From 14547b10a0dc7182d859e6ef2b7435bacc958eb4 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 5 Jun 2023 10:00:27 +0000 Subject: [PATCH] Auto-Update: 2023-06-05T10:00:24.311561+00:00 --- CVE-2015/CVE-2015-101xx/CVE-2015-10112.json | 88 +++++++++++++++++++++ CVE-2023/CVE-2023-30xx/CVE-2023-3064.json | 55 +++++++++++++ CVE-2023/CVE-2023-30xx/CVE-2023-3065.json | 55 +++++++++++++ CVE-2023/CVE-2023-30xx/CVE-2023-3066.json | 55 +++++++++++++ CVE-2023/CVE-2023-31xx/CVE-2023-3100.json | 88 +++++++++++++++++++++ README.md | 17 ++-- 6 files changed, 350 insertions(+), 8 deletions(-) create mode 100644 CVE-2015/CVE-2015-101xx/CVE-2015-10112.json create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3064.json create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3065.json create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3066.json create mode 100644 CVE-2023/CVE-2023-31xx/CVE-2023-3100.json diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10112.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10112.json new file mode 100644 index 00000000000..6e0ca3671dc --- /dev/null +++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10112.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2015-10112", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-05T08:15:09.380", + "lastModified": "2023-06-05T08:15:09.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.3 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.6, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wp-plugins/wooframework-branding/commit/f12fccd7b5eaf66442346f748c901ef504742f78", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.230652", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.230652", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3064.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3064.json new file mode 100644 index 00000000000..21df3b99791 --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3064.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3064", + "sourceIdentifier": "vulnerability@ncsc.ch", + "published": "2023-06-05T09:15:09.413", + "lastModified": "2023-06-05T09:15:09.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vulnerability@ncsc.ch", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "vulnerability@ncsc.ch", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html", + "source": "vulnerability@ncsc.ch" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3065.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3065.json new file mode 100644 index 00000000000..eef6aae900b --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3065.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3065", + "sourceIdentifier": "vulnerability@ncsc.ch", + "published": "2023-06-05T09:15:09.530", + "lastModified": "2023-06-05T09:15:09.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vulnerability@ncsc.ch", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "vulnerability@ncsc.ch", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html", + "source": "vulnerability@ncsc.ch" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3066.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3066.json new file mode 100644 index 00000000000..07984b72a87 --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3066.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3066", + "sourceIdentifier": "vulnerability@ncsc.ch", + "published": "2023-06-05T09:15:09.593", + "lastModified": "2023-06-05T09:15:09.593", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vulnerability@ncsc.ch", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "vulnerability@ncsc.ch", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html", + "source": "vulnerability@ncsc.ch" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3100.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3100.json new file mode 100644 index 00000000000..f59bf4bcb73 --- /dev/null +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3100.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3100", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-05T08:15:09.667", + "lastModified": "2023-06-05T08:15:09.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. Affected by this issue is the function actionDel of the file ?r=dashboard/approval/del. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-230690 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/shulao2020/cve/blob/main/IBOS%20sql.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.230690", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.230690", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 9f363c8400f..76f22b0681b 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-05T08:00:28.532201+00:00 +2023-06-05T10:00:24.311561+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-05T07:15:11.143000+00:00 +2023-06-05T09:15:09.593000+00:00 ``` ### Last Data Feed Release @@ -29,17 +29,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -216839 +216844 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `5` -* [CVE-2023-3096](CVE-2023/CVE-2023-30xx/CVE-2023-3096.json) (`2023-06-05T06:15:09.227`) -* [CVE-2023-3097](CVE-2023/CVE-2023-30xx/CVE-2023-3097.json) (`2023-06-05T06:15:09.463`) -* [CVE-2023-3098](CVE-2023/CVE-2023-30xx/CVE-2023-3098.json) (`2023-06-05T07:15:09.420`) -* [CVE-2023-3099](CVE-2023/CVE-2023-30xx/CVE-2023-3099.json) (`2023-06-05T07:15:11.143`) +* [CVE-2015-10112](CVE-2015/CVE-2015-101xx/CVE-2015-10112.json) (`2023-06-05T08:15:09.380`) +* [CVE-2023-3100](CVE-2023/CVE-2023-31xx/CVE-2023-3100.json) (`2023-06-05T08:15:09.667`) +* [CVE-2023-3064](CVE-2023/CVE-2023-30xx/CVE-2023-3064.json) (`2023-06-05T09:15:09.413`) +* [CVE-2023-3065](CVE-2023/CVE-2023-30xx/CVE-2023-3065.json) (`2023-06-05T09:15:09.530`) +* [CVE-2023-3066](CVE-2023/CVE-2023-30xx/CVE-2023-3066.json) (`2023-06-05T09:15:09.593`) ### CVEs modified in the last Commit