Auto-Update: 2023-08-09T06:00:31.597772+00:00

This commit is contained in:
cad-safe-bot 2023-08-09 06:00:35 +00:00
parent 8db170896e
commit 0d7b7c7bbb
6 changed files with 219 additions and 7 deletions

View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-2905",
"sourceIdentifier": "cve@takeonme.org",
"published": "2023-08-09T05:15:40.740",
"lastModified": "2023-08-09T05:15:40.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH\u00a0parsed message with a variable length header, Cesanta Mongoose, an\u00a0embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "cve@takeonme.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/cesanta/mongoose/pull/2274",
"source": "cve@takeonme.org"
},
{
"url": "https://github.com/cesanta/mongoose/releases/tag/7.11",
"source": "cve@takeonme.org"
},
{
"url": "https://takeonme.org/cves/CVE-2023-2905.html",
"source": "cve@takeonme.org"
}
]
}

View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38751",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-09T04:15:10.047",
"lastModified": "2023-08-09T04:15:10.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as \"non-disclosure\" in the information provision operation."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN83334799/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.jpcert.or.jp/press/2023/PR20230807_notice.html",
"source": "vultures@jpcert.or.jp"
}
]
}

View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38752",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-09T04:15:10.430",
"lastModified": "2023-08-09T04:15:10.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as\"non-disclosure\" in the system settings."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN83334799/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.jpcert.or.jp/press/2023/PR20230807_notice.html",
"source": "vultures@jpcert.or.jp"
}
]
}

View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4242",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-09T04:15:10.657",
"lastModified": "2023-08-09T04:15:10.657",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/full-customer/tags/1.1.0/app/api/Health.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a77d0fb5-8829-407d-a40a-169cf0c5f837?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-4243",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-09T04:15:10.807",
"lastModified": "2023-08-09T04:15:10.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/full-customer/tags/1.1.0/app/api/Plugin.php",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/full-customer/tags/2.2.1/app/api/PluginInstallation.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9799df3f-e34e-42a7-8a72-fa57682f7014?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-09T04:00:41.613335+00:00
2023-08-09T06:00:31.597772+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-09T03:15:45.230000+00:00
2023-08-09T05:15:40.740000+00:00
```
### Last Data Feed Release
@ -29,16 +29,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
222117
222122
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `5`
* [CVE-2023-39341](CVE-2023/CVE-2023-393xx/CVE-2023-39341.json) (`2023-08-09T03:15:43.870`)
* [CVE-2023-39910](CVE-2023/CVE-2023-399xx/CVE-2023-39910.json) (`2023-08-09T03:15:44.867`)
* [CVE-2023-4239](CVE-2023/CVE-2023-42xx/CVE-2023-4239.json) (`2023-08-09T03:15:45.230`)
* [CVE-2023-38751](CVE-2023/CVE-2023-387xx/CVE-2023-38751.json) (`2023-08-09T04:15:10.047`)
* [CVE-2023-38752](CVE-2023/CVE-2023-387xx/CVE-2023-38752.json) (`2023-08-09T04:15:10.430`)
* [CVE-2023-4242](CVE-2023/CVE-2023-42xx/CVE-2023-4242.json) (`2023-08-09T04:15:10.657`)
* [CVE-2023-4243](CVE-2023/CVE-2023-42xx/CVE-2023-4243.json) (`2023-08-09T04:15:10.807`)
* [CVE-2023-2905](CVE-2023/CVE-2023-29xx/CVE-2023-2905.json) (`2023-08-09T05:15:40.740`)
### CVEs modified in the last Commit