09T04:15:10.430", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as\"non-disclosure\" in the system settings." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN83334799/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.jpcert.or.jp/press/2023/PR20230807_notice.html", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4242.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4242.json new file mode 100644 index 00000000000..6b37447fccd --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4242.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4242", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-08-09T04:15:10.657", + "lastModified": "2023-08-09T04:15:10.657", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/full-customer/tags/1.1.0/app/api/Health.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a77d0fb5-8829-407d-a40a-169cf0c5f837?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4243.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4243.json new file mode 100644 index 00000000000..85d81338103 --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4243.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-4243", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-08-09T04:15:10.807", + "lastModified": "2023-08-09T04:15:10.807", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/full-customer/tags/1.1.0/app/api/Plugin.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/full-customer/tags/2.2.1/app/api/PluginInstallation.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9799df3f-e34e-42a7-8a72-fa57682f7014?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6d72b4db614..ab2aedfe4aa 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-09T04:00:41.613335+00:00 +2023-08-09T06:00:31.597772+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-09T03:15:45.230000+00:00 +2023-08-09T05:15:40.740000+00:00 ``` ### Last Data Feed Release @@ -29,16 +29,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222117 +222122 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `5` -* [CVE-2023-39341](CVE-2023/CVE-2023-393xx/CVE-2023-39341.json) (`2023-08-09T03:15:43.870`) -* [CVE-2023-39910](CVE-2023/CVE-2023-399xx/CVE-2023-39910.json) (`2023-08-09T03:15:44.867`) -* [CVE-2023-4239](CVE-2023/CVE-2023-42xx/CVE-2023-4239.json) (`2023-08-09T03:15:45.230`) +* [CVE-2023-38751](CVE-2023/CVE-2023-387xx/CVE-2023-38751.json) (`2023-08-09T04:15:10.047`) +* [CVE-2023-38752](CVE-2023/CVE-2023-387xx/CVE-2023-38752.json) (`2023-08-09T04:15:10.430`) +* [CVE-2023-4242](CVE-2023/CVE-2023-42xx/CVE-2023-4242.json) (`2023-08-09T04:15:10.657`) +* [CVE-2023-4243](CVE-2023/CVE-2023-42xx/CVE-2023-4243.json) (`2023-08-09T04:15:10.807`) +* [CVE-2023-2905](CVE-2023/CVE-2023-29xx/CVE-2023-2905.json) (`2023-08-09T05:15:40.740`) ### CVEs modified in the last Commit