diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46447.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46447.json new file mode 100644 index 00000000000..e4fe20cbec0 --- /dev/null +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46447.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-46447", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-20T05:15:08.207", + "lastModified": "2024-01-20T05:15:08.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/actuator/rebel/blob/main/CWE-319.md", + "source": "cve@mitre.org" + }, + { + "url": "https://play.google.com/store/apps/details?id=com.pops.pops", + "source": "cve@mitre.org" + }, + { + "url": "https://popsdiabetes.com/about-us/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0623.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0623.json new file mode 100644 index 00000000000..2aa22dd5580 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0623.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0623", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-01-20T06:15:44.400", + "lastModified": "2024-01-20T06:15:44.400", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023842%40vk-block-patterns&new=3023842%40vk-block-patterns&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0679.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0679.json new file mode 100644 index 00000000000..7683ccf5409 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0679.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-0679", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-01-20T06:15:44.660", + "lastModified": "2024-01-20T06:15:44.660", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://themes.trac.wordpress.org/browser/colormag/3.1.2/functions.php#L237", + "source": "security@wordfence.com" + }, + { + "url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f95fad962b8..15651c8cc38 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-20T05:00:25.163736+00:00 +2024-01-20T07:00:24.865257+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-20T04:15:08.013000+00:00 +2024-01-20T06:15:44.660000+00:00 ``` ### Last Data Feed Release @@ -29,21 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236463 +236466 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `3` +* [CVE-2023-46447](CVE-2023/CVE-2023-464xx/CVE-2023-46447.json) (`2024-01-20T05:15:08.207`) +* [CVE-2024-0623](CVE-2024/CVE-2024-06xx/CVE-2024-0623.json) (`2024-01-20T06:15:44.400`) +* [CVE-2024-0679](CVE-2024/CVE-2024-06xx/CVE-2024-0679.json) (`2024-01-20T06:15:44.660`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -* [CVE-2023-39326](CVE-2023/CVE-2023-393xx/CVE-2023-39326.json) (`2024-01-20T04:15:07.890`) -* [CVE-2023-45285](CVE-2023/CVE-2023-452xx/CVE-2023-45285.json) (`2024-01-20T04:15:08.013`) ## Download and Usage