From 4bf5186d9f57cb64e32b34970b7f5cf8ea8aa3c7 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 18 Jul 2023 12:01:14 +0000 Subject: [PATCH] Auto-Update: 2023-07-18T12:01:11.195601+00:00 --- CVE-2023/CVE-2023-31xx/CVE-2023-3118.json | 53 ++++++++++++-- CVE-2023/CVE-2023-356xx/CVE-2023-35698.json | 79 +++++++++++++++++++-- CVE-2023/CVE-2023-356xx/CVE-2023-35699.json | 79 +++++++++++++++++++-- CVE-2023/CVE-2023-373xx/CVE-2023-37392.json | 47 +++++++++++- README.md | 18 +++-- 5 files changed, 249 insertions(+), 27 deletions(-) diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3118.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3118.json index f2aed3ee3e9..7ef44de4acd 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3118.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3118.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3118", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-10T16:15:54.970", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T11:50:22.380", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlasgondal:export_all_urls:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.6", + "matchCriteriaId": "ACF253A0-E004-45A0-8173-739030F6CE8C" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/8a9efc8d-561a-42c6-8e61-ae5c3be581ea", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35698.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35698.json index d68c524fbb1..a017e45b48d 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35698.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35698.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35698", "sourceIdentifier": "psirt@sick.de", "published": "2023-07-10T16:15:52.937", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T11:44:50.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "psirt@sick.de", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + }, { "source": "psirt@sick.de", "type": "Secondary", @@ -46,18 +76,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sick:icr890-4_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.5.0", + "matchCriteriaId": "C9781FA2-2446-4587-8BBA-1AC342BC5A0F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sick:icr890-4:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E1AF1D7-8380-4B5C-8258-214F00638CC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json", - "source": "psirt@sick.de" + "source": "psirt@sick.de", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf", - "source": "psirt@sick.de" + "source": "psirt@sick.de", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://sick.com/psirt", - "source": "psirt@sick.de" + "source": "psirt@sick.de", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35699.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35699.json index 56b0a6f186a..4d2c1c0ffd9 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35699.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35699.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35699", "sourceIdentifier": "psirt@sick.de", "published": "2023-07-10T16:15:52.993", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T11:46:43.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + }, { "source": "psirt@sick.de", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + }, { "source": "psirt@sick.de", "type": "Secondary", @@ -46,18 +76,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sick:icr890-4_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.5.0", + "matchCriteriaId": "C9781FA2-2446-4587-8BBA-1AC342BC5A0F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sick:icr890-4:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E1AF1D7-8380-4B5C-8258-214F00638CC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.json", - "source": "psirt@sick.de" + "source": "psirt@sick.de", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0006.pdf", - "source": "psirt@sick.de" + "source": "psirt@sick.de", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://sick.com/psirt", - "source": "psirt@sick.de" + "source": "psirt@sick.de", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37392.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37392.json index adb06e8e869..a1cc8f6e75f 100644 --- a/CVE-2023/CVE-2023-373xx/CVE-2023-37392.json +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37392.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37392", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-10T16:15:53.947", - "lastModified": "2023-07-10T16:27:17.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-18T11:54:08.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp_dummy_content_generator_project:wp_dummy_content_generator:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.0.0", + "matchCriteriaId": "DE5765EB-63F0-44DF-BD0A-C528EFA144A9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-dummy-content-generator/wordpress-wp-dummy-content-generator-plugin-2-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 3e49d61de6d..f2dfa58e338 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-18T10:01:32.797377+00:00 +2023-07-18T12:01:11.195601+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-18T09:15:11.067000+00:00 +2023-07-18T11:54:08.147000+00:00 ``` ### Last Data Feed Release @@ -34,20 +34,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `0` -* [CVE-2023-2433](CVE-2023/CVE-2023-24xx/CVE-2023-2433.json) (`2023-07-18T09:15:11.067`) ### CVEs modified in the last Commit -Recently modified CVEs: `5` +Recently modified CVEs: `4` -* [CVE-2023-0045](CVE-2023/CVE-2023-00xx/CVE-2023-0045.json) (`2023-07-18T08:15:09.580`) -* [CVE-2023-34981](CVE-2023/CVE-2023-349xx/CVE-2023-34981.json) (`2023-07-18T08:15:10.020`) -* [CVE-2023-35788](CVE-2023/CVE-2023-357xx/CVE-2023-35788.json) (`2023-07-18T08:15:10.113`) -* [CVE-2023-3128](CVE-2023/CVE-2023-31xx/CVE-2023-3128.json) (`2023-07-18T08:15:10.410`) -* [CVE-2023-3326](CVE-2023/CVE-2023-33xx/CVE-2023-3326.json) (`2023-07-18T08:15:10.613`) +* [CVE-2023-35698](CVE-2023/CVE-2023-356xx/CVE-2023-35698.json) (`2023-07-18T11:44:50.397`) +* [CVE-2023-35699](CVE-2023/CVE-2023-356xx/CVE-2023-35699.json) (`2023-07-18T11:46:43.907`) +* [CVE-2023-3118](CVE-2023/CVE-2023-31xx/CVE-2023-3118.json) (`2023-07-18T11:50:22.380`) +* [CVE-2023-37392](CVE-2023/CVE-2023-373xx/CVE-2023-37392.json) (`2023-07-18T11:54:08.147`) ## Download and Usage