diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2032.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2032.json index f492eb4c1dd..24990ae4d61 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2032.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2032.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2032", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-27T14:15:10.417", - "lastModified": "2023-06-27T16:15:38.897", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T13:33:17.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:custom_404_pro_project:custom_404_pro:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.8.1", + "matchCriteriaId": "E9B1954C-21EF-4B62-A30A-7B4A04396296" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/17acde5d-44ea-4e77-8670-260d22e28ffe", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29437.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29437.json index 0b4da3a7bee..b4753441b9a 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29437.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29437.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29437", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-26T13:15:09.493", - "lastModified": "2023-06-26T15:02:18.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T13:42:17.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:connections-pro:connections_business_directory:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "10.4.36", + "matchCriteriaId": "69791E88-AA1E-476F-9B34-62359AF1D713" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/connections/wordpress-connections-business-directory-plugin-10-4-36-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3313.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3313.json index 7469f6809a1..416a6110948 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3313.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3313.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3313", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2023-07-03T08:15:09.013", - "lastModified": "2023-07-03T08:15:09.013", - "vulnStatus": "Received", + "lastModified": "2023-07-03T13:02:14.210", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3314.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3314.json index 6fd7922a126..b14fc62deb9 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3314.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3314.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3314", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2023-07-03T09:15:09.590", - "lastModified": "2023-07-03T09:15:09.590", - "vulnStatus": "Received", + "lastModified": "2023-07-03T13:02:14.210", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3396.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3396.json index d5acb4746f5..acfd1b87382 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3396.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3396.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3396", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-25T19:15:09.027", - "lastModified": "2023-06-26T13:02:36.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T13:22:31.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:campcodes_retro_cellphone_online_store_project:campcodes_retro_cellphone_online_store:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F973FF52-9DAE-4760-A387-1EB30F113105" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/bao22033/bao/blob/main/Retro%20Cellphone%20Online%20Store%20-%20vlun%201.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.232351", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.232351", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3438.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3438.json index b57fb04aec4..633c5367d0f 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3438.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3438.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3438", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2023-07-03T08:15:09.670", - "lastModified": "2023-07-03T08:15:09.670", - "vulnStatus": "Received", + "lastModified": "2023-07-03T13:02:14.210", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35797.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35797.json index c87b70c3072..e86bbd94772 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35797.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35797.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35797", "sourceIdentifier": "security@apache.org", "published": "2023-07-03T10:15:09.473", - "lastModified": "2023-07-03T10:15:09.473", - "vulnStatus": "Received", + "lastModified": "2023-07-03T13:02:14.210", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36053.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36053.json new file mode 100644 index 00000000000..59defae2385 --- /dev/null +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36053.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-36053", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-03T13:15:09.737", + "lastModified": "2023-07-03T13:15:09.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://docs.djangoproject.com/en/4.2/releases/security/", + "source": "cve@mitre.org" + }, + { + "url": "https://groups.google.com/forum/#!forum/django-announce", + "source": "cve@mitre.org" + }, + { + "url": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36630.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36630.json index 6b42ac027ac..c15042f885a 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36630.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36630.json @@ -2,23 +2,85 @@ "id": "CVE-2023-36630", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-25T16:15:09.480", - "lastModified": "2023-06-28T14:15:10.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-03T13:03:32.567", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mgt-commerce:cloudpanel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "2.3.1", + "matchCriteriaId": "A4FFD347-3819-42EF-A911-2E24338A2C05" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/yunaranyancat/poc-dump/blob/main/cloudpanel/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.cloudpanel.io/docs/v2/changelog/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 95fb314da49..4713f08b2a8 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-03T12:00:24.877988+00:00 +2023-07-03T14:00:25.812924+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-03T10:15:09.473000+00:00 +2023-07-03T13:42:17.230000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -219055 +219056 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -* [CVE-2023-35797](CVE-2023/CVE-2023-357xx/CVE-2023-35797.json) (`2023-07-03T10:15:09.473`) +* [CVE-2023-36053](CVE-2023/CVE-2023-360xx/CVE-2023-36053.json) (`2023-07-03T13:15:09.737`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `8` +* [CVE-2023-3313](CVE-2023/CVE-2023-33xx/CVE-2023-3313.json) (`2023-07-03T13:02:14.210`) +* [CVE-2023-3438](CVE-2023/CVE-2023-34xx/CVE-2023-3438.json) (`2023-07-03T13:02:14.210`) +* [CVE-2023-3314](CVE-2023/CVE-2023-33xx/CVE-2023-3314.json) (`2023-07-03T13:02:14.210`) +* [CVE-2023-35797](CVE-2023/CVE-2023-357xx/CVE-2023-35797.json) (`2023-07-03T13:02:14.210`) +* [CVE-2023-36630](CVE-2023/CVE-2023-366xx/CVE-2023-36630.json) (`2023-07-03T13:03:32.567`) +* [CVE-2023-3396](CVE-2023/CVE-2023-33xx/CVE-2023-3396.json) (`2023-07-03T13:22:31.247`) +* [CVE-2023-2032](CVE-2023/CVE-2023-20xx/CVE-2023-2032.json) (`2023-07-03T13:33:17.640`) +* [CVE-2023-29437](CVE-2023/CVE-2023-294xx/CVE-2023-29437.json) (`2023-07-03T13:42:17.230`) ## Download and Usage