mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2023-08-09T06:00:31.597772+00:00
This commit is contained in:
parent
8db170896e
commit
0d7b7c7bbb
40
CVE-2023/CVE-2023-29xx/CVE-2023-2905.json
Normal file
40
CVE-2023/CVE-2023-29xx/CVE-2023-2905.json
Normal file
@ -0,0 +1,40 @@
|
||||
{
|
||||
"id": "CVE-2023-2905",
|
||||
"sourceIdentifier": "cve@takeonme.org",
|
||||
"published": "2023-08-09T05:15:40.740",
|
||||
"lastModified": "2023-08-09T05:15:40.740",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH\u00a0parsed message with a variable length header, Cesanta Mongoose, an\u00a0embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.\n"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cve@takeonme.org",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-122"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/cesanta/mongoose/pull/2274",
|
||||
"source": "cve@takeonme.org"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/cesanta/mongoose/releases/tag/7.11",
|
||||
"source": "cve@takeonme.org"
|
||||
},
|
||||
{
|
||||
"url": "https://takeonme.org/cves/CVE-2023-2905.html",
|
||||
"source": "cve@takeonme.org"
|
||||
}
|
||||
]
|
||||
}
|
24
CVE-2023/CVE-2023-387xx/CVE-2023-38751.json
Normal file
24
CVE-2023/CVE-2023-387xx/CVE-2023-38751.json
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"id": "CVE-2023-38751",
|
||||
"sourceIdentifier": "vultures@jpcert.or.jp",
|
||||
"published": "2023-08-09T04:15:10.047",
|
||||
"lastModified": "2023-08-09T04:15:10.047",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as \"non-disclosure\" in the information provision operation."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://jvn.jp/en/jp/JVN83334799/",
|
||||
"source": "vultures@jpcert.or.jp"
|
||||
},
|
||||
{
|
||||
"url": "https://www.jpcert.or.jp/press/2023/PR20230807_notice.html",
|
||||
"source": "vultures@jpcert.or.jp"
|
||||
}
|
||||
]
|
||||
}
|
24
CVE-2023/CVE-2023-387xx/CVE-2023-38752.json
Normal file
24
CVE-2023/CVE-2023-387xx/CVE-2023-38752.json
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"id": "CVE-2023-38752",
|
||||
"sourceIdentifier": "vultures@jpcert.or.jp",
|
||||
"published": "2023-08-09T04:15:10.430",
|
||||
"lastModified": "2023-08-09T04:15:10.430",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as\"non-disclosure\" in the system settings."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://jvn.jp/en/jp/JVN83334799/",
|
||||
"source": "vultures@jpcert.or.jp"
|
||||
},
|
||||
{
|
||||
"url": "https://www.jpcert.or.jp/press/2023/PR20230807_notice.html",
|
||||
"source": "vultures@jpcert.or.jp"
|
||||
}
|
||||
]
|
||||
}
|
59
CVE-2023/CVE-2023-42xx/CVE-2023-4242.json
Normal file
59
CVE-2023/CVE-2023-42xx/CVE-2023-4242.json
Normal file
@ -0,0 +1,59 @@
|
||||
{
|
||||
"id": "CVE-2023-4242",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2023-08-09T04:15:10.657",
|
||||
"lastModified": "2023-08-09T04:15:10.657",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 1.4
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-287"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/full-customer/tags/1.1.0/app/api/Health.php",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a77d0fb5-8829-407d-a40a-169cf0c5f837?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
63
CVE-2023/CVE-2023-42xx/CVE-2023-4243.json
Normal file
63
CVE-2023/CVE-2023-42xx/CVE-2023-4243.json
Normal file
@ -0,0 +1,63 @@
|
||||
{
|
||||
"id": "CVE-2023-4243",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2023-08-09T04:15:10.807",
|
||||
"lastModified": "2023-08-09T04:15:10.807",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-285"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/full-customer/tags/1.1.0/app/api/Plugin.php",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/full-customer/tags/2.2.1/app/api/PluginInstallation.php",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9799df3f-e34e-42a7-8a72-fa57682f7014?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
16
README.md
16
README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2023-08-09T04:00:41.613335+00:00
|
||||
2023-08-09T06:00:31.597772+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2023-08-09T03:15:45.230000+00:00
|
||||
2023-08-09T05:15:40.740000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -29,16 +29,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
222117
|
||||
222122
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `3`
|
||||
Recently added CVEs: `5`
|
||||
|
||||
* [CVE-2023-39341](CVE-2023/CVE-2023-393xx/CVE-2023-39341.json) (`2023-08-09T03:15:43.870`)
|
||||
* [CVE-2023-39910](CVE-2023/CVE-2023-399xx/CVE-2023-39910.json) (`2023-08-09T03:15:44.867`)
|
||||
* [CVE-2023-4239](CVE-2023/CVE-2023-42xx/CVE-2023-4239.json) (`2023-08-09T03:15:45.230`)
|
||||
* [CVE-2023-38751](CVE-2023/CVE-2023-387xx/CVE-2023-38751.json) (`2023-08-09T04:15:10.047`)
|
||||
* [CVE-2023-38752](CVE-2023/CVE-2023-387xx/CVE-2023-38752.json) (`2023-08-09T04:15:10.430`)
|
||||
* [CVE-2023-4242](CVE-2023/CVE-2023-42xx/CVE-2023-4242.json) (`2023-08-09T04:15:10.657`)
|
||||
* [CVE-2023-4243](CVE-2023/CVE-2023-42xx/CVE-2023-4243.json) (`2023-08-09T04:15:10.807`)
|
||||
* [CVE-2023-2905](CVE-2023/CVE-2023-29xx/CVE-2023-2905.json) (`2023-08-09T05:15:40.740`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
Loading…
x
Reference in New Issue
Block a user