From 336d4cead3d4433e9e06474ad1202f25b4bd57bd Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 13 Oct 2023 12:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-10-13T12:00:25.434288+00:00 --- CVE-2023/CVE-2023-35xx/CVE-2023-3589.json | 14 ++--- CVE-2023/CVE-2023-380xx/CVE-2023-38000.json | 63 +++++++++++++++++++++ CVE-2023/CVE-2023-55xx/CVE-2023-5571.json | 59 +++++++++++++++++++ CVE-2023/CVE-2023-55xx/CVE-2023-5572.json | 59 +++++++++++++++++++ CVE-2023/CVE-2023-55xx/CVE-2023-5573.json | 59 +++++++++++++++++++ README.md | 23 +++----- 6 files changed, 256 insertions(+), 21 deletions(-) create mode 100644 CVE-2023/CVE-2023-380xx/CVE-2023-38000.json create mode 100644 CVE-2023/CVE-2023-55xx/CVE-2023-5571.json create mode 100644 CVE-2023/CVE-2023-55xx/CVE-2023-5572.json create mode 100644 CVE-2023/CVE-2023-55xx/CVE-2023-5573.json diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3589.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3589.json index 9677caa2fc0..141ec77ce1f 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3589.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3589.json @@ -2,12 +2,12 @@ "id": "CVE-2023-3589", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2023-10-09T09:15:10.507", - "lastModified": "2023-10-11T19:05:51.297", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-13T10:15:10.090", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", - "value": "A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to send a specifically crafted query to the server." + "value": "A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server." }, { "lang": "es", @@ -41,19 +41,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", - "privilegesRequired": "LOW", + "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", - "baseScore": 6.4, + "baseScore": 6.8, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 1.2, + "exploitabilityScore": 1.6, "impactScore": 5.2 } ] diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38000.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38000.json new file mode 100644 index 00000000000..85f864baee7 --- /dev/null +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38000.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-38000", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-13T10:15:09.823", + "lastModified": "2023-10-13T10:15:09.823", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core\u00a06.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-16-8-0-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + }, + { + "url": "https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5571.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5571.json new file mode 100644 index 00000000000..9908bf7c838 --- /dev/null +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5571.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5571", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-13T10:15:10.457", + "lastModified": "2023-10-13T10:15:10.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vriteio/vrite/commit/1877683b932bb33fb20d688e476284b70bb9fe23", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/926ca25f-dd4a-40cf-8e6b-9d7b5938e95a", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5572.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5572.json new file mode 100644 index 00000000000..b0527acec3e --- /dev/null +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5572.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5572", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-13T10:15:10.573", + "lastModified": "2023-10-13T10:15:10.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vriteio/vrite/commit/1877683b932bb33fb20d688e476284b70bb9fe23", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/db649f1b-8578-4ef0-8df3-d320ab33f1be", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5573.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5573.json new file mode 100644 index 00000000000..4551b6c40a5 --- /dev/null +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5573.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5573", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-13T10:15:10.640", + "lastModified": "2023-10-13T10:15:10.640", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vriteio/vrite/commit/1877683b932bb33fb20d688e476284b70bb9fe23", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/46a2bb2c-712a-4008-a147-b862e3af7d72", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 353d29ee091..59baad063d7 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-13T08:00:26.015634+00:00 +2023-10-13T12:00:25.434288+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-13T07:15:41.577000+00:00 +2023-10-13T10:15:10.640000+00:00 ``` ### Last Data Feed Release @@ -29,29 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227733 +227737 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `4` -* [CVE-2023-26366](CVE-2023/CVE-2023-263xx/CVE-2023-26366.json) (`2023-10-13T07:15:38.933`) -* [CVE-2023-26367](CVE-2023/CVE-2023-263xx/CVE-2023-26367.json) (`2023-10-13T07:15:39.767`) -* [CVE-2023-38218](CVE-2023/CVE-2023-382xx/CVE-2023-38218.json) (`2023-10-13T07:15:40.047`) -* [CVE-2023-38219](CVE-2023/CVE-2023-382xx/CVE-2023-38219.json) (`2023-10-13T07:15:40.327`) -* [CVE-2023-38220](CVE-2023/CVE-2023-382xx/CVE-2023-38220.json) (`2023-10-13T07:15:40.557`) -* [CVE-2023-38221](CVE-2023/CVE-2023-382xx/CVE-2023-38221.json) (`2023-10-13T07:15:40.777`) -* [CVE-2023-38249](CVE-2023/CVE-2023-382xx/CVE-2023-38249.json) (`2023-10-13T07:15:41.037`) -* [CVE-2023-38250](CVE-2023/CVE-2023-382xx/CVE-2023-38250.json) (`2023-10-13T07:15:41.420`) -* [CVE-2023-38251](CVE-2023/CVE-2023-382xx/CVE-2023-38251.json) (`2023-10-13T07:15:41.577`) +* [CVE-2023-38000](CVE-2023/CVE-2023-380xx/CVE-2023-38000.json) (`2023-10-13T10:15:09.823`) +* [CVE-2023-5571](CVE-2023/CVE-2023-55xx/CVE-2023-5571.json) (`2023-10-13T10:15:10.457`) +* [CVE-2023-5572](CVE-2023/CVE-2023-55xx/CVE-2023-5572.json) (`2023-10-13T10:15:10.573`) +* [CVE-2023-5573](CVE-2023/CVE-2023-55xx/CVE-2023-5573.json) (`2023-10-13T10:15:10.640`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -* [CVE-2023-5554](CVE-2023/CVE-2023-55xx/CVE-2023-5554.json) (`2023-10-13T06:15:51.553`) +* [CVE-2023-3589](CVE-2023/CVE-2023-35xx/CVE-2023-3589.json) (`2023-10-13T10:15:10.090`) ## Download and Usage