From 6529950ecc2e8f20e4f043b5fcc45054d81b9774 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 5 Jun 2023 02:00:31 +0000 Subject: [PATCH] Auto-Update: 2023-06-05T02:00:28.109325+00:00 --- CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json | 92 +++++++++++++++++++ CVE-2023/CVE-2023-00xx/CVE-2023-0041.json | 59 ++++++++++++ CVE-2023/CVE-2023-228xx/CVE-2023-22862.json | 59 ++++++++++++ CVE-2023/CVE-2023-272xx/CVE-2023-27285.json | 59 ++++++++++++ CVE-2023/CVE-2023-278xx/CVE-2023-27861.json | 59 ++++++++++++ CVE-2023/CVE-2023-323xx/CVE-2023-32334.json | 51 ++++++++++ README.md | 20 ++-- 7 files changed, 391 insertions(+), 8 deletions(-) create mode 100644 CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json create mode 100644 CVE-2023/CVE-2023-00xx/CVE-2023-0041.json create mode 100644 CVE-2023/CVE-2023-228xx/CVE-2023-22862.json create mode 100644 CVE-2023/CVE-2023-272xx/CVE-2023-27285.json create mode 100644 CVE-2023/CVE-2023-278xx/CVE-2023-27861.json create mode 100644 CVE-2023/CVE-2023-323xx/CVE-2023-32334.json diff --git a/CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json b/CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json new file mode 100644 index 00000000000..9c94d7c1d3e --- /dev/null +++ b/CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2014-125105", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-05T01:15:45.637", + "lastModified": "2023-06-05T01:15:45.637", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument exclusion_list/blc_custom_fields leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.10.2 is able to address this issue. The name of the patch is 90615fe9b0b6f9e6fb254d503c302e53a202e561. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230659." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wp-plugins/broken-link-checker/commit/90615fe9b0b6f9e6fb254d503c302e53a202e561", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/wp-plugins/broken-link-checker/releases/tag/1.10.2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.230659", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.230659", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0041.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0041.json new file mode 100644 index 00000000000..78bbb724042 --- /dev/null +++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0041.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-0041", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-06-05T01:15:45.810", + "lastModified": "2023-06-05T01:15:45.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/243657", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7000021", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22862.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22862.json new file mode 100644 index 00000000000..2b011602b26 --- /dev/null +++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22862.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-22862", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-06-05T00:15:09.703", + "lastModified": "2023-06-05T00:15:09.703", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 244107." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244107", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7001053", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27285.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27285.json new file mode 100644 index 00000000000..31e69091dcf --- /dev/null +++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27285.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-27285", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-06-05T00:15:09.920", + "lastModified": "2023-06-05T00:15:09.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248625", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7001053", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27861.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27861.json new file mode 100644 index 00000000000..49b11a66cc6 --- /dev/null +++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27861.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-27861", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-06-05T01:15:45.890", + "lastModified": "2023-06-05T01:15:45.890", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249208", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/6999917", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32334.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32334.json new file mode 100644 index 00000000000..7b41ee6d788 --- /dev/null +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32334.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-32334", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-06-05T01:15:45.960", + "lastModified": "2023-06-05T01:15:45.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255074", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/6999721", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/6999747", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 91cd42c5920..7aa1faa08a0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-04T23:55:24.191386+00:00 +2023-06-05T02:00:28.109325+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-04T22:15:22.327000+00:00 +2023-06-05T01:15:45.960000+00:00 ``` ### Last Data Feed Release @@ -23,27 +23,31 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-06-04T00:00:13.560575+00:00 +2023-06-05T00:00:13.565163+00:00 ``` ### Total Number of included CVEs ```plain -216822 +216828 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `6` +* [CVE-2014-125105](CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json) (`2023-06-05T01:15:45.637`) +* [CVE-2023-22862](CVE-2023/CVE-2023-228xx/CVE-2023-22862.json) (`2023-06-05T00:15:09.703`) +* [CVE-2023-27285](CVE-2023/CVE-2023-272xx/CVE-2023-27285.json) (`2023-06-05T00:15:09.920`) +* [CVE-2023-0041](CVE-2023/CVE-2023-00xx/CVE-2023-0041.json) (`2023-06-05T01:15:45.810`) +* [CVE-2023-27861](CVE-2023/CVE-2023-278xx/CVE-2023-27861.json) (`2023-06-05T01:15:45.890`) +* [CVE-2023-32334](CVE-2023/CVE-2023-323xx/CVE-2023-32334.json) (`2023-06-05T01:15:45.960`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -* [CVE-2019-14866](CVE-2019/CVE-2019-148xx/CVE-2019-14866.json) (`2023-06-04T22:15:21.953`) -* [CVE-2021-38185](CVE-2021/CVE-2021-381xx/CVE-2021-38185.json) (`2023-06-04T22:15:22.327`) ## Download and Usage