Auto-Update: 2023-06-05T10:00:24.311561+00:00

CVE-2015/CVE-2015-101xx/CVE-2015-10112.json

@@ -0,0 +1,88 @@
+{
+  "id": "CVE-2015-10112",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-06-05T08:15:09.380",
+  "lastModified": "2023-06-05T08:15:09.380",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
+          "accessVector": "NETWORK",
+          "accessComplexity": "MEDIUM",
+          "authentication": "NONE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.6,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-601"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/wp-plugins/wooframework-branding/commit/f12fccd7b5eaf66442346f748c901ef504742f78",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.230652",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.230652",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-30xx/CVE-2023-3064.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3064",
+  "sourceIdentifier": "vulnerability@ncsc.ch",
+  "published": "2023-06-05T09:15:09.413",
+  "lastModified": "2023-06-05T09:15:09.413",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "vulnerability@ncsc.ch",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vulnerability@ncsc.ch",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html",
+      "source": "vulnerability@ncsc.ch"
+    }
+  ]
+}

CVE-2023/CVE-2023-30xx/CVE-2023-3065.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3065",
+  "sourceIdentifier": "vulnerability@ncsc.ch",
+  "published": "2023-06-05T09:15:09.530",
+  "lastModified": "2023-06-05T09:15:09.530",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "vulnerability@ncsc.ch",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 9.1,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vulnerability@ncsc.ch",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-287"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html",
+      "source": "vulnerability@ncsc.ch"
+    }
+  ]
+}

CVE-2023/CVE-2023-30xx/CVE-2023-3066.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3066",
+  "sourceIdentifier": "vulnerability@ncsc.ch",
+  "published": "2023-06-05T09:15:09.593",
+  "lastModified": "2023-06-05T09:15:09.593",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "vulnerability@ncsc.ch",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vulnerability@ncsc.ch",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html",
+      "source": "vulnerability@ncsc.ch"
+    }
+  ]
+}

CVE-2023/CVE-2023-31xx/CVE-2023-3100.json

@@ -0,0 +1,88 @@
+{
+  "id": "CVE-2023-3100",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-06-05T08:15:09.667",
+  "lastModified": "2023-06-05T08:15:09.667",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. Affected by this issue is the function actionDel of the file ?r=dashboard/approval/del. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-230690 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "ADJACENT_NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 5.2
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 5.1,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/shulao2020/cve/blob/main/IBOS%20sql.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.230690",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.230690",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-06-05T08:00:28.532201+00:00
+2023-06-05T10:00:24.311561+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-06-05T07:15:11.143000+00:00
+2023-06-05T09:15:09.593000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,17 +29,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-216839
+216844
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `4`
+Recently added CVEs: `5`
 
-* [CVE-2023-3096](CVE-2023/CVE-2023-30xx/CVE-2023-3096.json) (`2023-06-05T06:15:09.227`)
-* [CVE-2023-3097](CVE-2023/CVE-2023-30xx/CVE-2023-3097.json) (`2023-06-05T06:15:09.463`)
-* [CVE-2023-3098](CVE-2023/CVE-2023-30xx/CVE-2023-3098.json) (`2023-06-05T07:15:09.420`)
-* [CVE-2023-3099](CVE-2023/CVE-2023-30xx/CVE-2023-3099.json) (`2023-06-05T07:15:11.143`)
+* [CVE-2015-10112](CVE-2015/CVE-2015-101xx/CVE-2015-10112.json) (`2023-06-05T08:15:09.380`)
+* [CVE-2023-3100](CVE-2023/CVE-2023-31xx/CVE-2023-3100.json) (`2023-06-05T08:15:09.667`)
+* [CVE-2023-3064](CVE-2023/CVE-2023-30xx/CVE-2023-3064.json) (`2023-06-05T09:15:09.413`)
+* [CVE-2023-3065](CVE-2023/CVE-2023-30xx/CVE-2023-3065.json) (`2023-06-05T09:15:09.530`)
+* [CVE-2023-3066](CVE-2023/CVE-2023-30xx/CVE-2023-3066.json) (`2023-06-05T09:15:09.593`)
 
 
 ### CVEs modified in the last Commit