From 12f5e6eb4a7329f8979b0a4461c344e9b189f0d5 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 16 Aug 2023 10:00:34 +0000 Subject: [PATCH] Auto-Update: 2023-08-16T10:00:30.633672+00:00 --- CVE-2023/CVE-2023-23xx/CVE-2023-2330.json | 6 ++-- CVE-2023/CVE-2023-28xx/CVE-2023-2886.json | 22 ++++++------- CVE-2023/CVE-2023-29xx/CVE-2023-2959.json | 24 +++++++-------- CVE-2023/CVE-2023-34xx/CVE-2023-3446.json | 6 +++- CVE-2023/CVE-2023-350xx/CVE-2023-35067.json | 34 ++++++++++----------- CVE-2023/CVE-2023-36xx/CVE-2023-3632.json | 20 ++++++------ CVE-2023/CVE-2023-36xx/CVE-2023-3653.json | 16 +++++----- CVE-2023/CVE-2023-375xx/CVE-2023-37581.json | 19 ++++-------- CVE-2023/CVE-2023-38xx/CVE-2023-3817.json | 8 +++-- CVE-2023/CVE-2023-395xx/CVE-2023-39507.json | 20 ++++++++++++ README.md | 23 +++++++++----- 11 files changed, 113 insertions(+), 85 deletions(-) create mode 100644 CVE-2023/CVE-2023-395xx/CVE-2023-39507.json diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2330.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2330.json index 2481c362952..2cccc71f8e3 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2330.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2330.json @@ -2,12 +2,12 @@ "id": "CVE-2023-2330", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-17T14:15:09.910", - "lastModified": "2023-07-26T19:22:00.453", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T08:15:39.860", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The Caldera Forms Google Sheets Connector WordPress plugin through 1.2 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack" + "value": "The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2886.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2886.json index 29b1a3c8774..e7526228e93 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2886.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2886.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2886", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-05-25T09:15:12.303", - "lastModified": "2023-08-02T17:16:08.137", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T08:15:40.977", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,20 +17,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", "availabilityImpact": "NONE", - "baseScore": 6.5, + "baseScore": 5.4, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, - "impactScore": 3.6 + "impactScore": 2.5 }, { "source": "nvd@nist.gov", @@ -56,22 +56,22 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "cve@usom.gov.tr", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-346" + "value": "CWE-1385" } ] }, { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-1385" + "value": "CWE-346" } ] } diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2959.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2959.json index d8346d83ea8..307047c21a8 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2959.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2959.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2959", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-07-17T14:15:10.157", - "lastModified": "2023-07-27T19:59:26.280", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T08:15:41.177", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "cve@usom.gov.tr", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,45 +33,45 @@ "impactScore": 3.6 }, { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", + "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 8.2, + "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, - "impactScore": 4.2 + "impactScore": 3.6 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "cve@usom.gov.tr", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-287" + "value": "CWE-305" } ] }, { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-305" + "value": "CWE-287" } ] } diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3446.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3446.json index 4bd98320dac..f34f2bdc40c 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3446.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3446.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3446", "sourceIdentifier": "openssl-security@openssl.org", "published": "2023-07-19T12:15:10.003", - "lastModified": "2023-08-03T15:15:30.680", + "lastModified": "2023-08-16T08:15:41.420", "vulnStatus": "Modified", "descriptions": [ { @@ -138,6 +138,10 @@ "Patch" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", + "source": "openssl-security@openssl.org" + }, { "url": "https://security.netapp.com/advisory/ntap-20230803-0011/", "source": "openssl-security@openssl.org" diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35067.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35067.json index adde6f7bd62..b81db87619a 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35067.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35067.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35067", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-07-25T07:15:10.770", - "lastModified": "2023-08-04T18:28:02.327", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T08:15:41.300", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "cve@usom.gov.tr", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,45 +33,45 @@ "impactScore": 3.6 }, { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "HIGH", + "privilegesRequired": "NONE", "userInteraction": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.1, - "baseSeverity": "CRITICAL" + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 2.3, - "impactScore": 6.0 + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "cve@usom.gov.tr", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-522" + "value": "CWE-256" } ] }, { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-256" + "value": "CWE-522" } ] } diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3632.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3632.json index 449218e7e0c..f3927c470f4 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3632.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3632.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3632", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-08-09T09:15:14.297", - "lastModified": "2023-08-15T18:56:10.700", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T08:15:41.550", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "cve@usom.gov.tr", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,24 +33,24 @@ "impactScore": 5.9 }, { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", - "attackComplexity": "HIGH", + "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 9.0, + "baseScore": 9.8, "baseSeverity": "CRITICAL" }, - "exploitabilityScore": 2.2, - "impactScore": 6.0 + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3653.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3653.json index be5c269720e..7b417612a7e 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3653.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3653.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3653", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-08-08T15:15:10.817", - "lastModified": "2023-08-15T00:25:12.383", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T08:15:41.653", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "cve@usom.gov.tr", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,23 +33,23 @@ "impactScore": 2.7 }, { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", - "baseScore": 6.1, + "baseScore": 5.4, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 2.3, "impactScore": 2.7 } ] diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37581.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37581.json index ec4c8f40ea0..396e7af9478 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37581.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37581.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37581", "sourceIdentifier": "security@apache.org", "published": "2023-08-06T08:15:09.013", - "lastModified": "2023-08-10T15:53:37.093", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T09:15:11.027", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -36,22 +36,22 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security@apache.org", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-79" + "value": "CWE-20" } ] }, { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-79" } ] } @@ -75,13 +75,6 @@ } ], "references": [ - { - "url": "http://seclists.org/fulldisclosure/2023/Jul/43", - "source": "security@apache.org", - "tags": [ - "Not Applicable" - ] - }, { "url": "https://lists.apache.org/thread/n9mjhhlm7z7b7to646tkvf3otkf21flp", "source": "security@apache.org", diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3817.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3817.json index 411777d00c7..12bbba62226 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3817.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3817.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3817", "sourceIdentifier": "openssl-security@openssl.org", "published": "2023-07-31T16:15:10.497", - "lastModified": "2023-08-08T19:04:09.103", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-16T08:15:41.760", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -459,6 +459,10 @@ "Patch" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", + "source": "openssl-security@openssl.org" + }, { "url": "https://www.openssl.org/news/secadv/20230731.txt", "source": "openssl-security@openssl.org", diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39507.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39507.json new file mode 100644 index 00000000000..f3a8ce8a0ea --- /dev/null +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39507.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39507", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-08-16T09:15:11.793", + "lastModified": "2023-08-16T09:15:11.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper authorization in the custom URL scheme handler in \"Rikunabi NEXT\" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN84820712/", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 298350e8730..18676a00516 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-16T06:00:35.231234+00:00 +2023-08-16T10:00:30.633672+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-16T05:15:10.357000+00:00 +2023-08-16T09:15:11.793000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222770 +222771 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `1` -* [CVE-2023-26140](CVE-2023/CVE-2023-261xx/CVE-2023-26140.json) (`2023-08-16T05:15:09.810`) -* [CVE-2023-3958](CVE-2023/CVE-2023-39xx/CVE-2023-3958.json) (`2023-08-16T05:15:10.220`) -* [CVE-2023-4374](CVE-2023/CVE-2023-43xx/CVE-2023-4374.json) (`2023-08-16T05:15:10.357`) +* [CVE-2023-39507](CVE-2023/CVE-2023-395xx/CVE-2023-39507.json) (`2023-08-16T09:15:11.793`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `9` +* [CVE-2023-2330](CVE-2023/CVE-2023-23xx/CVE-2023-2330.json) (`2023-08-16T08:15:39.860`) +* [CVE-2023-2886](CVE-2023/CVE-2023-28xx/CVE-2023-2886.json) (`2023-08-16T08:15:40.977`) +* [CVE-2023-2959](CVE-2023/CVE-2023-29xx/CVE-2023-2959.json) (`2023-08-16T08:15:41.177`) +* [CVE-2023-35067](CVE-2023/CVE-2023-350xx/CVE-2023-35067.json) (`2023-08-16T08:15:41.300`) +* [CVE-2023-3446](CVE-2023/CVE-2023-34xx/CVE-2023-3446.json) (`2023-08-16T08:15:41.420`) +* [CVE-2023-3632](CVE-2023/CVE-2023-36xx/CVE-2023-3632.json) (`2023-08-16T08:15:41.550`) +* [CVE-2023-3653](CVE-2023/CVE-2023-36xx/CVE-2023-3653.json) (`2023-08-16T08:15:41.653`) +* [CVE-2023-3817](CVE-2023/CVE-2023-38xx/CVE-2023-3817.json) (`2023-08-16T08:15:41.760`) +* [CVE-2023-37581](CVE-2023/CVE-2023-375xx/CVE-2023-37581.json) (`2023-08-16T09:15:11.027`) ## Download and Usage