diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json index 8a735860bbc..7b4be3f5589 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3772", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-25T16:15:11.660", - "lastModified": "2023-08-02T15:33:46.097", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-10T06:15:42.903", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -119,6 +119,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/10/1", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-3772", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4276.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4276.json new file mode 100644 index 00000000000..9fd27c83cf1 --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4276.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4276", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-08-10T07:15:37.463", + "lastModified": "2023-08-10T07:15:37.463", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/absolute-privacy/trunk/profile_page.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3855e84-b97e-4729-8a48-55f2a2444e2c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4277.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4277.json new file mode 100644 index 00000000000..874ff23a88d --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4277.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4277", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-08-10T07:15:37.797", + "lastModified": "2023-08-10T07:15:37.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the 'process_change_profile_form' function. This makes it possible for unauthenticated attackers to change user email via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/realia/tags/1.4.0/includes/post-types/class-realia-post-type-user.php#L112", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06f33e18-0bdd-4c56-a8df-fc1969b9ecf8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 198b2315252..23297cb556a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-10T04:00:41.070797+00:00 +2023-08-10T08:00:28.903345+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-10T03:53:57.297000+00:00 +2023-08-10T07:15:37.797000+00:00 ``` ### Last Data Feed Release @@ -29,69 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222239 +222241 ``` ### CVEs added in the last Commit -Recently added CVEs: `26` +Recently added CVEs: `2` -* [CVE-2023-30679](CVE-2023/CVE-2023-306xx/CVE-2023-30679.json) (`2023-08-10T02:15:10.610`) -* [CVE-2023-30680](CVE-2023/CVE-2023-306xx/CVE-2023-30680.json) (`2023-08-10T02:15:10.713`) -* [CVE-2023-30681](CVE-2023/CVE-2023-306xx/CVE-2023-30681.json) (`2023-08-10T02:15:10.807`) -* [CVE-2023-30682](CVE-2023/CVE-2023-306xx/CVE-2023-30682.json) (`2023-08-10T02:15:10.913`) -* [CVE-2023-30683](CVE-2023/CVE-2023-306xx/CVE-2023-30683.json) (`2023-08-10T02:15:11.007`) -* [CVE-2023-30684](CVE-2023/CVE-2023-306xx/CVE-2023-30684.json) (`2023-08-10T02:15:11.097`) -* [CVE-2023-30685](CVE-2023/CVE-2023-306xx/CVE-2023-30685.json) (`2023-08-10T02:15:11.190`) -* [CVE-2023-30686](CVE-2023/CVE-2023-306xx/CVE-2023-30686.json) (`2023-08-10T02:15:11.273`) -* [CVE-2023-30687](CVE-2023/CVE-2023-306xx/CVE-2023-30687.json) (`2023-08-10T02:15:11.367`) -* [CVE-2023-30688](CVE-2023/CVE-2023-306xx/CVE-2023-30688.json) (`2023-08-10T02:15:11.457`) -* [CVE-2023-30689](CVE-2023/CVE-2023-306xx/CVE-2023-30689.json) (`2023-08-10T02:15:11.547`) -* [CVE-2023-30691](CVE-2023/CVE-2023-306xx/CVE-2023-30691.json) (`2023-08-10T02:15:11.630`) -* [CVE-2023-30693](CVE-2023/CVE-2023-306xx/CVE-2023-30693.json) (`2023-08-10T02:15:11.730`) -* [CVE-2023-30694](CVE-2023/CVE-2023-306xx/CVE-2023-30694.json) (`2023-08-10T02:15:11.817`) -* [CVE-2023-30695](CVE-2023/CVE-2023-306xx/CVE-2023-30695.json) (`2023-08-10T02:15:11.903`) -* [CVE-2023-30696](CVE-2023/CVE-2023-306xx/CVE-2023-30696.json) (`2023-08-10T02:15:12.000`) -* [CVE-2023-30697](CVE-2023/CVE-2023-306xx/CVE-2023-30697.json) (`2023-08-10T02:15:12.077`) -* [CVE-2023-30698](CVE-2023/CVE-2023-306xx/CVE-2023-30698.json) (`2023-08-10T02:15:12.173`) -* [CVE-2023-30699](CVE-2023/CVE-2023-306xx/CVE-2023-30699.json) (`2023-08-10T02:15:12.267`) -* [CVE-2023-30700](CVE-2023/CVE-2023-307xx/CVE-2023-30700.json) (`2023-08-10T02:15:12.360`) -* [CVE-2023-30701](CVE-2023/CVE-2023-307xx/CVE-2023-30701.json) (`2023-08-10T02:15:12.453`) -* [CVE-2023-30702](CVE-2023/CVE-2023-307xx/CVE-2023-30702.json) (`2023-08-10T02:15:12.547`) -* [CVE-2023-30703](CVE-2023/CVE-2023-307xx/CVE-2023-30703.json) (`2023-08-10T02:15:12.650`) -* [CVE-2023-30704](CVE-2023/CVE-2023-307xx/CVE-2023-30704.json) (`2023-08-10T02:15:12.737`) -* [CVE-2023-30705](CVE-2023/CVE-2023-307xx/CVE-2023-30705.json) (`2023-08-10T02:15:12.827`) +* [CVE-2023-4276](CVE-2023/CVE-2023-42xx/CVE-2023-4276.json) (`2023-08-10T07:15:37.463`) +* [CVE-2023-4277](CVE-2023/CVE-2023-42xx/CVE-2023-4277.json) (`2023-08-10T07:15:37.797`) ### CVEs modified in the last Commit -Recently modified CVEs: `50` +Recently modified CVEs: `1` -* [CVE-2023-37689](CVE-2023/CVE-2023-376xx/CVE-2023-37689.json) (`2023-08-10T03:51:21.860`) -* [CVE-2023-37688](CVE-2023/CVE-2023-376xx/CVE-2023-37688.json) (`2023-08-10T03:51:26.577`) -* [CVE-2023-37687](CVE-2023/CVE-2023-376xx/CVE-2023-37687.json) (`2023-08-10T03:51:33.523`) -* [CVE-2023-3716](CVE-2023/CVE-2023-37xx/CVE-2023-3716.json) (`2023-08-10T03:51:39.830`) -* [CVE-2023-37686](CVE-2023/CVE-2023-376xx/CVE-2023-37686.json) (`2023-08-10T03:51:45.753`) -* [CVE-2023-37685](CVE-2023/CVE-2023-376xx/CVE-2023-37685.json) (`2023-08-10T03:51:51.393`) -* [CVE-2023-37684](CVE-2023/CVE-2023-376xx/CVE-2023-37684.json) (`2023-08-10T03:51:56.033`) -* [CVE-2023-37683](CVE-2023/CVE-2023-376xx/CVE-2023-37683.json) (`2023-08-10T03:52:02.250`) -* [CVE-2023-37682](CVE-2023/CVE-2023-376xx/CVE-2023-37682.json) (`2023-08-10T03:52:19.250`) -* [CVE-2023-27627](CVE-2023/CVE-2023-276xx/CVE-2023-27627.json) (`2023-08-10T03:52:24.867`) -* [CVE-2023-27415](CVE-2023/CVE-2023-274xx/CVE-2023-27415.json) (`2023-08-10T03:52:29.523`) -* [CVE-2023-25459](CVE-2023/CVE-2023-254xx/CVE-2023-25459.json) (`2023-08-10T03:52:36.750`) -* [CVE-2023-25063](CVE-2023/CVE-2023-250xx/CVE-2023-25063.json) (`2023-08-10T03:52:42.060`) -* [CVE-2023-24413](CVE-2023/CVE-2023-244xx/CVE-2023-24413.json) (`2023-08-10T03:52:49.223`) -* [CVE-2023-24409](CVE-2023/CVE-2023-244xx/CVE-2023-24409.json) (`2023-08-10T03:52:54.860`) -* [CVE-2023-23880](CVE-2023/CVE-2023-238xx/CVE-2023-23880.json) (`2023-08-10T03:53:01.917`) -* [CVE-2023-23877](CVE-2023/CVE-2023-238xx/CVE-2023-23877.json) (`2023-08-10T03:53:07.383`) -* [CVE-2023-23829](CVE-2023/CVE-2023-238xx/CVE-2023-23829.json) (`2023-08-10T03:53:11.417`) -* [CVE-2023-36692](CVE-2023/CVE-2023-366xx/CVE-2023-36692.json) (`2023-08-10T03:53:20.880`) -* [CVE-2023-32503](CVE-2023/CVE-2023-325xx/CVE-2023-32503.json) (`2023-08-10T03:53:30.737`) -* [CVE-2023-29099](CVE-2023/CVE-2023-290xx/CVE-2023-29099.json) (`2023-08-10T03:53:35.043`) -* [CVE-2023-27422](CVE-2023/CVE-2023-274xx/CVE-2023-27422.json) (`2023-08-10T03:53:43.490`) -* [CVE-2023-27421](CVE-2023/CVE-2023-274xx/CVE-2023-27421.json) (`2023-08-10T03:53:46.863`) -* [CVE-2023-27416](CVE-2023/CVE-2023-274xx/CVE-2023-27416.json) (`2023-08-10T03:53:51.343`) -* [CVE-2023-27412](CVE-2023/CVE-2023-274xx/CVE-2023-27412.json) (`2023-08-10T03:53:57.297`) +* [CVE-2023-3772](CVE-2023/CVE-2023-37xx/CVE-2023-3772.json) (`2023-08-10T06:15:42.903`) ## Download and Usage